Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Fabio:node-20
Branches Tags
Fabio:main
Fabio:newmain
Fabio:bigip-server
Fabio:node-20
Fabio:bigip
Fabio:release-please--branches--main--components--webssh2
Fabio:dependabot/npm_and_yarn/app/webpack-5.76.0
Fabio:dependabot/npm_and_yarn/app/json5-1.0.2
Fabio:dependabot/npm_and_yarn/app/engine.io-6.2.1
Fabio:dependabot/npm_and_yarn/app/snyk-1.996.0
Fabio:dependabot/npm_and_yarn/app/vm2-3.9.11
Fabio:release-please--branches--main--components--release-please-action
Fabio:test-branch
Fabio:release-please/bootstrap/default
Fabio:v0.2.24
Fabio:v0.2.23
Fabio:v0.2.20
Fabio:v0.2.19
Fabio:v0.2.18
Fabio:v0.2.17
Fabio:0.2.13
Fabio:0.2.12
Fabio:webssh2-v0.4.7-pre-4
Fabio:webssh2-v0.4.7-pre-3
Fabio:webssh2-v0.4.7-pre-2
Fabio:0.4.7-test-1
Fabio:0.4.7-test-0
Fabio:0.4.7-alpha.3
Fabio:0.4.7-alpha.2
Fabio:0.4.7-alpha.1
Fabio:0.4.7-alpha.0
Fabio:testing
Fabio:current
Fabio:0.4.6
Fabio:v0.4.6
Fabio:0.4.5
Fabio:0.4.4
Fabio:0.4.3
Fabio:0.4.2
Fabio:0.5.0-dev-1
Fabio:0.5.0-dev-0
Fabio:0.4.0
Fabio:0.3.1
Fabio:0.2.11
Fabio:0.3.0
Fabio:0.2.10-1
Fabio:v0.2.10-0
Fabio:0.2.9
Fabio:0.2.8
Fabio:0.2.7
Fabio:0.2.6
Fabio:0.2.5
Fabio:0.2.4
Fabio:0.2.0
Fabio:0.1.4
Fabio:0.1.3
Fabio:0.1.2
Fabio:0.1.1
Fabio:0.1.0
Fabio:0.0.5
Fabio:0.0.4
Fabio:0.0.3
Fabio:0.0.2
Fabio:0.0.1
..
compare: Fabio:main
Branches Tags
Fabio:newmain
Fabio:bigip-server
Fabio:node-20
Fabio:main
Fabio:bigip
Fabio:release-please--branches--main--components--webssh2
Fabio:dependabot/npm_and_yarn/app/webpack-5.76.0
Fabio:dependabot/npm_and_yarn/app/json5-1.0.2
Fabio:dependabot/npm_and_yarn/app/engine.io-6.2.1
Fabio:dependabot/npm_and_yarn/app/snyk-1.996.0
Fabio:dependabot/npm_and_yarn/app/vm2-3.9.11
Fabio:release-please--branches--main--components--release-please-action
Fabio:test-branch
Fabio:release-please/bootstrap/default
Fabio:v0.2.24
Fabio:v0.2.23
Fabio:v0.2.20
Fabio:v0.2.19
Fabio:v0.2.18
Fabio:v0.2.17
Fabio:0.2.13
Fabio:0.2.12
Fabio:webssh2-v0.4.7-pre-4
Fabio:webssh2-v0.4.7-pre-3
Fabio:webssh2-v0.4.7-pre-2
Fabio:0.4.7-test-1
Fabio:0.4.7-test-0
Fabio:0.4.7-alpha.3
Fabio:0.4.7-alpha.2
Fabio:0.4.7-alpha.1
Fabio:0.4.7-alpha.0
Fabio:testing
Fabio:current
Fabio:0.4.6
Fabio:v0.4.6
Fabio:0.4.5
Fabio:0.4.4
Fabio:0.4.3
Fabio:0.4.2
Fabio:0.5.0-dev-1
Fabio:0.5.0-dev-0
Fabio:0.4.0
Fabio:0.3.1
Fabio:0.2.11
Fabio:0.3.0
Fabio:0.2.10-1
Fabio:v0.2.10-0
Fabio:0.2.9
Fabio:0.2.8
Fabio:0.2.7
Fabio:0.2.6
Fabio:0.2.5
Fabio:0.2.4
Fabio:0.2.0
Fabio:0.1.4
Fabio:0.1.3
Fabio:0.1.2
Fabio:0.1.1
Fabio:0.1.0
Fabio:0.0.5
Fabio:0.0.4
Fabio:0.0.3
Fabio:0.0.2
Fabio:0.0.1

316 commits
node-20 ... main

Author SHA1 Message Date
Bill Church
9c0ba04b31
Update action-test.yml 2024-08-26 07:58:02 -04:00
Bill Church
e499287079
Update action-test.yml 2024-08-26 07:57:04 -04:00
Bill Church
2a9a6c3562
Update docker-multiplatform-tag.yml 2024-08-22 14:03:09 -04:00
Bill Church
ad5d38259c
Update docker-multiplatform-tag.yml 2024-08-22 13:49:22 -04:00
Bill Church
7c1f8fa48e
Update docker-multiplatform-tag.yml 2024-08-22 13:47:08 -04:00
Bill Church
8dd4d0fda4
Create docker-multiplatform-tag.yml 2024-08-22 13:46:42 -04:00
Bill Church
5bbfcee0b6
chore: testing 2024-07-08 16:48:17 -04:00
Bill Church
cb5c1fa809
chore: update dev env 2024-04-27 10:41:44 +00:00
Bill Church
64e86994f7
chore: bump version 2023-08-22 18:55:53 +00:00
Bill Church
a97003bac2
chore: update release workflow 2023-08-22 18:55:53 +00:00
Bill Church
2576a495cf
chore: remove json-merger add ncu 2023-08-22 18:55:52 +00:00
Bill Church
d2ea50a0f2
chore: update dev environment 2023-08-22 18:55:52 +00:00
Bill Church
3246df75b6
fix: cols and rows were not properly assigned for terminal (#337) 
* fix: set correct vars and cols property

