Upstream/waveterm
1
0
Fork 0
mirror of https://github.com/wavetermdev/waveterm.git synced 2025-01-07 19:28:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
evan/react-dev-tools
waveterm/wavesrv/pkg/remote/sshclient.go

646 lines
22 KiB
Go
Raw Permalink Normal View History

Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
// Copyright 2023-2024, Command Line Inc.
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
// SPDX-License-Identifier: Apache-2.0
package remote
import (
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"bytes"
"context"
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
"crypto/rand"
"crypto/rsa"
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"crypto/x509"
"encoding/base64"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"fmt"
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"net"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"os"
"os/user"
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"path/filepath"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"strconv"
"strings"
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"sync"
"time"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"github.com/kevinburke/ssh_config"
"github.com/wavetermdev/waveterm/waveshell/pkg/base"
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
"github.com/wavetermdev/waveterm/wavesrv/pkg/scbus"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"github.com/wavetermdev/waveterm/wavesrv/pkg/sstore"
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
"github.com/wavetermdev/waveterm/wavesrv/pkg/userinput"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
"golang.org/x/crypto/ssh"
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
"golang.org/x/crypto/ssh/knownhosts"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
type UserInputCancelError struct {
Err error
}
func (uice UserInputCancelError) Error() string {
return uice.Err.Error()
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
// This exists to trick the ssh library into continuing to try
// different public keys even when the current key cannot be
// properly parsed
func createDummySigner() ([]ssh.Signer, error) {
dummyKey, err := rsa.GenerateKey(rand.Reader, 2048)
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
if err != nil {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
return nil, err
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
dummySigner, err := ssh.NewSignerFromKey(dummyKey)
if err != nil {
return nil, err
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
return []ssh.Signer{dummySigner}, nil
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
}
// This is a workaround to only process one identity file at a time,
// even if they have passphrases. It must be combined with retryable
// authentication to work properly
//
// Despite returning an array of signers, we only ever provide one since
// it allows proper user interaction in between attempts
//
// A significant number of errors end up returning dummy values as if
// they were successes. An error in this function prevents any other
// keys from being attempted. But if there's an error because of a dummy
// file, the library can still try again with a new key.
func createPublicKeyCallback(sshKeywords *SshKeywords, passphrase string) func() ([]ssh.Signer, error) {
identityFiles := make([]string, len(sshKeywords.IdentityFile))
copy(identityFiles, sshKeywords.IdentityFile)
identityFilesPtr := &identityFiles
return func() ([]ssh.Signer, error) {
if len(*identityFilesPtr) == 0 {
// skip this key and try with the next
return createDummySigner()
}
identityFile := (*identityFilesPtr)[0]
*identityFilesPtr = (*identityFilesPtr)[1:]
privateKey, err := os.ReadFile(base.ExpandHomeDir(identityFile))
if err != nil {
// skip this key and try with the next
return createDummySigner()
}
signer, err := ssh.ParsePrivateKey(privateKey)
if err == nil {
return []ssh.Signer{signer}, err
}
if _, ok := err.(*ssh.PassphraseMissingError); !ok {
// skip this key and try with the next
return createDummySigner()
}
signer, err = ssh.ParsePrivateKeyWithPassphrase(privateKey, []byte(passphrase))
if err == nil {
return []ssh.Signer{signer}, err
}
if err != x509.IncorrectPasswordError && err.Error() != "bcrypt_pbkdf: empty password" {
// skip this key and try with the next
return createDummySigner()
}
// batch mode deactivates user input
if sshKeywords.BatchMode {
// skip this key and try with the next
return createDummySigner()
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
request := &userinput.UserInputRequestType{
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
ResponseType: "text",
QueryText: fmt.Sprintf("Enter passphrase for the SSH key: %s", identityFile),
Title: "Publickey Auth + Passphrase",
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
ctx, _ := context.WithTimeout(context.Background(), 60*time.Second)
response, err := userinput.GetUserInput(ctx, scbus.MainRpcBus, request)
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
if err != nil {
