Commit Graph

13 Commits

Author SHA1 Message Date
Sylvie Crowe
84cea373a8
SSH Bugfixes Early April 2024 (#551)
* fix: add vix for missing known_hosts file

In a recent cleanup, I accidentally deleted this fix from before. This
adds it back.

* chore: clarify that the ssh should use private key
2024-04-05 10:54:12 -07:00
Sylvie Crowe
7b58949027
fix: this prevents possible loops while connecting (#521)
A recent change made it possible to get stuck in a loop when connecting
to a remote. This reverts the part of it that caused this while
retaining the other behavior. This makes it possible to add to blank
known_host files again. It also adds a printout to display when a
connection is complete.
2024-03-27 21:19:35 -07:00
Sylvie Crowe
28dd9410fe
fix: properly handle missing knownhosts case (#510)
A bug prevented waveterm from being able to create missing knownhosts
files. This change corrects that.
2024-03-27 14:29:21 -07:00
Sylvie Crowe
bfafb9e490
Ssh Extra Fixes (#459) 2024-03-14 16:50:58 -07:00
Sylvie Crowe
2a5857bc3d
SSH UI Quick Fixes (#408)
* fix: set golbal ssh config to correct path

This adds the missing "etc" directory to the path for the global config
file.

* chore: update auth mode tooltip

This just changes the text to be slightly more accurate to the current
behavior.

* feat: add box to disable waveshell install modal

This hooks in to the existing don't show this again code that pops up
when creating a modal.

* refactor: remove install modal in remote creation

There used to be a modal that popped up while installing a remote that
informed the user that waveshell gets installed on their remote. Since
we have a new modal that pops up at the time of install, the older modal
can be removed.

* fix: allow user to cancel ssh dial

The new ssh code broke dial for invalid urls since the context did not
cancel the dial or any associated user input. This change reconnects
the context along with the context for installing waveshell.

* style: widen the rconndetail modal

The rconndetail modal is currently narrower than the xtermjs element
which results in awkward scrolling if a line is long. This change makes
the width auto so it can size itself as needed.

* add a max-width for safety
2024-03-07 22:37:00 -08:00
Sylvie Crowe
6091305bb3
SSH Quick Fixes (#385)
* fix: allow ssh user to use numbers/capital letters

Prior to this change, usernames could not start with numbers and could
not contain capital letters at all. Note that the username can also
start with capital letters.

* fix: update ssh_config with IdentityFiles fix

This adds the update that provides the ssh2 defaults for IdentityFiles.
This will allow the usual defaults to be searched when none are
explicitly provided.

* fix: overwrite identity files instead of appending

This change makes it so a waveterm configured identity file will
overwrite the one in the config instead of attempting to append it. This
matches the behavior of openssh.

* style: use regular font for markdown user input

This makes the Markdown User Input indistinct from user input without
markdown. It changes the font and makes a couple small adjustments to
the font size and line height.

* fix: use font property instead of font-family

The markdown css for User Input can be simplified with the font being
set by the "font" property rather than the "font-family" property.
2024-03-06 12:33:01 -08:00
Sylvie Crowe
50953839b1
SSH Cleanup (#370)
* feat: allow user input verification for install

Depending on the method of installing waveshell, it may be desired to
pop up a modal for user verification. This is a first pass at handling
these special cases. The focus is on installing while previously
connected and auto installing while connecting.

* chore: update mshell to waveshell in error msg

* fix: run waveshell remotely with chosen shell

This ensures that the appropriate shell is used to run the waveshell
command remotely. It hasn't made a difference in my experience but is
desired in order to match the local launch.

* chore: simplify command to run waveshell remotely

This change removes the extra check for a directory and just tries to
run the command instead. It pipes the usual error to null and prints an
init packet instead.

* fix: prevent wavesrv crash during bad connection

The waveshell launch can fail in two different ways. If it has a
recoverable failure, it will attempt to reinstall waveshell. If not, it
is supposed to print an error. The unrecoverable case was causing a
segfault due to a misnamed variable. This change corrects it.