* fix: add cols and rows to session.ssh property

* style: remove const assignment

---------

Co-authored-by: w-v <wtv@protonmail.ch>
Co-authored-by: bc 064 <87337961+bcvort@users.noreply.github.com>
 2023-08-22 09:16:10 -04:00
Bill Church
acb4e42fde
docs: update confusion around docker configs #317 2023-02-06 12:37:19 -05:00
Bill Church
c3e54ef0d8
chore: dev env update 2023-02-06 09:48:25 -05:00
Bill Church
d9b6e47e88
chore(main): release webssh2 0.5.0-pre-4 (#309) 2022-08-07 08:14:28 -04:00
Bill Church
8b56826363
chore: release 0.4.7-pre-5 
Release-As: 0.4.7-pre-5
 2022-08-07 12:13:19 +00:00
Bill Church
476b566c08
feat: test change for release 2022-08-07 12:10:36 +00:00
Bill Church
298f45178f
chore: update workflow 2022-08-07 12:07:22 +00:00
Bill Church
adc964e823
chore: update workflow 2022-08-07 12:03:32 +00:00
Bill Church
3d06d74645
chore: update workflow 2022-08-07 12:01:02 +00:00
Bill Church
8f19909cc1
Merge branch 'main' of github.com:billchurch/webssh2 2022-08-07 11:55:26 +00:00
Bill Church
3fdba6e880
chore: update workflow to publish to npm 2022-08-07 11:55:08 +00:00
Bill Church
8c64f8e026
chore(main): release webssh2 0.4.7-pre-4 (#308) 2022-08-03 10:39:36 -04:00
Bill Church
ad9f303380
docs: add LICENSE to /app 2022-08-03 14:35:32 +00:00
Bill Church
7d4ba87bc1
chore: release 0.4.7-pre-4 
Release-As: 0.4.7-pre-4
 2022-08-03 14:31:52 +00:00
Bill Church
8585aba89f
chore: update changelog 2022-08-03 14:30:22 +00:00
Bill Church
3b8c7a770e
chore: update workflows 2022-08-03 14:29:47 +00:00
Bill Church
9d5a0cd12c
chore(main): release webssh2 0.4.7-pre-3 (#307) 2022-08-03 10:25:12 -04:00
Bill Church
0322b1694a
chore: update release-please workflow 2022-08-03 14:22:19 +00:00
Bill Church
3b460dda66
Merge branch 'main' of github.com:billchurch/webssh2 2022-08-03 14:16:42 +00:00
Bill Church
0c78c1f31c
chore: release 0.4.7-pre-3 
Release-As: 0.4.7-pre-3
 2022-08-03 14:16:30 +00:00
Bill Church
7985bd0143
chore(main): release webssh2 0.4.7-pre-2 (#305) 2022-08-03 10:13:57 -04:00
Bill Church
1862acceb5
Merge branch 'main' of github.com:billchurch/webssh2 2022-08-03 14:13:19 +00:00
Bill Church
0bcc37a0f7
chore: update release please workflow fixes #283 2022-08-03 14:12:21 +00:00
Bill Church
b29242dfd4
chore: release 0.4.7-pre-3 
Release-As: 0.4.7-pre-3
 2022-08-03 14:11:57 +00:00
Bill Church
a284ca07ca
chore: update package(-lock).json 2022-08-03 14:11:57 +00:00
Bill Church
f048b46667
chore: update Dockerfile 2022-08-03 14:11:56 +00:00
Bill Church
31f7728602
chore: update .dockerignore 2022-08-03 14:11:55 +00:00
Bill Church
e3c11cce16
Update SECURITY.md 2022-08-03 14:11:55 +00:00
Bill Church
2159709812
chore: update workflows 2022-08-03 14:11:54 +00:00
Bill Church
b36e40357d
chore: update workflows 2022-08-03 14:11:53 +00:00
Bill Church
8749c21f4d
chore: update bug report 2022-08-03 14:11:53 +00:00
Bill Church
0ea6c16ac4
chore: update bug reporting 2022-08-03 14:11:52 +00:00
Bill Church
abb6b71e62
chore: update bug reporter 2022-08-03 14:11:51 +00:00
Bill Church
6370f83466
chore: update bug reporter 2022-08-03 14:11:51 +00:00
Bill Church
1717d42faf
chore: update bug templates 2022-08-03 14:11:50 +00:00
Bill Church
01720cd9e0
Update issue templates 2022-08-03 14:11:50 +00:00
Bill Church
b3faa1d7b5
chore: update bug report template 2022-08-03 14:11:49 +00:00
Bill Church
b1384788f5
Delete ISSUE_TEMPLATE 2022-08-03 14:11:48 +00:00
Bill Church
b238df4f49
Create ISSUE_TEMPLATE 2022-08-03 14:11:48 +00:00
Bill Church
10e59b25f9
Delete ISSUE_TEMPLATE.md 2022-08-03 14:11:47 +00:00
Bill Church
13db095885
Delete Build/Release directory 2022-08-03 14:11:46 +00:00
Bill Church
000b294999
Update README.md 2022-08-03 14:11:46 +00:00
Bill Church
e91454875b
Delete screenshots directory 2022-08-03 14:11:45 +00:00
Bill Church
942af6a91d
Delete bin directory 2022-08-03 14:11:45 +00:00
github-actions[bot]
37a3dac008
chore(main): release webssh2 0.4.7-pre-2 (#304) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-03 14:11:44 +00:00
Bill Church
cb73084dc5
chore: test release workflows 2022-08-03 14:11:43 +00:00
github-actions[bot]
0e966a64e5
chore(main): release webssh2 0.4.7-pre-1 (#303) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-03 14:11:42 +00:00
Bill Church
da86943cb6
chore: release testing 2022-08-03 14:11:42 +00:00
Bill Church
ee235e2294
chore: release testing 2022-08-03 14:11:41 +00:00
github-actions[bot]
837bb2380d
chore(main): release webssh2 0.4.7-pre-0 (#302) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-03 14:11:40 +00:00
Bill Church
5f565d3aae
chore: update workflow 2022-08-03 14:11:39 +00:00
Bill Church
dbd46f4484
chore: update workflow 2022-08-03 14:11:39 +00:00
Bill Church
d756b11b60
Test branch (#300) 
* chore: release workflow testing
 2022-08-03 14:11:38 +00:00
Bill Church
85eeee0000
chore: bootstrap releases for path: . (#298) 2022-08-03 14:11:37 +00:00
Bill Church
64e093931a
chore: update release workflow 2022-08-03 14:11:37 +00:00
Bill Church
09ca7bd838
chore: update release workflow 2022-08-03 14:11:36 +00:00
Bill Church
7d88f7068b
Update SECURITY.md 2022-08-03 14:11:36 +00:00
Bill Church
2d0fff581e
Create SECURITY.md 2022-08-03 14:11:35 +00:00
Bill Church
206d725663
Dev (#296) 
* chore: update ssh2 and development deps

