diff --git a/config.json b/config.json index 5cc82e3..738373a 100644 --- a/config.json +++ b/config.json @@ -59,5 +59,5 @@ "server": false // not yet implemented }, "accesslog": false, // http style access logging to console.log - "verify": true + "verify": false // verification of host key hashes, see hostkeyhashes.json } diff --git a/hostkeys.json b/hostkeyhashes.json similarity index 100% rename from hostkeys.json rename to hostkeyhashes.json diff --git a/socket.js b/socket.js index e2648f1..c07cacd 100644 --- a/socket.js +++ b/socket.js @@ -5,11 +5,9 @@ var debug = require('debug') var debugWebSSH2 = require('debug')('WebSSH2') var SSH = require('ssh2').Client var fs = require('fs') -var hostkeys = JSON.parse(fs.readFileSync('./hostkeys.json', 'utf8')) +var hostkeys = JSON.parse(fs.readFileSync('./hostkeyhashes.json', 'utf8')) var termCols, termRows -console.log(JSON.stringify(hostkeys)) - // public module.exports = function socket (socket) { // if websocket connection arrives without an express session, kill it @@ -121,14 +119,15 @@ module.exports = function socket (socket) { return (verified = true) } else { err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash } - console.error('stored host key hashes: ', JSON.stringify(hostkeys)) - console.error('reported hash from ' + socket.request.session.ssh.host + ': ', hash) - console.error(' host key hash for ' + socket.request.session.ssh.host + ': ', hostkeys[socket.request.session.ssh.host]) + console.error('WEBSSH2 contents of host key hashes: ', JSON.stringify(hostkeys)) + console.error('WEBSSH2 reported hash from ' + socket.request.session.ssh.host + ': ', hash) + console.error('WEBSSH2 host key hash for ' + socket.request.session.ssh.host + ': ', hostkeys[socket.request.session.ssh.host]) SSHerror('CONN CONNECT', err) + return (verified = false) } } else { console.info('host key verification disabled. hash for host ' + socket.request.session.ssh.host + ': ', hash) - return (verified = true) + return (noverify = true) } }, debug: debug('ssh2')