* fix: correct auto install user input modal

The previous combination of flags to catch auto install did not work
properly. This corrects them.

* chore: add "s" to countdown for user input timer

Makes it clear that the countdown is seconds.

* fix: remove auto password entry for sudo remote

The auto password entry for sudo remotes printed an error that was not
in response to the user input. To avoid this confusion, it has been
removed entirely.

* feat: add auto focus to user input modal

This automatically moves the cursor to the text box when the modal pops
up.

* feat: handle enter/escape keys for password entry

The password modal previously had to have buttons clicked to close it.
This change allows the user to close it with whatever is bound to escape
and to submit with whatever is bound to enter.

* chore: update an any type to correct type

* fix: correct keyboard event type from last commit

* fix: check identity files are readable early

Previously, an invalid identity file would send a dummy signer if the
file didn't exist. This resulted in extra sign in attempts that have no
chance of success. This could cause someone to get locked out of a
connection because of too many failed attempts. By performing the check
early, we no longer have to make these extra attempts.

* fix: only check global known hosts as root

The root user should not be able to write to a local known_hosts file.
If it does, it risks overwriting the default global behavior for only
the root user. This problem would only occur if waveterm was launched as
root, but we should protect against it just in case.

* feat: add remote name for remote password prompt

This change clarifies the remote name for password and keyboard
interactive prompts. It displays a message that authentication has been
requested from <hostname>. It is not added to publickey passphrase since
those phrases are specific to the key and not the remote.

* revert "simplify cmd to run waveshell remotely"

This reverts commit 4e5eea51b6.
2024-03-04 11:56:20 -08:00
Sylvie Crowe
6c115716b0
Integrate SSH Library with Waveshell Installation/Auto-update (#322)
* refactor launch code to integrate install easier

The previous set up of launch was difficult to navigate. This makes it
much clearer which will make the auto install flow easier to manage.

* feat: integrate auto install into new ssh setup

This change makes it possible to auto install using the ssh library
instead of making a call to the ssh cli command. This will auto install
if the installed waveshell version is incorrect or cannot be found.

* chore: clean up some lints for sshclient

There was a context that didn't have it's cancel function deferred and
an error that wasn't being handle. They're fixed now.

* fix: disconnect client if requested or launch fail

A recent commit made it so a client remained part of the MShellProc
after being disconnected. This is undesireable since a manual
disconnection indicates that the user will need to enter their
credentials again if required. Similarly, if the launch fails with an
error, the expectation is that credentials will have to be entered
again.

* fix: use legacy timer for the time being

The legacy timer frustrates me because it adds a lot of state to the
MShellProc struct that is complicated to manage. But it currently works,
so I will be keeping it for the time being.

* fix: change separator between remoteref and name

With the inclusion of the port number in the canonical id, the :
separator between the remoteref and remote name causes problems if the
port is parsed instead. This changes it to a # in order to avoid this
conflict.

* fix: check for null when closing extra files

It is possible for the list of extra files to contain null files. This
change ensures the null files will not be erroneously closed.

* fix: change connecting method to show port once

With port added to the canonicalname, it no longer makes sense to append
the port afterward.

* feat: use user input modal for sudo connection

The sudo connection used to have a unique way of entering a password.
This change provides an alternative method using the user input modal
that the other connection methods use. It does not work perfectly with
this revision, but the basic building blocks are in place. It needs a
few timer updates to be complete.

* fix: remove old timer to prevent conflicts with it

With this change the old timer is no longer needed. It is not fully
removed yet, but it is disabled so as to not get in the way.
Additionally, error handling has been slightly improved.