// this is an error where we actually do want to stop
// trying keys
return nil, UserInputCancelError{Err: err}
}
signer, err = ssh.ParsePrivateKeyWithPassphrase(privateKey, []byte(response.Text))
if err != nil {
// skip this key and try with the next
return createDummySigner()
}
return []ssh.Signer{signer}, err
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
}
func createDefaultPasswordCallbackPrompt(password string) func() (secret string, err error) {
return func() (secret string, err error) {
// this should be modified to return an error if no password is stored
// but an empty password is not sufficient because some systems allow
// empty passwords
return password, nil
}
}
func createInteractivePasswordCallbackPrompt() func() (secret string, err error) {
return func() (secret string, err error) {
// limited to 15 seconds for some reason. this should be investigated more
// in the future
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
ctx, cancelFn := context.WithTimeout(context.Background(), 60*time.Second)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
defer cancelFn()
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
request := &userinput.UserInputRequestType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ResponseType: "text",
QueryText: "Password:",
Title: "Password Authentication",
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
response, err := userinput.GetUserInput(ctx, scbus.MainRpcBus, request)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
if err != nil {
return "", err
}
return response.Text, nil
}
}
func createCombinedPasswordCallbackPrompt(password string) func() (secret string, err error) {
var once sync.Once
return func() (secret string, err error) {
var prompt func() (secret string, err error)
once.Do(func() { prompt = createDefaultPasswordCallbackPrompt(password) })
if prompt == nil {
prompt = createInteractivePasswordCallbackPrompt()
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
return prompt()
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
}
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
func createNaiveKbdInteractiveChallenge(password string) func(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
return func(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
for _, q := range questions {
if strings.Contains(strings.ToLower(q), "password") {
answers = append(answers, password)
} else {
answers = append(answers, "")
}
}
return answers, nil
}
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
func createInteractiveKbdInteractiveChallenge() func(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
return func(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
if len(questions) != len(echos) {
return nil, fmt.Errorf("bad response from server: questions has len %d, echos has len %d", len(questions), len(echos))
}
for i, question := range questions {
echo := echos[i]
answer, err := promptChallengeQuestion(question, echo)
if err != nil {
return nil, err
}
answers = append(answers, answer)
}
return answers, nil
}
}
func promptChallengeQuestion(question string, echo bool) (answer string, err error) {
// limited to 15 seconds for some reason. this should be investigated more
// in the future
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
ctx, cancelFn := context.WithTimeout(context.Background(), 60*time.Second)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
defer cancelFn()
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
request := &userinput.UserInputRequestType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ResponseType: "text",
QueryText: question,
Title: "Keyboard Interactive Authentication",
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
response, err := userinput.GetUserInput(ctx, scbus.MainRpcBus, request)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
if err != nil {
return "", err
}
return response.Text, nil
}
func createCombinedKbdInteractiveChallenge(password string) ssh.KeyboardInteractiveChallenge {
var once sync.Once
return func(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
var challenge ssh.KeyboardInteractiveChallenge
once.Do(func() { challenge = createNaiveKbdInteractiveChallenge(password) })
if challenge == nil {
challenge = createInteractiveKbdInteractiveChallenge()
}
return challenge(name, instruction, questions, echos)
}
}
func openKnownHostsForEdit(knownHostsFilename string) (*os.File, error) {
path, _ := filepath.Split(knownHostsFilename)
err := os.MkdirAll(path, 0700)
if err != nil {
return nil, err
}
return os.OpenFile(knownHostsFilename, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644)
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
func writeToKnownHosts(knownHostsFile string, newLine string, getUserVerification func() (*userinput.UserInputResponsePacketType, error)) error {
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
if getUserVerification == nil {
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
getUserVerification = func() (*userinput.UserInputResponsePacketType, error) {
