Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request: Connection destination specification or connection list #14

Closed
fu-sen opened this issue Jan 27, 2020 · 14 comments
Closed

Request: Connection destination specification or connection list #14

fu-sen opened this issue Jan 27, 2020 · 14 comments

Comments

@fu-sen
Copy link

@fu-sen fu-sen commented Jan 27, 2020

This is fantastic! I was looking for this!! 馃槃
Japanese Telnet BBS (using Shift_JIS) can be connected using sshwifty:
Connect with Cloudready

But sshwifty can now freely select the connection destination. This can be abused.
I want to limit the connections or show the list. (For example, I want to display Japanese Telnet BBS list)
Or want to restrict to one connection destination.
Can you add it to sshwifty?

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Jan 27, 2020

Hi, glad you like the software.

Sshwifty is designed to be a SSH/Telnet client, not a gateway, it does not provide destination restriction feature at this moment.

However, it is fairly easy to setup such restrictions on the server via:

iptables

If you're running Sshwifty backend on a Linux server with iptables enabled, you can put limitations on which addresses and ports a Linux user can connect to. Then if you run Sshwifty backend with that user, the limitation will be applied to Sshwifty as well.

The rules should look like following, keep in mind you need to modify it to suit your needs

# Allowing specific destination
iptables -A OUTPUT -m owner --uid-owner {USERNAME} -d {SERVER_IP} -p tcp --dport {SERVER_PORT} -j ACCEPT
# And then, drop all other connections
iptables -A OUTPUT -m owner --uid-owner {USERNAME} -j DROP

After that, the user {USERNAME} will only be able to connect to TCP server {SERVER_IP}:{SERVER_PORT}. You can change {USERNAME} and {SERVER_IP}:{SERVER_PORT} based on your needs.

Also, you may need to configure iptables to allow access to the Sshwifty backend as well, as iptables may block wanted INPUT/OUTPUT connections after become active.

A Socks5 server that supports Access Restriction

Sshwifty backend supports Socks5 proxy which can be enabled by setting the Socks5 option. And I believe many Socks5 proxies supports outgoing access restriction feature, meaning you can setup such restrictions with those Socks5 servers, and then just ask Sshwifty to connect remotes via those Socks5 servers.

I don't have any particular recommendation about the which Socks5 server to choice as I don't personally use then, so you might have to test it on your own :)

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Jan 27, 2020

Yup. I understand that in config "SharedKey" etc.
But that is not the limit I am seeking.
What I want is to specify the connection destination in config etc.

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Jan 27, 2020

This is strongly supported by fTelnet, which is adopted by the English Telnet BBS.

https://www.ftelnet.ca/
http://embed.ftelnet.ca/wizard/
https://github.com/search?q=ftelnet

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Jan 27, 2020

Hello,

I think both iptables and Socks5 outgoing filtration are sufficient enough to prevent such abuse.

Can you help me to understand your request better? Why you have to enforce such restriction through Sshwifty instead of iptables etc?

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Jan 27, 2020

Repeat. I do not want it.

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Jan 27, 2020

Repeat. I do not want it.

Hello,

I think there are some basic rules of the open source world you must understand: When you "Request"ing something, what you're actually doing is to trying to convince somebody to give you what you're wishing for, not making demand as if somebody owes you and must give you whatever you wanted.

And all that convincing takes effort.

I was trying to understand what you're wishing for, so I can evaluate all the option that I have in order to better implement the requested feature OR refuse it when I failed to found any good plan.

Simply "I do not want it" does not count as valid information here since it won't help me understand why the feature you requested is valuable enough for me to make some significant modifications to the software in order to introduce it. This won't change regardless how many times you "repeat"ed that.

I'm expecting something more informative in your next reply. If you're unable to produce such reply, please close this issue and just use fTelnet instead.

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Jan 27, 2020

OK, I will explain why it is necessary.