There is still a bug where an incorrect password prints a new password
prompt after the error message. That needs to be fixed in the future.
2024-02-29 11:37:03 -08:00
Evan Simkowitz
8acda3525b
Break model update code out of sstore (#290)
* Break update code out of sstore

* add license disclaimers

* missed one

* add another

* fix regression in openai updates, remove unnecessary functions

* another copyright

* update casts

* fix issue with variadic updates

* remove logs

* remove log

* remove unnecessary log

* save work

* moved a bunch of stuff to scbus

* make modelupdate an object

* fix new screen not updating active screen

* add comment

* make updates into packet types

* different cast

* update comments, remove unused methods

* add one more comment

* add an IsEmpty() on model updates to prevent sending empty updates to client
2024-02-15 16:45:47 -08:00
Sylvie Crowe
158378a7ad
Ssh Fixes and Improvements (#293)
* feat: parse multiple identity files in ssh

While this does not make it possible to discover multiple identity files
in every case, it does make it possible to parse them individually and
check for user input if it's required for each one.

* chore: remove unnecessary print in updatebus.go

* chore: remove unnecessary print in sshclient.go

* chore: remove old publicKey auth check

With the new callback in place, we no longer need this, so it has been
removed.

* refactor: move logic for wave and config options

The logic for making decisions between details made available from wave
and details made available from ssh_config was spread out. This change
condenses it into one function for gathering those details and one for
picking between them.

It also adds a few new keywords but the logic for those hasn't been
implemented yet.

* feat: allow attempting auth methods in any order

While waveterm does not provide the control over which order to attempt
yet, it is possible to provide that information in the ssh_config. This
change allows that order to take precedence in a case where it is set.

* feat: add batch mode support

BatchMode turns off user input to enter passwords for ssh. Because we
save passwords, we can still attempt these methods but we disable the
user interactive prompts in this case.

* fix: fix auth ordering and identity files

The last few commits introduced a few bugs that are fixed here. The
first is that the auth ordering is parsed as a single string and not a
list. This is fixed by manually splitting the string into a list. The
second is that the copy of identity files was not long enough to copy
the contents of the original. This is now updated to use the length of
the original in its construction.

* deactivate timer while connecting to new ssh

The new ssh setup handles timers differently from the old one due to the
possibility of asking for user input multiple times. This limited the
user input to entirely be done within 15 seconds. This removes that
restriction which will allow those timers to increase. It does not
impact the legacy ssh systems or the local connections on the new
system.

* merge branch 'main' into 'ssh--auth-control'

This was mostly straightforward, but it appears that a previous commit
to main broke the user input modals by deleting a function. This adds
that back in addition to the merge.

* fix: allow 60 second timeouts for ssh inputs

With the previous change, it is now possible to extend the timeout for
manual inputs. 60 seconds should be a reasonable starting point.

* fix: change size of dummy key to 2048

This fixes the CodeQL scan issue for using a weak key.
2024-02-15 15:58:50 -08:00
Evan Simkowitz
d319e72609
Refactor ModelUpdate to set up for decoupling sstore (#280)
This PR changes ModelUpdate mechanism from a statically-typed struct to an interface, allowing us to define the update mechanism and the update types separately. This sets us up to move app logic and update mechanisms into separate packages. Ultimately, sstore will only define low-level persistence logic.
2024-02-09 17:19:44 -08:00
Sylvie Crowe
903b26bfca
Use ssh library: add user input (#281)
* feat: create backend for user input requests

This is the first part of a change that allows the backend to request
user input from the frontend. Essentially, the backend will send a
request for the user to answer some query, and the frontend will send
that answer back. It is blocking, so it needs to be used within a
goroutine.

There is some placeholder code in the frontend that will be updated in
future commits. Similarly, there is some debug code in the backend
remote.go file.

* feat: create frontend for user input requests

This is part of a change to allow the backend to request user input from
the frontend. This adds a component specifically for handling this
logic. It is only a starting point, and does not work perfectly yet.

* refactor: update user input backend/interface

This updates the user input backend to fix a few potential bugs. It also
refactors the user input request and response types to better handle
markdown and errors while making it more convenient to work with.

A couple frontend changes were made to keep everything compatible.

* fix: add props to user input request modal

There was a second place that the modals were created that I previously
missed. This fixes that second casel

* feat: complete user input modal

This rounds out the most immediate concerns for the new user input
modal. The frontend now includes a timer to show how much time is left
and will close itself once it reaches zero. Css
formatting has been cleaned up to be more reasonable.