* feat: take LISTEN, PORT, and other env vars #294

* chore: rebuild client files

* docs: update readme

* chore: bump version

* chore: setup gpg for dev container
 2022-08-03 14:11:34 +00:00
Bill Church
73442fe8c2
chore: update release please workflow fixes #283 2022-08-03 14:06:36 +00:00
Bill Church
6c7d242679
chore: release 0.4.7-pre-3 
Release-As: 0.4.7-pre-3
 2022-08-03 14:04:53 +00:00
Bill Church
7c41f5dca0
chore: update package(-lock).json 2022-08-03 13:56:37 +00:00
Bill Church
5b827b6acf
chore: update Dockerfile 2022-08-03 13:54:48 +00:00
Bill Church
1db557a399
chore: update .dockerignore 2022-08-03 13:54:32 +00:00
Bill Church
41259a6971
Merge branch 'main' of github.com:billchurch/webssh2 2022-08-02 18:14:20 +00:00
Bill Church
657c4bd688
chore: update workflows 2022-08-02 18:14:16 +00:00
Bill Church
3b564c6d4b
chore: update workflows 2022-08-02 18:12:30 +00:00
Bill Church
28f8f9b5b3
Update SECURITY.md 2022-08-02 12:54:02 -04:00
Bill Church
0448c231ac
chore: update bug report 2022-08-02 16:52:32 +00:00
Bill Church
639ae09fe1
chore: update bug reporting 2022-08-02 16:51:02 +00:00
Bill Church
aa07c8447a
chore: update bug reporter 2022-08-02 16:47:27 +00:00
Bill Church
b4615658dd
chore: update bug reporter 2022-08-02 16:47:23 +00:00
Bill Church
7d6fea45cc
chore: update bug templates 2022-08-02 16:45:13 +00:00
Bill Church
bb243fb00d
Update issue templates 2022-08-02 12:44:35 -04:00
Bill Church
2bb81c05b5
chore: update bug report template 2022-08-02 16:42:44 +00:00
Bill Church
ec76f95510
Delete ISSUE_TEMPLATE 2022-08-02 12:40:15 -04:00
Bill Church
80e47c2a61
Create ISSUE_TEMPLATE 2022-08-02 12:38:47 -04:00
Bill Church
a2bd4b38af
Delete ISSUE_TEMPLATE.md 2022-08-02 12:38:24 -04:00
Bill Church
8e6563fa67
Delete Build/Release directory 2022-08-02 12:27:50 -04:00
Bill Church
2aa713fe20
Update README.md 2022-08-02 12:27:27 -04:00
Bill Church
92dac9a17e
Delete screenshots directory 2022-08-02 12:24:38 -04:00
Bill Church
ca62af669e
Delete bin directory 2022-08-02 12:24:24 -04:00
github-actions[bot]
784387cbc7
chore(main): release webssh2 0.4.7-pre-2 (#304) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-02 11:43:38 -04:00
Bill Church
0d4ebf715c
chore: test release workflows 2022-08-02 15:41:45 +00:00
github-actions[bot]
a3019ad7e3
chore(main): release webssh2 0.4.7-pre-1 (#303) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-02 11:24:09 -04:00
Bill Church
14ea80d54e
chore: release testing 2022-08-02 15:22:44 +00:00
Bill Church
da8e6573f9
chore: release testing 2022-08-02 15:21:35 +00:00
github-actions[bot]
1c358fabf7
chore(main): release webssh2 0.4.7-pre-0 (#302) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2022-08-02 11:05:46 -04:00
Bill Church
09f17906cb
chore: update workflow 2022-08-02 15:04:01 +00:00
Bill Church
75d41af8d6
chore: update workflow 2022-08-02 14:59:17 +00:00
Bill Church
3db0095947
Test branch (#300) 
* chore: release workflow testing
 2022-08-02 10:57:02 -04:00
Bill Church
d43da9993e
chore: bootstrap releases for path: . (#298) 2022-08-02 09:34:43 -04:00
Bill Church
d77f885d52
chore: update release workflow 2022-08-02 13:17:37 +00:00
Bill Church
a99a0d5959
chore: update release workflow 2022-08-02 13:14:19 +00:00
Bill Church
9dd4dc8868
Update SECURITY.md 2022-08-01 15:34:08 -04:00
Bill Church
7b3da3a1e3
Create SECURITY.md 2022-08-01 15:33:21 -04:00
Bill Church
c0e67d2d57
Dev (#296) 
* chore: update ssh2 and development deps

