feat: add ssh.disableInteractiveAuth feature in support of #379

README.md

@@ -91,11 +91,18 @@ Edit `config.json` to customize the following options:
 - `user.name` - _string_ - Default SSH username (default: `null`)
 - `user.password` - _string_ - Default SSH password (default: `null`)
 - `ssh.host` - _string_ - Default SSH host (default: `null`)
+- `user.privatekey` - _string_ - Default SSH private key (default: `null`)
 - `ssh.port` - _integer_ - Default SSH port (default: `22`)
 - `ssh.term` - _string_ - Terminal emulation (default: `"xterm-color"`)
 - `ssh.readyTimeout` - _integer_ - SSH handshake timeout in ms (default: `20000`)
 - `ssh.keepaliveInterval` - _integer_ - SSH keepalive interval in ms (default: `120000`)
 - `ssh.keepaliveCountMax` - _integer_ - Max SSH keepalive packets (default: `10`)
+- `ssh.disableInteractiveAuth` - _boolean_ - When set to `true`, prevents interactive authentication through the web interface. Users must use Basic Authentication via the `/ssh/host/<host>` route. (default: `false`)
+- `ssh.algorithms.cipher` - _array_ - Supported cipher algorithms (default: `["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm", "aes128-gcm@openssh.com", "aes256-gcm", "aes256-gcm@openssh.com", "aes256-cbc"]`)
+- `ssh.algorithms.compress` - _array_ - Supported compression methods (default: `["none", "zlib@openssh.com", "zlib"]`)
+- `ssh.algorithms.hmac` - _array_ - Supported HMAC algorithms (default: `["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]`)
+- `ssh.algorithms.kex` - _array_ - Supported key exchange methods (default: `["ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha1"]`)
+- `ssh.algorithms.serverHostKey` - _array_ - Supported host key types (default: `["ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "ssh-rsa"]`)
 - `header.text` - _string_ - Header text (default: `null`)
 - `header.background` - _string_ - Header background color (default: `"green"`)
 - `session.name` - _string_ - Session cookie name (default: `"webssh2.sid"`)

app/config.js

@@ -32,6 +32,7 @@ const defaultConfig = {
     keepaliveInterval: 120000,
     keepaliveCountMax: 10,
     alwaysSendKeyboardInteractivePrompts: false,
+    disableInteractiveAuth: false,
     algorithms: {
       cipher: [
         "aes128-ctr",

app/configSchema.js

@@ -39,6 +39,7 @@ const configSchema = {
         readyTimeout: { type: "integer" },
         keepaliveInterval: { type: "integer" },
         keepaliveCountMax: { type: "integer" },
+        disableInteractiveAuth: { type: "boolean" },
         algorithms: {
           type: "object",
           properties: {

app/socket.js

@@ -49,6 +49,13 @@ class WebSSH2Socket extends EventEmitter {
       )
       this.handleAuthenticate(creds)
     } else if (!this.sessionState.authenticated) {
+      // Check if interactive auth is disabled
+      if (this.config.ssh.disableInteractiveAuth) {
+        debug(`handleConnection: ${this.socket.id}, interactive auth disabled`)
+        this.handleError("Interactive Auth Disabled")
+        return
+      }
+
       debug(`handleConnection: ${this.socket.id}, emitting request_auth`)
       this.socket.emit("authentication", { action: "request_auth" })
     }

config.json.sample

@@ -26,6 +26,7 @@
     "keepaliveCountMax": 10,
     "allowedSubnets": [],
     "alwaysSendKeyboardInteractivePrompts": false,
+    "disableInteractiveAuth": true,
     "algorithms": {
       "cipher": [
         "aes128-ctr",