There is still some test code present on the back end. This will be
removed once actuall examples of the new modal are in place.

* feat: create first pass known_hosts detection

Manually integrating with golang's ssh library means that the code must
authenticate known_hosts on its own. This is a first pass at creating a
system that parses the known hosts files and denys a connection if there
is a mismatch. This needs to be updated with a means to add keys to the
known-hosts file if the user requests it.

* feat: allow writing to known_hosts first pass

As a follow-up to the previous change, we now allow the user to respond
to interactive queries in order to determine if an unknown known hosts
key can be added to a known_hosts file if it is missing. This needs to
be refined further, but it gets the basic functionality there.

* feat: add user input for kbd-interactive auth

This adds a modal so the user can respond to prompts provided using the
keyboard interactive authentication method.

* feat: add interactive password authentication

This makes the ssh password authentication interactive with its own user
input modal. Unfortunately, this method does not allow trying a default
first. This will need to be expanded in the future to accomodate that.

* fix: allow automatic and interactive auth together

Previously, it was impossible to use to separate methods of the same
type to try ssh authentication. This made it impossible to make an auto
attempt before a manual one. This change restricts that by combining
them into one method where the auto attempt is tried once first and
cannot be tried again. Following that, interactive authentication can be
tried separately.

It also lowers the time limit on kbd interactive authentication to 15
seconds due to limitations on the library we are using.

* fix: set number of retries to one in ssh

Number of retries means number of attempts after the fact, not number of
total attempts. It has been adjusted from 2 to 1 to reflect this.

* refactor: change argument order in GetUserInput

This is a simple change to move the context to the first argument of
GetUserInput to match the convention used elsewhere in the code.

* fix: set number of retries to two again

I was wrong in my previous analysis. The number given is the total
number of tries. This is confusing when keyboard authentication and
password authentication are both available which usually doesn't happen.

* feat: create naive ui for ssh key passphrases

This isn't quite as reactive as the other methods, but it does attempt
to use publickey without a passphrase, then attempt to use the password
as the passphrase, and finally prompting the user for a passphrase. The
problem with this approach is that if multiple keys are used and they
all have passphrases, they need to all be checked up front. In practice,
this will not happen often, but it is something to be aware of.

* fix: add the userinput.tsx changes

These were missed in the previous commit. Adding them now.
2024-02-09 00:16:56 -03:00
Sylvie Crowe
018bb14b6a
Use ssh library for remote connections (#250)
* create proof of concept ssh library integration

This is a first attempt to integrate the golang crypto/ssh library for
handling remote connections. As it stands, this features is limited to
identity files without passphrases. It needs to be expanded to include
key+passphrase and password verifications as well.

* add password and keyboard-interactive ssh auth

This adds several new ssh auth methods. In addition to the PublicKey
method used previously, this adds password authentication,
keyboard-interactive authentication, and PublicKey+Passphrase
authentication.

Furthermore, it refactores the ssh connection code into its own wavesrv
file rather than storing int in waveshell's shexec file.

* clean up old mshell launch methods

In the debugging the addition of the ssh library, i had several versions
of the MShellProc Launch function. Since this seems mostly stable, I
have removed the old version and the experimental version in favor of
the combined version.

* allow switching between new and old ssh for dev

It is inconvenient to create milestones without being able to merge into
the main branch. But due to the experimental nature of the ssh changes,
it is not desired to use these changes in the main branch yet. This
change disables the new ssh launcher by default. It can be used by
changing the UseSshLibrary constant to true in remote.go. With this, it
becomes possible to merge these changes into the main branch without
them being used in production.

* fix: allow retry after ssh auth failure

Previously, the error status was not set when an ssh connection failed.
Because of this, an ssh connection failure would lock the failed remote
until waveterm was rebooted. This fix properly sets the error status so
this cannot happen.
2024-01-25 10:18:11 -08:00