* feat: take LISTEN, PORT, and other env vars #294

* chore: rebuild client files

* docs: update readme

* chore: bump version

* chore: setup gpg for dev container
 2022-08-01 15:27:44 -04:00
Bill Church
0bbc99a1ba chore: dotenv module 2022-08-01 14:11:54 +00:00
Bill Church
2bc9dc9382 docs: update readme 2022-08-01 13:49:48 +00:00
Bill Church
97f3088780 feat: add fontFamily, letterSpacing, lineHeight 2022-07-31 01:34:52 +00:00
Bill Church
140e1e24b1 feat: reorder viewport setup at ssh handshake #292 2022-07-30 20:49:20 +00:00
Bill Church
2289c6736b docs: update docs 2022-07-30 20:45:57 +00:00
Bill Church
1965a7460d chore: version bump 2022-07-30 20:14:12 +00:00
Bill Church
5e78812974 feat: add fontSize option #292 2022-07-30 20:13:36 +00:00
Bill Church
6fa65a3f85 chore: updare workflows 2022-07-30 19:38:36 +00:00
Bill Church
2c2e454c08 chore: update workflows 2022-07-30 19:37:39 +00:00
Bill Church
2d77dae40e chore: workflow update 2022-07-30 19:34:14 +00:00
Bill Church
a8457e96bf chore: update workflow 2022-07-30 19:32:31 +00:00
Bill Church
60929d53c2 chore: debug workflow 2022-07-30 19:06:39 +00:00
Bill Church
4d24a79d7d chore: debug workflow 2022-07-30 19:05:25 +00:00
Bill Church
f8c6eda108 Merge branch 'main' of github.com:billchurch/webssh2 2022-07-30 18:58:53 +00:00
Bill Church
19a60abc11 update workflow 2022-07-30 18:58:26 +00:00
Bill Church
7d12e1009c
Update README.md 2022-07-30 14:53:21 -04:00
Bill Church
8b451a344b chore: update workflow 2022-07-30 18:45:02 +00:00
Bill Church
dcfd7d671a chore: pkg maint 2022-07-30 18:23:35 +00:00
Bill Church
48d1f6ccca chore: ci stuff 2022-07-30 18:19:20 +00:00
Bill Church
420332da8d chore: update docker workflow 2022-07-30 16:13:59 +00:00
Bill Church
3c1bba597d chore: update dev environment 2022-07-30 16:11:23 +00:00
Bill Church
897c161c88
Update README.md 2022-07-30 12:06:38 -04:00
Bill Church
29c3bb82ea chore: update workflow 2022-07-30 11:40:44 -04:00
Bill Church
d7a245d974 chore: update workflow 2022-07-30 11:39:46 -04:00
Bill Church
8c8ca7da4a chore: bump version 0.4.7-alpha-1 2022-07-30 11:19:24 -04:00
Bill Church
ec809d829a chore: workflow testing 2022-07-30 11:07:04 -04:00
Bill Church
6d5540bf77 chore: test workflow 2022-07-30 11:03:18 -04:00
Bill Church
71a272c526 chore: worklfow testing 2022-07-30 11:01:23 -04:00
Bill Church
3b0cb975ef chore: update docker build workflow 2022-07-30 10:55:19 -04:00
Bill Church
f041c779e9 fix: docker multiplatform build on push fixes #293 2022-07-30 10:52:56 -04:00
Bill Church
d1f945b09e chore: workflow testing 2022-07-30 10:34:51 -04:00
Bill Church
b90499ca5d chore: workflow testing 2022-07-30 10:31:18 -04:00
Bill Church
363aa4e2df test: workflow testing [CI Skip] 2022-07-30 10:22:51 -04:00
Bill Church
58a0412091
test: workflow 2022-07-29 16:06:35 -04:00
Bill Church
9ff17b87ba
test: workflow 2022-07-29 16:04:53 -04:00
Bill Church
b2c6c555d7
test: workflow 2022-07-29 16:01:33 -04:00
Bill Church
1706c44e3b
test: workflow 2022-07-29 15:58:55 -04:00
Bill Church
f2e1beba96
test: workflow 2022-07-29 15:43:41 -04:00
Bill Church
e4697f4e5c
test: workflow 2022-07-29 15:42:59 -04:00
Bill Church
1c4793b202
test: workflow 2022-07-29 12:46:36 -04:00
Bill Church
673435c624
test: workflow 2022-07-29 12:37:03 -04:00
Bill Church
f87607465b
test: workflow 2022-07-29 09:49:27 -04:00
Bill Church
464d56e1ab
test: workflow 2022-07-29 09:48:59 -04:00
Bill Church
be279047e9
test: workflow 2022-07-29 09:46:51 -04:00
Bill Church
fe80e6a97e
test: workflow 2022-07-29 09:46:04 -04:00
Bill Church
7209bb9324
test: workflow testing 2022-07-29 09:39:16 -04:00
Bill Church
3fae0951ff
test: workflow test 2022-07-29 09:37:34 -04:00
Bill Church
2deb5d9cde
test: rename test workflow 2022-07-29 09:35:57 -04:00
Bill Church
e6b48dff7e
test: workflow testing 2022-07-29 09:34:26 -04:00
Bill Church
1edfd5e748
chore: testing 2022-07-29 09:06:54 -04:00
Bill Church
63f36432cb
chore: update workflow 2022-07-29 08:50:40 -04:00
Bill Church
9b3371bbb9
chore: update workflow 2022-07-29 08:48:01 -04:00
Bill Church
3dc6fc491b
chore: update dockerbuild 2022-07-29 08:45:40 -04:00
Bill Church
a41a971300
chore: update muiltiplatform with correct branch name 2022-07-29 08:35:49 -04:00
Bill Church
6e3a340e23
chore: add multiplatform support to docker builds 2022-07-29 08:29:42 -04:00
dependabot[bot]
28b295dc86
build(deps): bump terser from 5.7.1 to 5.14.2 in /app (#291) 2022-07-20 06:28:29 -04:00
Bill Church
b189dbe9d5 chore: docker main tag 2022-07-08 16:51:30 -04:00
Bill Church
7ba5143133 chore: rename workflows 2022-07-08 16:19:29 -04:00
Bill Church
c19fb9397c chore: push docker image on new tag #287 2022-07-08 16:14:02 -04:00
Bill Church
4f3e806708 chore: docker-image workflow for #287 2022-07-08 16:08:46 -04:00
Bill Church
a06b50dd2a
Create docker-image.yml 2022-07-08 15:51:56 -04:00
Bill Church
dc089a8f41 chore: update dockerfile node 16 alpine 2022-07-08 15:40:59 -04:00
Bill Church
05e69507ac BREAKING CHANGE: remove internet explorer compat 2022-07-08 15:30:53 -04:00
Bill Church
6ef27725d3 chore: formatting 2022-07-08 15:26:43 -04:00
Bill Church
841dbee74c chore: light code cleanup 2022-07-08 14:29:52 -04:00
Bill Church
cc7c6b4210 chore: remove unused module 2022-07-07 18:36:57 -04:00
Bill Church
46c1560e3c feat: add additional params for POST requests #290 2022-07-07 18:34:55 -04:00
Bill Church
0a4e419fb3 feat: add additional vars to POST requests #290 2022-07-07 18:34:17 -04:00
Bill Church
5b8f88cfef feat: credentials over http post for #290 2022-07-07 11:21:49 -04:00
zhangchao
40cbb35616
fix: Fix the parameter passing problem of setDefaultCredentials to make it perform data initialization normally (#288) 
Co-authored-by: wooc <wooc@hwj-robots.com>
 2022-07-05 11:24:39 -04:00
Bill Church
e75392b879 refactor: light refactoring 2022-05-20 15:12:01 -04:00
Bill Church
0dcaa6e150 feat!: validate referer to /reauth is valid 2022-05-20 15:05:29 -04:00
Bill Church
e0742db22f refactor: clean up shutdown and move sockets 2022-05-19 16:17:56 -04:00
Bill Church
3f22c8b8e0 refactor: move some functions out of app.js 2022-05-19 12:10:41 -04:00
Bill Church
9dfa8031c0 refactor: cleanup basic auth code 2022-05-19 10:13:26 -04:00
Bill Church
78dafebb2b package: remove colors module 2022-05-19 09:05:18 -04:00
Bill Church
8aebdc54a5 chore: rebuild client 2022-05-18 22:39:13 -04:00
Bill Church
09e2f9bc39 package: bump socket.io@4.5.1, express@4.18.1 2022-05-18 22:37:39 -04:00
Bill Church
84c09ec8a1 package!: bump xterm to 4.18.0 2022-05-18 22:32:59 -04:00
Bill Church
57af568586 refactor: remove unneccessary variable assignment 2022-05-18 22:13:19 -04:00
Bill Church
50cfcb9778 feat!: consistent logging messages see #286 2022-05-18 21:50:33 -04:00
Bill Church
9fa6c50d76 chore: jsconfig file 2022-05-18 21:46:25 -04:00
Bill Church
53a601cadc package: bump debug to v 4.3.4 2022-05-18 15:58:17 -04:00
Bill Church
8d93ffab91 package: bump ssh2 to v1.10.0 2022-05-18 12:22:06 -04:00
Bill Church
7c9e00cdfe refactor: add debug for client socket.emit events 2022-05-17 15:48:53 -04:00
Bill Church
9c99b0940e
feat!: config system changes #284 (#285) 2022-05-17 15:24:32 -04:00
BIll Church
ef40aa0266 docs: correct paths for BUILDING.md 2022-05-17 10:39:08 -04:00
BIll Church
5e48d42e61 docs: update readme 2022-05-17 10:37:45 -04:00
BIll Church
e6864f595b docs: update README.md 2022-05-17 10:34:51 -04:00
Bill Church
1e2e73e617
Update README.md 2022-05-17 09:55:03 -04:00
Bill Church
dd2f8217be
Update README.md 2022-05-17 09:54:01 -04:00
Bill Church
486e5dae0c refactor: socket.js 2022-05-13 10:13:14 -04:00
Bill Church
3438c93a14 refactor: socket.js 2022-05-11 14:25:17 -04:00
Bill Church
5cc1a6f072 refactor: remove comments from client index.ts 2022-05-11 13:25:05 -04:00
Bill Church
6b1066975a refactor: socket.js 2022-05-11 11:41:09 -04:00
Bill Church
0787aa695c refactor: socket.js 2022-05-11 10:44:37 -04:00
Bill Church
522278fa4e refactor: app.js 2022-05-11 10:44:07 -04:00
Bill Church
d835d919f3 refactor: client files 2022-05-11 10:36:47 -04:00
Bill Church
ffab5345dc fix: invalid css in style.css 2022-05-11 10:00:56 -04:00
Bill Church
f457a4a520 chore: update changelog 2022-04-17 10:57:43 -04:00
Bill Church
cf4d8c3847 chore(release): 0.4.6 2022-04-17 10:52:59 -04:00
Bill Church
3e82c0dc4d fix: update read-config-ng to 3.0.5, fixes #277 2022-04-17 10:51:22 -04:00
Bill Church
4434f7db48 Merge branch 'main' of github.com:billchurch/webssh2 into main 2022-03-31 08:52:53 -04:00
Bill Church
a6c77f2cdf chore(release): 0.4.5 2022-03-31 08:52:49 -04:00
Bill Church
bd0e1f2ec0 chore(release): 0.4.5 2022-03-31 08:51:47 -04:00
Bill Church
5f6d4e9e3b chore: update socket.io and read-config-ng 2022-03-31 08:24:27 -04:00
Bill Church
55b6dc43de chore: remove warning from ts about IE stuff 2021-12-09 10:16:11 -05:00
Bill Church
d903da87c4 fix: deprecated term.setOption 2021-12-09 09:59:18 -05:00
Bill Church
c801ef9e58 fix: update xterm.js fixes #261 2021-12-09 09:48:22 -05:00
Bill Church
96c7713267 chore: update dev deps 2021-12-09 09:42:04 -05:00
Bill Church
de5dc82dff chore: update docs 2021-12-09 09:29:53 -05:00
Bill Church
d31f536959 bump version 0.4.4 2021-12-09 09:25:54 -05:00
Bill Church
a32f6f2578 chore: prep for 0.4.4 release 2021-12-09 09:23:37 -05:00
Bill Church
bbe82ceb7e chore: prep for 0.4.4 release 2021-12-09 09:23:18 -05:00
Fabien Benetou
2528a54360
docs: docker run billchurch/webssh2 for direct testing (#269) 
In addition to local docker run webssh2 pulling from billchurch/webssh2 allows testing (or even running) without clone the repo.
 2021-12-09 09:20:53 -05:00
Samuel Weibel
8a68ccaffa
fix: dockerignore (#272) 
it wasn't properly ignoring the node_modules and thus the produced image was quite big.
 2021-12-09 09:08:35 -05:00
Bill Church
ae8516db9f chore: bump version 0.4.3 2021-10-19 10:16:24 -04:00
Bill Church
23acab325b docs: update changelog 2021-10-19 10:15:39 -04:00
Bill Church
5ea8813fba Merge branch 'dependabot/npm_and_yarn/app/ssh2-1.4.0' into main 2021-10-19 10:11:37 -04:00
Bill Church
4bc00d4120 Merge branch 'main' into dependabot/npm_and_yarn/app/ssh2-1.4.0 2021-10-19 10:11:13 -04:00
Bill Church
12eba20917
docs: update docs for ssh.term and sshterm options (#265) 2021-10-19 10:07:03 -04:00
dependabot[bot]
2e1d844853
build(deps): bump ssh2 from 0.8.9 to 1.4.0 in /app 
Bumps [ssh2](https://github.com/mscdex/ssh2) from 0.8.9 to 1.4.0.
- [Release notes](https://github.com/mscdex/ssh2/releases)
- [Commits](https://github.com/mscdex/ssh2/compare/v0.8.9...v1.4.0)