return &userinput.UserInputResponsePacketType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
Type: "confirm",
Confirm: true,
}, nil
}
}
path, _ := filepath.Split(knownHostsFile)
err := os.MkdirAll(path, 0700)
if err != nil {
return err
}
f, err := os.OpenFile(knownHostsFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644)
if err != nil {
return err
}
// do not close writeable files with defer
// this file works, so let's ask the user for permission
response, err := getUserVerification()
if err != nil {
f.Close()
return UserInputCancelError{Err: err}
}
if !response.Confirm {
f.Close()
return UserInputCancelError{Err: fmt.Errorf("Canceled by the user")}
}
_, err = f.WriteString(newLine)
return f.Close()
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
func createUnknownKeyVerifier(knownHostsFile string, hostname string, remote string, key ssh.PublicKey) func() (*userinput.UserInputResponsePacketType, error) {
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
base64Key := base64.StdEncoding.EncodeToString(key.Marshal())
queryText := fmt.Sprintf(
"The authenticity of host '%s (%s)' can't be established "+
"as it **does not exist in any checked known_hosts files**. "+
"The host you are attempting to connect to provides this %s key: \n"+
"%s.\n\n"+
"**Would you like to continue connecting?** If so, the key will be permanently "+
"added to the file %s "+
"to protect from future man-in-the-middle attacks.", hostname, remote, key.Type(), base64Key, knownHostsFile)
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
request := &userinput.UserInputRequestType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ResponseType: "confirm",
QueryText: queryText,
Markdown: true,
Title: "Known Hosts Key Missing",
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
return func() (*userinput.UserInputResponsePacketType, error) {
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ctx, cancelFn := context.WithTimeout(context.Background(), 60*time.Second)
defer cancelFn()
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
return userinput.GetUserInput(ctx, scbus.MainRpcBus, request)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
func createMissingKnownHostsVerifier(knownHostsFile string, hostname string, remote string, key ssh.PublicKey) func() (*userinput.UserInputResponsePacketType, error) {
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
base64Key := base64.StdEncoding.EncodeToString(key.Marshal())
queryText := fmt.Sprintf(
"The authenticity of host '%s (%s)' can't be established "+
"as **no known_hosts files could be found**. "+
"The host you are attempting to connect to provides this %s key: \n"+
"%s.\n\n"+
"**Would you like to continue connecting?** If so: \n"+
"- %s will be created \n"+
"- the key will be added to %s\n\n"+
"This will protect from future man-in-the-middle attacks.", hostname, remote, key.Type(), base64Key, knownHostsFile, knownHostsFile)
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
request := &userinput.UserInputRequestType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ResponseType: "confirm",
QueryText: queryText,
Markdown: true,
Title: "Known Hosts File Missing",
}
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
return func() (*userinput.UserInputResponsePacketType, error) {
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
ctx, cancelFn := context.WithTimeout(context.Background(), 60*time.Second)
defer cancelFn()
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
return userinput.GetUserInput(ctx, scbus.MainRpcBus, request)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
}
}
func lineContainsMatch(line []byte, matches [][]byte) bool {
for _, match := range matches {
if bytes.Contains(line, match) {
return true
}
}
return false
}
func createHostKeyCallback(opts *sstore.SSHOpts) (ssh.HostKeyCallback, error) {
rawUserKnownHostsFiles, _ := ssh_config.GetStrict(opts.SSHHost, "UserKnownHostsFile")
userKnownHostsFiles := strings.Fields(rawUserKnownHostsFiles) // TODO - smarter splitting escaped spaces and quotes
rawGlobalKnownHostsFiles, _ := ssh_config.GetStrict(opts.SSHHost, "GlobalKnownHostsFile")
globalKnownHostsFiles := strings.Fields(rawGlobalKnownHostsFiles) // TODO - smarter splitting escaped spaces and quotes
unexpandedKnownHostsFiles := append(userKnownHostsFiles, globalKnownHostsFiles...)
var knownHostsFiles []string
for _, filename := range unexpandedKnownHostsFiles {
knownHostsFiles = append(knownHostsFiles, base.ExpandHomeDir(filename))
}
// there are no good known hosts files
if len(knownHostsFiles) == 0 {
return nil, fmt.Errorf("no known_hosts files provided by ssh. defaults are overridden")
}
var unreadableFiles []string
// the library we use isn't very forgiving about files that are formatted
// incorrectly. if a problem file is found, it is removed from our list
// and we try again
var basicCallback ssh.HostKeyCallback
for basicCallback == nil && len(knownHostsFiles) > 0 {
var err error
basicCallback, err = knownhosts.New(knownHostsFiles...)
