diff --git a/app/server/app.js b/app/server/app.js
index 16cddb8..4362b98 100644
--- a/app/server/app.js
+++ b/app/server/app.js
@@ -65,7 +65,7 @@ module.exports = { server, config };
 // express
 app.use(safeShutdownGuard);
 app.use(session);
-app.use(myutil.basicAuth);
+// app.use(myutil.basicAuth);
 if (config.accesslog) app.use(logger('common'));
 app.disable('x-powered-by');
 
@@ -85,7 +85,7 @@ app.get('/ssh/reauth', (req, res) => {
 });
 
 // eslint-disable-next-line complexity
-app.get('/ssh/host/:host?', (req, res) => {
+app.get('/ssh/host/:host?', myutil.basicAuth, (req, res) => {
   res.sendFile(path.join(path.join(publicPath, 'client.htm')));
   // capture, assign, and validate variables
   req.session.ssh = {
diff --git a/app/server/util.js b/app/server/util.js
index e401640..3f7a57d 100644
--- a/app/server/util.js
+++ b/app/server/util.js
@@ -38,7 +38,15 @@ exports.basicAuth = function basicAuth(req, res, next) {
     req.session.userpassword = defaultCredentials.password;
     req.session.privatekey = defaultCredentials.privatekey;
   }
-  if (!req.session.userpassword && !req.session.privatekey) {
+  if (
+    (req.query.username !== '' || req.query.username !== undefined) &&
+    (req.query.password !== '' || req.query.password !== undefined)
+  ) {
+    // eslint-disable-next-line
+    // console.log(`username: ${req.query.username} and password: ${req.query.password}`);
+    req.session.username = req.query.username;
+    req.session.userpassword = req.query.password;
+  } else {
     res.statusCode = 401;
     debug('basicAuth credential request (401)');
     res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"');