---
updated-dependencies:
- dependency-name: ssh2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-21 17:03:35 +00:00
Bill Church
f3d5358c90
update readme [skip ci] 2021-08-13 10:33:19 -04:00
Bill Church
8e167741d8
update readme [skip ci] 2021-08-13 10:31:44 -04:00
Bill Church
b3c45c1bf1
update readme [skip ci] 2021-08-13 10:30:19 -04:00
Bill Church
faeb7dc646
update readme [skip ci] 2021-08-13 10:26:15 -04:00
Bill Church
c57b99788d
0.4.2 release (#260) 
* chore: update dependencies and bump version

* chore: update dev dependency snyk
 2021-08-13 10:23:15 -04:00
Bill Church
8c4702972c docs: update changelog 2021-08-05 18:38:28 -04:00
Bill Church
5254baf8fb update docs 2021-08-05 22:31:21 +00:00
Bill Church
f187cf8e0d chore: update bundle after dev dep updates 2021-07-03 15:16:45 +00:00
Bill Church
7b52350f2d chore: resolutions for trim-newlines to 3.0.1 2021-07-03 14:56:46 +00:00
Bill Church
a75f6d73a5
Dev 4 (#256) 
* Update config.json.sample (#253)

* Update package.json

* Update CI tools (#248)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* update dev tools (#249)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* build tools update

* chore: udpate dev tools

* Update config.json.sample

fix: lost comma in config.json.sample

Co-authored-by: Bill Church <billchurch@users.noreply.github.com>

* build(deps): bump ws from 7.4.5 to 7.4.6 in /app (#251)

* Update package.json

* Update CI tools (#248)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* update dev tools (#249)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* build tools update

* chore: udpate dev tools

* build(deps): bump ws from 7.4.5 to 7.4.6 in /app

Bumps [ws](https://github.com/websockets/ws) from 7.4.5 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.5...7.4.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Bill Church <billchurch@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update config.json.sample (#253)

* Update package.json

* Update CI tools (#248)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* update dev tools (#249)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* build tools update

* chore: udpate dev tools

* Update config.json.sample

fix: lost comma in config.json.sample

Co-authored-by: Bill Church <billchurch@users.noreply.github.com>

* build(deps): bump ws from 7.4.5 to 7.4.6 in /app (#251)

* Update package.json

* Update CI tools (#248)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* update dev tools (#249)

* chore: ci tools updates

* ci tools updates

* chore: update ci

* build tools update

* chore: udpate dev tools

* build(deps): bump ws from 7.4.5 to 7.4.6 in /app

Bumps [ws](https://github.com/websockets/ws) from 7.4.5 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.5...7.4.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Bill Church <billchurch@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: James Yang <26634873@qq.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-03 10:33:16 -04:00
dependabot[bot]
eb24faf742
build(deps): bump ws from 7.4.5 to 7.4.6 in /app (#255) 
Bumps [ws](https://github.com/websockets/ws) from 7.4.5 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.5...7.4.6)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-03 10:21:54 -04:00
dependabot[bot]
d8652b4845
build(deps): bump normalize-url from 4.5.0 to 4.5.1 in /app (#252) 
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-03 10:17:25 -04:00
Bill Church
3fd941a9ee
update dev tools (#249) 
* chore: ci tools updates

* ci tools updates

* chore: update ci

* build tools update

* chore: udpate dev tools
 2021-05-19 12:23:03 -04:00
Bill Church
dbdac0ddd1
Update CI tools (#248) 
* chore: ci tools updates

* ci tools updates

* chore: update ci
 2021-05-19 12:13:37 -04:00
Bill Church
89ff3187b5
Update package.json 2021-05-19 11:10:20 -04:00
Bill Church
95f0c3f240 Merge branch 'master' of github.com:billchurch/webssh2 2021-05-19 14:58:52 +00:00
Bill Church
0ba29ad458 chore: update version 0.4.0 2021-05-19 14:58:42 +00:00
Bill Church
583a756c50
Delete build_only.yml 2021-05-19 10:31:12 -04:00
Bill Church
8b198500b0
Delete build_publish.yml 2021-05-19 10:30:58 -04:00
Bill Church
6bc9ffe2ed
0.4.0 Release (#246) 
* feat: upgrade to socket.io 4.1.1 #242