if serr, ok := err.(*os.PathError); ok {
badFile := serr.Path
unreadableFiles = append(unreadableFiles, badFile)
var okFiles []string
for _, filename := range knownHostsFiles {
if filename != badFile {
okFiles = append(okFiles, filename)
}
}
if len(okFiles) >= len(knownHostsFiles) {
return nil, fmt.Errorf("problem file (%s) doesn't exist. this should not be possible", badFile)
}
knownHostsFiles = okFiles
} else if err != nil {
// TODO handle obscure problems if possible
return nil, fmt.Errorf("known_hosts formatting error: %+v", err)
}
}
waveHostKeyCallback := func(hostname string, remote net.Addr, key ssh.PublicKey) error {
err := basicCallback(hostname, remote, key)
if err == nil {
// success
return nil
} else if _, ok := err.(*knownhosts.RevokedError); ok {
// revoked credentials are refused outright
return err
} else if _, ok := err.(*knownhosts.KeyError); !ok {
// this is an unknown error (note the !ok is opposite of usual)
return err
}
serr, _ := err.(*knownhosts.KeyError)
if len(serr.Want) == 0 {
// the key was not found
// try to write to a file that could be parsed
var err error
for _, filename := range knownHostsFiles {
newLine := knownhosts.Line([]string{knownhosts.Normalize(hostname)}, key)
getUserVerification := createUnknownKeyVerifier(filename, hostname, remote.String(), key)
err = writeToKnownHosts(filename, newLine, getUserVerification)
if err == nil {
break
}
if serr, ok := err.(UserInputCancelError); ok {
return serr
}
}
// try to write to a file that could not be read (file likely doesn't exist)
// should catch cases where there is no known_hosts file
if err != nil {
for _, filename := range unreadableFiles {
newLine := knownhosts.Line([]string{knownhosts.Normalize(hostname)}, key)
getUserVerification := createMissingKnownHostsVerifier(filename, hostname, remote.String(), key)
err = writeToKnownHosts(filename, newLine, getUserVerification)
if err == nil {
knownHostsFiles = []string{filename}
break
}
if serr, ok := err.(UserInputCancelError); ok {
return serr
}
}
}
if err != nil {
return err
}
} else {
// the key changed
correctKeyFingerprint := base64.StdEncoding.EncodeToString(key.Marshal())
var bulletListKnownHosts []string
for _, knownHostName := range knownHostsFiles {
withBulletPoint := "- " + knownHostName
bulletListKnownHosts = append(bulletListKnownHosts, withBulletPoint)
}
var offendingKeysFmt []string
for _, badKey := range serr.Want {
formattedKey := "- " + base64.StdEncoding.EncodeToString(badKey.Key.Marshal())
offendingKeysFmt = append(offendingKeysFmt, formattedKey)
}
alertText := fmt.Sprintf("**WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!**\n\n"+
"If this is not expected, it is possible that someone could be trying to "+
"eavesdrop on you via a man-in-the-middle attack. "+
"Alternatively, the host you are connecting to may have changed its key. "+
"The %s key sent by the remote hist has the fingerprint: \n"+
"%s\n\n"+
"If you are sure this is correct, please update your known_hosts files to "+
"remove the lines with the offending before trying to connect again. \n"+
"**Known Hosts Files** \n"+
"%s\n\n"+
"**Offending Keys** \n"+
"%s", key.Type(), correctKeyFingerprint, strings.Join(bulletListKnownHosts, " \n"), strings.Join(offendingKeysFmt, " \n"))
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
update := scbus.MakeUpdatePacket()
update.AddUpdate(sstore.AlertMessageType{
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
Markdown: true,
Title: "Known Hosts Key Changed",
Message: alertText,
Refactor ModelUpdate to set up for decoupling sstore (#280) This PR changes ModelUpdate mechanism from a statically-typed struct to an interface, allowing us to define the update mechanism and the update types separately. This sets us up to move app logic and update mechanisms into separate packages. Ultimately, sstore will only define low-level persistence logic.
2024-02-10 02:19:44 +01:00
})
Break model update code out of sstore (#290) * Break update code out of sstore * add license disclaimers * missed one * add another * fix regression in openai updates, remove unnecessary functions * another copyright * update casts * fix issue with variadic updates * remove logs * remove log * remove unnecessary log * save work * moved a bunch of stuff to scbus * make modelupdate an object * fix new screen not updating active screen * add comment * make updates into packet types * different cast * update comments, remove unused methods * add one more comment * add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-16 01:45:47 +01:00
scbus.MainUpdateBus.DoUpdate(update)
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
return fmt.Errorf("remote host identification has changed")
}
updatedCallback, err := knownhosts.New(knownHostsFiles...)