Until now, no HTML5 Telnet client that refers to Japanese Telnet BBS (Shift_JIS) with a Web browser has been found. (fTelnet is only available in English and cannot be used at this stage. I was thinking about requesting fTelnet to support other languages)
There is no Telnet client on the current PC. Windows can install the client relatively easily, but it is difficult on other OS.
Due to this, the number of people who can connect with Japanese Telnet BBS at present is limited.

sshwifty has solved this problem. I link https://sshwifty.herokuapp.com/ as a connection method and introduce (These links are in Japanese):

That's enough improvement,
but I'd like to use sshwifty to reference my BBS and fellow BBS, put it on my server and publish it.
It can allow many people to quickly connect to Japanese Telnet BBS.
At least if I set up a sshwifty server on my BBS server, I can browse from the internet to the server with SSL.
I may ask other BBS operators to set up an sshwifty server.
(I really want to use ssh, but development of Japanese BBS program has been stopped for a while)

No other connections are required. Your statement is that I suffice if I build a sshwifty server locally, or use a sufficient Telnet/ssh client.
So far, my request and your answer have never been consistent.

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Jan 27, 2020

OK, I understood the core problem now.

I could theoretically make "Known remotes" tab to display nothing but the hosts you that specified and reject connection requests if the target remote is not on the host list.

I need few days to implement and test this feature, I'll let you know if there is any update.

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Jan 27, 2020

Thanks for understanding. That is at least what BBS operators want.
I don't rush for it. (BBS has a longer history than the Internet) I can wait for a while. 馃槉

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Feb 8, 2020

Hello,

Thanks for the waiting.

Just letting you know that I've introduced a new feature called "Presets" into Sshwifty, which should satisfy this feature request.

The Presets feature will allow you to define presets which can automatically fill up connection configurations for your user, so they don't have to do it manually.

Demo

In addition to that, you can also prevent your user from connecting to remotes other than those already been defined in the presets by enabling OnlyAllowPresetRemotes option.

I've already deployed the change along with few temporary presets (including your BBS) to the demo service (https://sshwifty.herokuapp.com without enabling OnlyAllowPresetRemotes), so you can check it out by yourself and then send me some feedback.

The presets configuration used on the demo service currently is:

[
    {
        "Title": "SDF.org Unix Shell",
        "Type": "SSH",
        "Host": "sdf.org",
        "Meta": {
            "Encoding": "utf-8",
            "Authentication": "Password"
        }
    },
    {
        "Title": "鐎氭捣鏄熶簯锛堜腑鍥界瀛︽妧鏈ぇ瀛︼級",
        "Type": "Telnet",
        "Host": "bbs.ustc.edu.cn",
        "Meta": {
            "Encoding": "gbk"
        }
    },
    {
        "Title": "鍖楁サ鏄燂紙鍦嬬珛鑷哄寳澶у锛",
        "Type": "Telnet",
        "Host": "bbs.ntpu.edu.tw",
        "Meta": {
            "Encoding": "big5"
        }
    },
    {
        "Title": "Ballon BBS",
        "Type": "Telnet",
        "Host": "fusen.ddns.net:55223",
        "Meta": {
            "Encoding": "shift-jis"
        }
    }
]

However, the original plan, which was to

make "Known remotes" tab to display nothing but the hosts you that specified

Has been proven to be not ideal, as it will create difficulties for user who wants to see their connection history.

Notice: The change hasn't released yet, it only exists in the source code.

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Feb 13, 2020

The feature has been released as part of version 0.2.0.

I'll close this issue for now, feel free to reopen it if you have any feedback.

@niruix niruix closed this Feb 13, 2020
@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Feb 13, 2020

I tried building from source based on the contents of the README after your report, but it failed. (Windows 10)
I download the binary and check it.

@niruix

This comment has been minimized.

Copy link
Owner

@niruix niruix commented Feb 13, 2020

Well, I guess the command is different for Windows 10.

You may try manually execute following command instead of npm run build:

set NODE_ENV=production
set CGO_ENABLED=0
webpack --mode=production --config=webpack.config.js
go build

Note that I don't have any machine running Windows at this moment, you have to test the commands by yourself :)

@fu-sen

This comment has been minimized.

Copy link
Author

@fu-sen fu-sen commented Feb 13, 2020

I will try building from source again later.

And I installed Sshwifty on my BBS server.
https://balloon.tel:58182/

Thanks @niruix ! 馃槃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can鈥檛 perform that action at this time.