* chore: lint ./app/client/src/js/index.js #242

* chore: eslint disable global Blob warning #242

* chore: lint ./app/index.js #242

* chore: lint ./app/server/app.js #242

* chore: setup eslint and airbnb rules disable standard #242

* Delete package-lock-old.json

* chore: lint ./app/index.js #242

* feat: implement alpine docker image from #213

* chore: lint ./app/server/app.js still TODO for stop function #242

* chore: lint ./app/server/util.js #242

* chore: lint ./app/server/app.js reorg socket and safe shutdown

* chore: grammar / spelling

* chore: fix some misplaced next returns in some Express routes #242

* chore: lint ./app/server/socket.js #242

* chore: bump version in ./app/package.json #242

* docs: update docs for 0.4.0 #242

* chore: update package-lock.json

* chore: install Prettier code linter #242

* chore: linting for Prettier #242

* chore: lint ./app/client/src/js/index.js #242

* chore: client linting #242

* Update package-lock.json

* chore: repackage wbssh2 bundle for testing #242

* chore: convert ./app/client/src/js/index.js to typescript #242

* chore: remove html rendering from node

* Update tsconfig.json

* Update tsconfig.json

* Delete index.js

* Update ChangeLog.md

* chore: config for development container #242

* Update BUILDING.md

* feat: pull in #234 staged for 0.4.0 #242

* docs: update changelog

* update package.json

* chore: split config from app/server/app.js #242

* chore: version bump

* chore: consistency

* feat: overridebasic fixes #243 included for #242

* chore: remove serverlog code

* docs: update changelog
 2021-05-19 10:22:29 -04:00
Bill Church
379335b9e7 docs: spelling 2021-05-13 05:59:01 -04:00
Bill Church
8af11efa1a chore: release 3.1 2021-05-13 05:54:50 -04:00
Bill Church
ddc2ff8467
docs: update readme 2021-05-13 05:31:45 -04:00
Bill Church
7b2086b668
docs: create building doc 2021-05-13 05:30:13 -04:00
Bill Church
7f056fe355 docs: update changelog 2021-05-12 08:53:29 -04:00
Bill Church
83b59b41a4 docs: update changelog 2021-05-12 08:52:51 -04:00
Bill Church
c6a8db3536 docs: update changelog 2021-05-11 15:35:34 -04:00
Bill Church
26803d60f9 chore: linting 2021-05-11 15:34:01 -04:00
Bill Church
09c375c590 docs: update changelog 2021-05-11 15:33:44 -04:00
Bill Church
b324f338ad feat: CORS support 
Support setting origins for socket.io, fixes #240
 2021-05-11 14:55:38 -04:00
Bill Church
043c03e2d0 docs: update changelog 2021-05-11 12:39:16 -04:00
dependabot[bot]
e3550d738a
build(deps): bump ssri from 6.0.1 to 6.0.2 in /app (#233) 
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:03:41 -04:00
dependabot[bot]
2eab129bc1
build(deps): bump hosted-git-info from 2.8.5 to 2.8.9 in /app (#237) 
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:03:32 -04:00
dependabot[bot]
411c9f257e
build(deps): bump lodash from 4.17.19 to 4.17.21 in /app (#236) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:03:22 -04:00
dependabot[bot]
78d7879610
build(deps): bump handlebars from 4.7.6 to 4.7.7 in /app (#235) 
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.7.6 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:03:11 -04:00
dependabot[bot]
32023d7e4f
build(deps): bump y18n from 4.0.0 to 4.0.1 in /app (#230) 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:02:57 -04:00
dependabot[bot]
ac599787a6
build(deps): bump elliptic from 6.5.3 to 6.5.4 in /app (#228) 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:02:46 -04:00
dependabot[bot]
d49982df1c
build(deps): bump ini from 1.3.5 to 1.3.8 in /app (#217) 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-11 12:01:55 -04:00
Bill Church
dcfd81b454
fix: fixes default for allowreauth (#239) 
fixes #238
 2021-05-11 11:58:47 -04:00
Bill Church
7b7e8e7533 fix: obey host ssh.host in config fixes #190 2020-09-17 07:55:52 -04:00
Matteo Pietro Dazzi
8598183b2f
Use docker build to create multi-arch images (#202) 
* Buildx docker image

* Doker hub user on image name

* Change destination platforms

Co-authored-by: Matteo Pietro Dazzi <matteopietro.dazzi@gft.com>
 2020-09-17 06:39:30 -04:00
Chia-Chi Hsu
d0a19774c2
Update README.md (#207) 
Add new lines after <ignorestart> and <ignoreend>.
 2020-09-17 06:38:10 -04:00
dependabot[bot]
9c5ab09c7c
build(deps): bump elliptic from 6.5.2 to 6.5.3 in /app (#205) 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-07-30 12:32:41 -04:00
dependabot[bot]
4b981c7dbf
build(deps): bump lodash from 4.17.15 to 4.17.19 in /app (#204) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-07-30 12:30:03 -04:00
dependabot[bot]
6564f532cf
build(deps-dev): bump standard-version from 7.1.0 to 8.0.1 in /app (#203) 
Bumps [standard-version](https://github.com/conventional-changelog/standard-version) from 7.1.0 to 8.0.1.
- [Release notes](https://github.com/conventional-changelog/standard-version/releases)
- [Changelog](https://github.com/conventional-changelog/standard-version/blob/master/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/standard-version/compare/v7.1.0...v8.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-07-30 12:29:40 -04:00
CChemin
fc2b7d4625
fix missing value for verify in the config.json sample (#192) 2020-03-30 23:59:42 -04:00
Bill Church
ed793aaba3 docs: update changelog 2020-03-19 10:38:45 -04:00
Bill Church
5cdc9d0978 chore: update config.json.sample 2020-03-19 10:37:00 -04:00
Bill Church
5fd290ea0a chore: bump pre-release version 2020-03-19 10:33:00 -04:00
Bill Church
c1d3a42d22 Merge branch 'edgarogh-safe-shutdown' 2020-03-19 10:31:58 -04:00
Bill Church
04503e5d8f chore: add .dockerignore 2020-03-19 10:30:19 -04:00
Bill Church
675b4f5a3a feat: add SIGTERM to safe shutdown feature 2020-03-19 10:30:06 -04:00
Bill Church
6a3a47a13d fix: missing ENTRYPOINT for Dockerfile 2020-03-19 10:29:40 -04:00
Edgar Onghena
2934c66bf4 Add safeShutdownDuration config info to README.md 2020-03-18 19:50:11 +01:00
Edgar Onghena
61672c3f1e Add shutdown middleware to prevent requests 2020-03-18 19:35:52 +01:00
Edgar Onghena
61f19ae3ce Make "safeShutdownDuration" configurable 
Defaults to 300s = 5min
 2020-03-18 19:25:48 +01:00
Edgar Onghena
eb7d91ffbc Add safe shudown 
- SIGINT is intercepted and force-quits the 2nd time
 - Live countdown on Web UI
 - Countdown ignored if all clients disconnect
 - Clean exit function
 2020-03-18 19:01:53 +01:00
Bill Church
7a89d45e48 chore: 3.0 release 2020-03-15 14:07:58 -04:00
Bill Church
58c3601af0
Module updates (#185) 
* chore: removed compression option code, standardjs

* chore: update packages

* chore: update favicon.ico location

* chore: standardjs run

* chore: update changelog
 2020-03-14 13:18:20 -04:00
Bill Church
fcfa6874cd chore: update readme 2020-03-14 11:49:25 -04:00
Bill Church
546ac911c9 Merge branch 'pathchanges' 2020-03-14 11:25:33 -04:00
Bill Church
4686d1d6f2 Merge branch 'master' into pathchanges 2020-03-14 11:24:56 -04:00
Bill Church
5e76bb527e chore: update changelog 2020-03-14 11:19:42 -04:00
Bill Church
2db504467c chore: pull changes from master 2020-03-14 11:10:29 -04:00
Bill Church
ec9870e2a6 chore: remove old ilx build scripts 2020-03-14 11:10:04 -04:00
Bill Church
d61aec3862 chore: pull changelog and readme from master 2020-03-14 11:08:28 -04:00
Bill Church
152ac1e898 chore: update to read-config-ng 2020-03-14 09:48:02 -04:00
Bill Church
506918dc68 config.json fix from #177 2020-03-14 09:47:38 -04:00
Bill Church
2bc5c030e3 chore: move read-config to read-config-ng 2020-03-14 09:27:40 -04:00
Bill Church
dd33a8b6b0 chore: move root path for all resources under /ssh 2020-03-14 09:06:10 -04:00
Chia-Chi Hsu
42f973b479 Fix: update config.json.sample (#177) 2020-01-17 04:43:25 -08:00
Bill Church
2289036605 chore: update validator to 12.1 for better IPv6 support 2019-11-23 09:21:36 -05:00
Bill Church
d79e050b87 Update ChangeLog.md 2019-11-23 09:03:01 -05:00
Bill Church
e796f9fb58 fix: subnet unauthorized now emits "ssherror" which persists across websocket termination 2019-11-23 09:00:28 -05:00
Bill Church
16a27ce62a
Pr/163 (#164) 
* Add configuration option to restrict connections to specified subnets

Signed-off-by: Matt Oswalt <matt@keepingitclassless.net>

* Remove accidentally included message

Signed-off-by: Matt Oswalt <matt@keepingitclassless.net>

* Move to cidr-matcher

Signed-off-by: Matt Oswalt <matt@keepingitclassless.net>

* feat: Add configuration option to restrict connections to specified subnets
 2019-11-23 08:45:59 -05:00
Bill Church
9a96637cb4
Username get (#162) 
* feat(auth): ssh private key auth implemented via config.json

If config.json is present and user.privatekey has an ssh-rsa private key defined as well as a user.name, the SSH server will staticlly authenticate to whatever host is specified on the URL with those credentials.