if err != nil {
return err
}
// try one final time
return updatedCallback(hostname, remote, key)
}
return waveHostKeyCallback, nil
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
func ConnectToClient(opts *sstore.SSHOpts) (*ssh.Client, error) {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshConfigKeywords, err := findSshConfigKeywords(opts.SSHHost)
if err != nil {
return nil, err
}
sshKeywords, err := combineSshKeywords(opts, sshConfigKeywords)
if err != nil {
return nil, err
}
publicKeyCallback := ssh.PublicKeysCallback(createPublicKeyCallback(sshKeywords, opts.SSHPassword))
keyboardInteractive := ssh.KeyboardInteractive(createCombinedKbdInteractiveChallenge(opts.SSHPassword))
passwordCallback := ssh.PasswordCallback(createCombinedPasswordCallbackPrompt(opts.SSHPassword))
// batch mode turns off interactive input. this means the number of
// attemtps must drop to 1 with this setup
var attemptsAllowed int
if sshKeywords.BatchMode {
attemptsAllowed = 1
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
} else {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
attemptsAllowed = 2
}
// exclude gssapi-with-mic and hostbased until implemented
authMethodMap := map[string]ssh.AuthMethod{
"publickey": ssh.RetryableAuthMethod(publicKeyCallback, len(sshKeywords.IdentityFile)),
"keyboard-interactive": ssh.RetryableAuthMethod(keyboardInteractive, attemptsAllowed),
"password": ssh.RetryableAuthMethod(passwordCallback, attemptsAllowed),
}
authMethodActiveMap := map[string]bool{
"publickey": sshKeywords.PubkeyAuthentication,
"keyboard-interactive": sshKeywords.KbdInteractiveAuthentication,
"password": sshKeywords.PasswordAuthentication,
}
var authMethods []ssh.AuthMethod
for _, authMethodName := range sshKeywords.PreferredAuthentications {
authMethodActive, ok := authMethodActiveMap[authMethodName]
if !ok || !authMethodActive {
continue
}
authMethod, ok := authMethodMap[authMethodName]
if !ok {
continue
}
authMethods = append(authMethods, authMethod)
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Use ssh library: add user input (#281) * feat: create backend for user input requests This is the first part of a change that allows the backend to request user input from the frontend. Essentially, the backend will send a request for the user to answer some query, and the frontend will send that answer back. It is blocking, so it needs to be used within a goroutine. There is some placeholder code in the frontend that will be updated in future commits. Similarly, there is some debug code in the backend remote.go file. * feat: create frontend for user input requests This is part of a change to allow the backend to request user input from the frontend. This adds a component specifically for handling this logic. It is only a starting point, and does not work perfectly yet. * refactor: update user input backend/interface This updates the user input backend to fix a few potential bugs. It also refactors the user input request and response types to better handle markdown and errors while making it more convenient to work with. A couple frontend changes were made to keep everything compatible. * fix: add props to user input request modal There was a second place that the modals were created that I previously missed. This fixes that second casel * feat: complete user input modal This rounds out the most immediate concerns for the new user input modal. The frontend now includes a timer to show how much time is left and will close itself once it reaches zero. Css formatting has been cleaned up to be more reasonable. There is still some test code present on the back end. This will be removed once actuall examples of the new modal are in place. * feat: create first pass known_hosts detection Manually integrating with golang's ssh library means that the code must authenticate known_hosts on its own. This is a first pass at creating a system that parses the known hosts files and denys a connection if there is a mismatch. This needs to be updated with a means to add keys to the known-hosts file if the user requests it. * feat: allow writing to known_hosts first pass As a follow-up to the previous change, we now allow the user to respond to interactive queries in order to determine if an unknown known hosts key can be added to a known_hosts file if it is missing. This needs to be refined further, but it gets the basic functionality there. * feat: add user input for kbd-interactive auth This adds a modal so the user can respond to prompts provided using the keyboard interactive authentication method. * feat: add interactive password authentication This makes the ssh password authentication interactive with its own user input modal. Unfortunately, this method does not allow trying a default first. This will need to be expanded in the future to accomodate that. * fix: allow automatic and interactive auth together Previously, it was impossible to use to separate methods of the same type to try ssh authentication. This made it impossible to make an auto attempt before a manual one. This change restricts that by combining them into one method where the auto attempt is tried once first and cannot be tried again. Following that, interactive authentication can be tried separately. It also lowers the time limit on kbd interactive authentication to 15 seconds due to limitations on the library we are using. * fix: set number of retries to one in ssh Number of retries means number of attempts after the fact, not number of total attempts. It has been adjusted from 2 to 1 to reflect this. * refactor: change argument order in GetUserInput This is a simple change to move the context to the first argument of GetUserInput to match the convention used elsewhere in the code. * fix: set number of retries to two again I was wrong in my previous analysis. The number given is the total number of tries. This is confusing when keyboard authentication and password authentication are both available which usually doesn't happen. * feat: create naive ui for ssh key passphrases This isn't quite as reactive as the other methods, but it does attempt to use publickey without a passphrase, then attempt to use the password as the passphrase, and finally prompting the user for a passphrase. The problem with this approach is that if multiple keys are used and they all have passphrases, they need to all be checked up front. In practice, this will not happen often, but it is something to be aware of. * fix: add the userinput.tsx changes These were missed in the previous commit. Adding them now.
