Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

host key verification poc

Browse source
This commit is contained in:
billchurch 2017-12-12 14:34:45 -05:00
parent 5ed695bb32
commit 783327b014
4 changed files with 22 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app.js
View file

@ -53,7 +53,8 @@ app.get('/ssh/host/:host?', function (req, res, next) {
server: config.serverlog.server || false server: config.serverlog.server || false
}, },
readyTimeout: (validator.isInt(req.query.readyTimeout + '', {min: 1, max: 300000}) && readyTimeout: (validator.isInt(req.query.readyTimeout + '', {min: 1, max: 300000}) &&
req.query.readyTimeout) || config.ssh.readyTimeout req.query.readyTimeout) || config.ssh.readyTimeout,
verify: config.verify || false
} }
if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name) if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name)
if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background) if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background)

3
config.json
View file

@ -58,5 +58,6 @@
"client": false, // proof-of-concept to log commands from client to server "client": false, // proof-of-concept to log commands from client to server
"server": false // not yet implemented "server": false // not yet implemented
}, },
"accesslog": false // http style access logging to console.log "accesslog": false, // http style access logging to console.log
"verify": true
} }

12
hostkeys.json
View file

@ -1,8 +1,4 @@
[ {
{ "localhost": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce",
"localhost": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce" "127.0.0.1": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
}, }
{
"127.0.0.1": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
}
]

19
socket.js
View file

@ -4,7 +4,8 @@
var debug = require('debug') var debug = require('debug')
var debugWebSSH2 = require('debug')('WebSSH2') var debugWebSSH2 = require('debug')('WebSSH2')
var SSH = require('ssh2').Client var SSH = require('ssh2').Client
var hostkeys = require('./hostkeys.json') var fs = require('fs')
var hostkeys = JSON.parse(fs.readFileSync('./hostkeys.json', 'utf8'))
var termCols, termRows var termCols, termRows
console.log(JSON.stringify(hostkeys)) console.log(JSON.stringify(hostkeys))
@ -115,11 +116,19 @@ module.exports = function socket (socket) {
readyTimeout: socket.request.session.ssh.readyTimeout, readyTimeout: socket.request.session.ssh.readyTimeout,
hostHash: 'sha1', hostHash: 'sha1',
hostVerifier: function (hash) { hostVerifier: function (hash) {
if (hash === hostkeys['127.0.0.1']) { if (socket.request.session.ssh.verify) {
return (verified = true) if (hash === hostkeys[socket.request.session.ssh.host]) {
return (verified = true)
} else {
err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash }
console.error('stored host key hashes: ', JSON.stringify(hostkeys))
console.error('reported hash from ' + socket.request.session.ssh.host + ': ', hash)
console.error(' host key hash for ' + socket.request.session.ssh.host + ': ', hostkeys[socket.request.session.ssh.host])
SSHerror('CONN CONNECT', err)
}
} else { } else {
err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash } console.info('host key verification disabled. hash for host ' + socket.request.session.ssh.host + ': ', hash)
SSHerror('CONN CONNECT', err) return (verified = true)
} }
}, },
debug: debug('ssh2') debug: debug('ssh2')