The ssh-rsa private key must have is line returns replaced with the litaral \n

Example: "-----BEGIN RSA PRIVATE KEY-----\nblahblahblah\n"

* docs:update README.com
 2019-11-15 17:34:13 -05:00
Bill Church
342df8eb9c
feat(auth): ssh private key auth implemented via config.json (#161) 
If config.json is present and user.privatekey has an ssh-rsa private key defined as well as a user.name, the SSH server will staticlly authenticate to whatever host is specified on the URL with those credentials.

The ssh-rsa private key must have is line returns replaced with the litaral \n

Example: "-----BEGIN RSA PRIVATE KEY-----\nblahblahblah\n"
 2019-11-15 17:22:53 -05:00
Bill Church
65d6ec6845
feat(config): specify local source address and port for client connections fixes #152 (#158) 2019-11-15 15:55:54 -05:00
Bill Church
ca20321625
update build environment (#157) 
* Accept default username/password overrides from config. Clarified supplying custom config. (#146)

* feat(auth): username and password may now be sourced from config.json fixes #104

* style:remove test changelog

* build:remove uglify from build process and reaplce with terser

* style:format changelog
 2019-11-15 13:01:51 -05:00
Bill Church
212df80fb6
User pass (#156) 
* Accept default username/password overrides from config. Clarified supplying custom config. (#146)

* feat(auth): username and password may now be sourced from config.json fixes #104
 2019-11-15 12:58:50 -05:00
Bill Church
eebc32b2c9 Merge branch 'package-updates' 
build: fix stuff
 2019-11-15 11:21:03 -05:00
Bill Church
b8318d2238 build: Add standard-version to build process 2019-11-15 11:20:12 -05:00
Bill Church
9f3c661bdc chore(release): 0.2.10-0 2019-11-15 11:06:09 -05:00
Bill Church
9355ad7b5c
Updated packages: (#153) 
Updated packages:

    "colors": "~1.4.0",
    "compression": "~1.7.4",
    "debug": "^4.1.1",
    "express": "~4.17.1",
    "express-session": "~1.17.0",
    "socket.io": "2.2.0",
    "ssh2": "~0.8.6",
    "terser-webpack-plugin": "^2.2.1",
    "validator": "~12.0.0",
    "xterm-addon-fit": "^0.3.0",
    "xterm-addon-search": "^0.3.0",
    "xterm-addon-web-links": "^0.2.1"
    "@fortawesome/fontawesome-svg-core": "^1.2.25",
    "@fortawesome/free-solid-svg-icons": "^5.11.2",
    "clean-webpack-plugin": "^3.0.0",
    "copy-webpack-plugin": "^5.0.5",
    "cross-env": "^6.0.3",
    "css-loader": "^3.2.0",
    "file-loader": "^4.2.0",
    "postcss-discard-comments": "^4.0.2",
    "standard": "^14.3.1",
    "style-loader": "^1.0.0",
    "url-loader": "^2.2.0",
    "webpack": "^4.41.2",
    "webpack-cli": "^3.3.10",
    "webpack-merge": "^4.2.2",
    "xterm": "^4.2.0"
 2019-11-15 10:50:40 -05:00
Bill Church
93303ad132 Updated packages: 
Updated packages:

    "colors": "~1.4.0",
    "compression": "~1.7.4",
    "debug": "^4.1.1",
    "express": "~4.17.1",
    "express-session": "~1.17.0",
    "socket.io": "2.2.0",
    "ssh2": "~0.8.6",
    "terser-webpack-plugin": "^2.2.1",
    "validator": "~12.0.0",
    "xterm-addon-fit": "^0.3.0",
    "xterm-addon-search": "^0.3.0",
    "xterm-addon-web-links": "^0.2.1"
    "@fortawesome/fontawesome-svg-core": "^1.2.25",
    "@fortawesome/free-solid-svg-icons": "^5.11.2",
    "clean-webpack-plugin": "^3.0.0",
    "copy-webpack-plugin": "^5.0.5",
    "cross-env": "^6.0.3",
    "css-loader": "^3.2.0",
    "file-loader": "^4.2.0",
    "postcss-discard-comments": "^4.0.2",
    "standard": "^14.3.1",
    "style-loader": "^1.0.0",
    "url-loader": "^2.2.0",
    "webpack": "^4.41.2",
    "webpack-cli": "^3.3.10",
    "webpack-merge": "^4.2.2",
    "xterm": "^4.2.0"
 2019-11-15 10:50:15 -05:00
106 changed files with 14627 additions and 13803 deletions
Show stats Expand all files Collapse all files

2
.csslintrc Normal file
View file

@ -0,0 +1,2 @@
--exclude-exts=.min.css
--ignore=adjoining-classes,box-model,ids,order-alphabetical,unqualified-attributes

72
.devcontainer/devcontainer.json
View file

@ -1,39 +1,37 @@
{
"name": "Debian Bullseye Node.js DevContainer",
"image": "mcr.microsoft.com/vscode/devcontainers/base:bullseye",
"features": {
"ghcr.io/devcontainers/features/node:1": {
"version": "6.9.1"
},
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
},
// mount the ssh public identity file for the this project
// I limit to just what I need and not the whole ~/.ssh folder
"mounts": [
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh/personal_id_rsa.pub,target=/home/vscode/.hostssh/id_rsa.pub,readonly,type=bind,consistency=cached"
],
"name": "Node.js & TypeScript",
"image": "mcr.microsoft.com/devcontainers/base:jammy",
"customizations": {
"vscode": {
"extensions": [
"bierner.markdown-mermaid",
"dbaeumer.vscode-eslint",
"esbenp.prettier-vscode",
"GitHub.copilot-chat",
"GitHub.copilot",
"mohsen1.prettify-json",
"mechatroner.rainbow-csv",
"ms-vscode-remote.remote-containers",
"oderwat.indent-rainbow",
"rvest.vs-code-prettier-eslint",
"stylelint.vscode-stylelint",
"vivaxy.vscode-conventional-commits"
]
},
"settings": {
"terminal.integrated.defaultProfile.linux": "bash"
}
},
"postCreateCommand": "/bin/bash ./.devcontainer/scripts/tools.sh >> ~/post-create-tools.log",
"remoteUser": "vscode"
}
"mounts": [
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh/personal_id_rsa.pub,target=/home/vscode/.hostssh/id_rsa.pub,readonly,type=bind,consistency=cached"
],
"features": {
"ghcr.io/devcontainers-contrib/features/node-asdf:0": {},
},
// Configure tool-specific properties.
"customizations": {
// Configure properties specific to VS Code.
"vscode": {
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-vscode-remote.remote-containers",
"dbaeumer.vscode-eslint",
"GitHub.copilot",
"GitHub.copilot-chat",
"esbenp.prettier-vscode",
"rvest.vs-code-prettier-eslint",
"bierner.markdown-mermaid",
"stylelint.vscode-stylelint"
]
}
},
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Use 'postCreateCommand' to run commands after the container is created.
"postCreateCommand": "/bin/bash ./.devcontainer/scripts/tools.sh >> ~/post-create-tools.log",
// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