2024-02-09 04:16:56 +01:00
hostKeyCallback, err := createHostKeyCallback(opts)
if err != nil {
return nil, err
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
clientConfig := &ssh.ClientConfig{
User: sshKeywords.User,
Auth: authMethods,
HostKeyCallback: hostKeyCallback,
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
networkAddr := sshKeywords.HostName + ":" + sshKeywords.Port
return ssh.Dial("tcp", networkAddr, clientConfig)
}
type SshKeywords struct {
User string
HostName string
Port string
IdentityFile []string
BatchMode bool
PubkeyAuthentication bool
PasswordAuthentication bool
KbdInteractiveAuthentication bool
PreferredAuthentications []string
}
func combineSshKeywords(opts *sstore.SSHOpts, configKeywords *SshKeywords) (*SshKeywords, error) {
sshKeywords := &SshKeywords{}
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
if opts.SSHUser != "" {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.User = opts.SSHUser
} else if configKeywords.User != "" {
sshKeywords.User = configKeywords.User
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
} else {
user, err := user.Current()
if err != nil {
return nil, fmt.Errorf("failed to get user for ssh: %+v", err)
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.User = user.Username
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
// we have to check the host value because of the weird way
// we store the pattern as the hostname for imported remotes
if configKeywords.HostName != "" {
sshKeywords.HostName = configKeywords.HostName
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
} else {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.HostName = opts.SSHHost
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
if opts.SSHPort != 0 && opts.SSHPort != 22 {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.Port = strconv.Itoa(opts.SSHPort)
} else if configKeywords.Port != "" && configKeywords.Port != "22" {
sshKeywords.Port = configKeywords.Port
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
} else {
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.Port = "22"
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Ssh Fixes and Improvements (#293) * feat: parse multiple identity files in ssh While this does not make it possible to discover multiple identity files in every case, it does make it possible to parse them individually and check for user input if it's required for each one. * chore: remove unnecessary print in updatebus.go * chore: remove unnecessary print in sshclient.go * chore: remove old publicKey auth check With the new callback in place, we no longer need this, so it has been removed. * refactor: move logic for wave and config options The logic for making decisions between details made available from wave and details made available from ssh_config was spread out. This change condenses it into one function for gathering those details and one for picking between them. It also adds a few new keywords but the logic for those hasn't been implemented yet. * feat: allow attempting auth methods in any order While waveterm does not provide the control over which order to attempt yet, it is possible to provide that information in the ssh_config. This change allows that order to take precedence in a case where it is set. * feat: add batch mode support BatchMode turns off user input to enter passwords for ssh. Because we save passwords, we can still attempt these methods but we disable the user interactive prompts in this case. * fix: fix auth ordering and identity files The last few commits introduced a few bugs that are fixed here. The first is that the auth ordering is parsed as a single string and not a list. This is fixed by manually splitting the string into a list. The second is that the copy of identity files was not long enough to copy the contents of the original. This is now updated to use the length of the original in its construction. * deactivate timer while connecting to new ssh The new ssh setup handles timers differently from the old one due to the possibility of asking for user input multiple times. This limited the user input to entirely be done within 15 seconds. This removes that restriction which will allow those timers to increase. It does not impact the legacy ssh systems or the local connections on the new system. * merge branch 'main' into 'ssh--auth-control' This was mostly straightforward, but it appears that a previous commit to main broke the user input modals by deleting a function. This adds that back in addition to the merge. * fix: allow 60 second timeouts for ssh inputs With the previous change, it is now possible to extend the timeout for manual inputs. 60 seconds should be a reasonable starting point. * fix: change size of dummy key to 2048 This fixes the CodeQL scan issue for using a weak key.
