Comments (10)
By the way - as a side note, I'm not sure whether it needs an upload function - the .pub is pretty short (90 characters including prefix is all that's needed, + whatever they use for their email/attribute if there is one). Could probably just support pasting that into a text field? That's what sites like github do anyway.
from enigma-bbs.
@cognitivegears I agree. I think the only requirement needs to be over an existing secure connection.
from enigma-bbs.
That's a bit of a catch-22, but not much of one, since they can either upload the .pub when logging in as new via ssh, or just have to at least one time do password auth before switching to public key. So not a big deal.
Yep, but without it, one can technically MITM and put in their own SSH Pub Key instead.
from enigma-bbs.
@jejacks0n It's a placeholder as there aren't currently any BBS clients that support public key authentication.
I'd love a PR, however!
Off the top of my head, I think you'd really only need to implement validatePubKey
which you can see in the SSH2 documentation, should be fairly trivial.
Then, create a simple ssh_config.js
or similar mod inheriting MenuModule
(which you'll see is the beef of most of enig) for the user to upload a public key.
One challenge is for it to be secure, they'd need to do this over a secure connection such as SSH (un/pass), or secure WebSocket, so you'd want to gate the menu with an acs
check.
I can provide more details if you're going to take a shot at it!
from enigma-bbs.
could test with ssh from a regular ptty terminal.. ssh user@bbsname
assuming the user previously uploaded their public key for auth.
from enigma-bbs.
Update on this: I will be adding PublicKey authentication to the board and to https://github.com/mkrueger/icy_term as well in the near-ish future.
from enigma-bbs.
@cognitivegears I agree. I think the only requirement needs to be over an existing secure connection.
That's a bit of a catch-22, but not much of one, since they can either upload the .pub when logging in as new via ssh, or just have to at least one time do password auth before switching to public key. So not a big deal.
from enigma-bbs.
By the way, this is a little off-topic but I was thinking, I don't believe there is anything in the spec / ssh library that wouldn't let us just accept any user - that is, allow the connection regardless of any user/pw etc... which could be interesting, if we then showed the unauthenticated login screen. Sorta like an inner authentication mechanism like can be done with WiFi etc protocols. I.e encrypt the channel but no Authn initially.
I know sounds crazy, but the reason to do that would be able to offer non logged in services via ssh... Showing the login menu, forgot password, etc.
The only downside I can think of is that I believe most or all existing clients just assume that some authn needs to happen so present pw prompt before even being challenged (when not using a public key flow anyway.) still it works, users would just have to type anything on those clients. And that could be suggested in clients like Icyterm as well.
Probably out of scope for this issue, but just wanted to mention in case it's useful someday.
from enigma-bbs.
@cognitivegears this should already be possible with some tweaks. Users can already SSH in with +op defined username passwords (new/new is there by default). We could have "forgot/forgot" or whatever allowing them to interact with specific screens.
from enigma-bbs.
Minor thought... Ubuntu-Server offers the option to import your public key at install, including from github. Could offer something similar at login/creation to import github key(s).
from enigma-bbs.
Related Issues (20)
- Install fails on Ubuntu 22.10 HOT 2
- "null" errors when deleting lines from NUA HOT 3
- Image broken in manual HOT 1
- Unroutable NetMail persists forever
- Enigma failing on node v20.5.1 HOT 2
- ANSI art from PabloDraw not compatible with Enigma HOT 3
- Investigate additional ANSI Escape sequences HOT 3
- SSH key generation error in docs HOT 5
- Black screen only with no vtx client when using websocket support for browser HOT 9
- Got an Invalid: "socket" is not a valid io type! for my door. HOT 4
- Can't start BBS HOT 7
- Bump version of ws library
- Documentation update: add more information to VTX documentation
- User still logged-in? HOT 4
- Generate SSH cert with oputil HOT 1
- ENIGMA crashes if NUA does not collect complete info. HOT 4
- Mysql Support and other DB options HOT 2
- Help creating mods HOT 1
- Empty subject in new mail throws "Cannot read property 'toString' of undefined" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enigma-bbs.