2024-02-16 00:58:50 +01:00
sshKeywords.IdentityFile = []string{opts.SSHIdentity}
sshKeywords.IdentityFile = append(sshKeywords.IdentityFile, configKeywords.IdentityFile...)
// these are not officially supported in the waveterm frontend but can be configured
// in ssh config files
sshKeywords.BatchMode = configKeywords.BatchMode
sshKeywords.PubkeyAuthentication = configKeywords.PubkeyAuthentication
sshKeywords.PasswordAuthentication = configKeywords.PasswordAuthentication
sshKeywords.KbdInteractiveAuthentication = configKeywords.KbdInteractiveAuthentication
sshKeywords.PreferredAuthentications = configKeywords.PreferredAuthentications
return sshKeywords, nil
}
// note that a `var == "yes"` will default to false
// but `var != "no"` will default to true
// when given unexpected strings
func findSshConfigKeywords(hostPattern string) (*SshKeywords, error) {
ssh_config.ReloadConfigs()
sshKeywords := &SshKeywords{}
var err error
sshKeywords.User, err = ssh_config.GetStrict(hostPattern, "User")
if err != nil {
return nil, err
}
sshKeywords.HostName, err = ssh_config.GetStrict(hostPattern, "HostName")
if err != nil {
return nil, err
}
sshKeywords.Port, err = ssh_config.GetStrict(hostPattern, "Port")
if err != nil {
return nil, err
}
sshKeywords.IdentityFile = ssh_config.GetAll(hostPattern, "IdentityFile")
batchModeRaw, err := ssh_config.GetStrict(hostPattern, "BatchMode")
if err != nil {
return nil, err
}
sshKeywords.BatchMode = (strings.ToLower(batchModeRaw) == "yes")
// we currently do not support host-bound or unbound but will use yes when they are selected
pubkeyAuthenticationRaw, err := ssh_config.GetStrict(hostPattern, "PubkeyAuthentication")
if err != nil {
return nil, err
}
sshKeywords.PubkeyAuthentication = (strings.ToLower(pubkeyAuthenticationRaw) != "no")
passwordAuthenticationRaw, err := ssh_config.GetStrict(hostPattern, "PasswordAuthentication")
if err != nil {
return nil, err
}
sshKeywords.PasswordAuthentication = (strings.ToLower(passwordAuthenticationRaw) != "no")
kbdInteractiveAuthenticationRaw, err := ssh_config.GetStrict(hostPattern, "KbdInteractiveAuthentication")
if err != nil {
return nil, err
}
sshKeywords.KbdInteractiveAuthentication = (strings.ToLower(kbdInteractiveAuthenticationRaw) != "no")
// these are parsed as a single string and must be separated
// these are case sensitive in openssh so they are here too
preferredAuthenticationsRaw, err := ssh_config.GetStrict(hostPattern, "PreferredAuthentications")
sshKeywords.PreferredAuthentications = strings.Split(preferredAuthenticationsRaw, ",")
return sshKeywords, nil
Use ssh library for remote connections (#250) * create proof of concept ssh library integration This is a first attempt to integrate the golang crypto/ssh library for handling remote connections. As it stands, this features is limited to identity files without passphrases. It needs to be expanded to include key+passphrase and password verifications as well. * add password and keyboard-interactive ssh auth This adds several new ssh auth methods. In addition to the PublicKey method used previously, this adds password authentication, keyboard-interactive authentication, and PublicKey+Passphrase authentication. Furthermore, it refactores the ssh connection code into its own wavesrv file rather than storing int in waveshell's shexec file. * clean up old mshell launch methods In the debugging the addition of the ssh library, i had several versions of the MShellProc Launch function. Since this seems mostly stable, I have removed the old version and the experimental version in favor of the combined version. * allow switching between new and old ssh for dev It is inconvenient to create milestones without being able to merge into the main branch. But due to the experimental nature of the ssh changes, it is not desired to use these changes in the main branch yet. This change disables the new ssh launcher by default. It can be used by changing the UseSshLibrary constant to true in remote.go. With this, it becomes possible to merge these changes into the main branch without them being used in production. * fix: allow retry after ssh auth failure Previously, the error status was not set when an ssh connection failed. Because of this, an ssh connection failure would lock the failed remote until waveterm was rebooted. This fix properly sets the error status so this cannot happen.
2024-01-25 19:18:11 +01:00
}
Reference in New Issue Copy Permalink