33
.devcontainer/scripts/tools.sh
View file

@ -9,35 +9,4 @@ Host github.com
IdentityFile ~/.hostssh/id_rsa.pub
EOF
sudo chown -R vscode:vscode ~/.ssh && \
sudo chmod 600 ~/.ssh/config && \
sudo chmod 600 ~/.ssh/known_hosts
git config --global --add safe.directory ${PWD}
# Get the signing key from git config
signing_key=$(git config --get user.signingkey)
if [ -z "$signing_key" ]; then
echo "No signing key found in git config."
exit 1
fi
# Get the user email from git config
user_email=$(git config --get user.email)
if [ -z "$user_email" ]; then
echo "No user email found in git config."
exit 1
fi
# Create the ~/.ssh directory if it doesn't exist
mkdir -p ~/.ssh
# Write the signing key and email to the allowed_signers file
echo "$user_email $signing_key" > ~/.ssh/allowed_signers
# Set the correct permissions for the allowed_signers file
chmod 644 ~/.ssh/allowed_signers
echo "allowed_signers file created successfully."
npm install
sudo chown -R vscode:vscode ~/.ssh

9
.dockerignore Normal file
View file

@ -0,0 +1,9 @@
.git
.cache
app/node_modules
app/client/src
app/scripts
app/.*
app/*.sample
app/client/tsconfig.json
app/CHANGELOG.md

1
.eslintignore
View file

@ -1 +0,0 @@
**/*{.,-}min.js

28
.eslintrc.yaml
View file

@ -1,28 +0,0 @@
extends:
- airbnb-base
- prettier
- plugin:node/recommended
- plugin:jest/recommended
plugins:
- prettier
- jest
env:
jest/globals: true
rules:
prettier/prettier: error
no-unused-vars: warn
no-console: off
func-names: off
no-process-exit: off
object-shorthand: off
class-methods-use-this: off
semi: [2, never]
overrides:
- files:
- "**/*.test.js"
env:
jest: true

75
.github/ISSUE_TEMPLATE/bug_report.yml vendored Normal file
View file

@ -0,0 +1,75 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: ["bug", "triage"]
assignees:
- billchurch
body:
- type: markdown
attributes:
value: |
Depending on the type of issue, please include the follwing information:
- type: textarea
id: what-happened
attributes:
label: What happened?
description: Also tell us, what did you expect to happen?
placeholder: Tell us what you see!
value: "A bug happened!"
validations:
required: true
- type: input
id: node_ver
attributes:
label: Node Version
description: version of Node this problem occurs on
placeholder: npm -v
validations:
required: true
- type: input
id: npm_ver
attributes:
label: NPM Version
description: version of NPM this problem occurs on
placeholder: npm -v
validations:
required: true
- type: input
id: server_ver
attributes:
label: Server OS Version
description: Server OS Version / Distribution / Processor Architecture
placeholder: uname -a;cat /etc/os-release
validations:
required: true
- type: input
id: webssh2_ver
attributes:
label: WebSSH2 release version
description: Version of WebSSH you are using
placeholder: grep version app/package.json
validations:
required: true
- type: input
id: sshhost_ver
attributes:
label: OS and Version of SSH server
description: OS and Version of SSH server connecting to
placeholder: 'on target server run: uname -a;sshd -v'
validations:
required: false
- type: input
id: browser_ver
attributes:
label: Browser Version
description: Information from brwoser's About... or a screenshot of the about screen.
placeholder:
validations:
required: false
- type: textarea
id: logs
attributes:
label: Relevant log output
description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
render: shell

10
.github/ISSUE_TEMPLATE/custom.md vendored Normal file
View file

@ -0,0 +1,10 @@
---
name: Question
about: General how-to questions
title: ''
labels: ''
assignees: ''
---

20
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View file

@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

65
.github/workflows/action-test.yml vendored Normal file
View file

@ -0,0 +1,65 @@
name: Manually Release Previous Tag
on:
workflow_dispatch:
inputs:
tag:
description: 'Repo Branch/Tag'
default: 'main'
type: 'string'
required: true
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v3
with:
ref: ${{ inputs.tag }}
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
VERSION=${{ inputs.tag }}
VERSION="${VERSION//v}"
TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}"
# If the VERSION looks like a version number, assume that
# this is the most recent version of the image and also
# tag it 'latest'.
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${DOCKER_IMAGE}"
fi
# Set output parameters.
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}

2
.github/workflows/docker-multiplatform-tag.yml vendored
View file

@ -66,4 +66,4 @@ jobs:
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}
tags: ${{ steps.prep.outputs.tags }}

67
.github/workflows/docker-multiplatform.yml vendored Normal file
View file

@ -0,0 +1,67 @@
---
name: 'Build Docker Images'
on:
release:
types: [published]
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v3
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
# If this is git tag, use the tag name as a docker tag
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/webssh2-v}
TAGS="${DOCKER_IMAGE}:${VERSION}"
fi
# If this is git branch, use the branch name as a docker tag
if [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=${GITHUB_REF#refs/heads/}
TAGS="${DOCKER_IMAGE}:${VERSION}"
fi
# If the VERSION looks like a version number, assume that
# this is the most recent version of the image and also
# tag it 'latest'. This is done by just specifying the ${DOCKER_IMAGE}
# without a tag.
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
TAGS="$TAGS,${DOCKER_IMAGE}"
fi
# Set output parameters.
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.prep.outputs.tags }}

47
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,47 @@
---
name: 'Create Release'
on:
push:
branches:
- main
paths-ignore:
- '.github/**'
- '.devcontainer/**'
- '.**'
- '**.md'
jobs:
release:
runs-on: ubuntu-latest
outputs:
paths_released: ${{ steps.manifest_release.outputs.paths_released }}
steps:
- uses: google-github-actions/release-please-action@v3
id: manifest_release
with:
token: ${{ secrets.RELEASE_PLEASE_UAT }}
command: manifest
package-name: webssh2
path: app
default-branch: main
release-type: node
publish:
runs-on: ubuntu-20.04
needs: release
strategy:
fail-fast: false
matrix:
path: ${{fromJson(needs.release.outputs.paths_released)}}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 16
registry-url: 'https://registry.npmjs.org'
- name: publish-to-npm
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
run: |
cd ${{ matrix.path }}
npm install
npx lerna bootstrap
npx lerna publish from-package --no-push --no-private --yes

2
.gitignore vendored
View file

@ -49,4 +49,4 @@ jspm_packages
.DS_Store
Build/Release
app/todo.md
app/bob_rsa

1
.nvmrc
View file

@ -1 +0,0 @@
v20.18.0

5
.prettierrc
View file

@ -1,5 +0,0 @@
{
"semi": false,
"singleQuote": false,
"trailingComma": "none"
}

3
.release-please-manifest.json Normal file
View file

@ -0,0 +1,3 @@
{
"app": "0.5.0-pre-4"
}

1
.tool-versions
View file

@ -1 +0,0 @@
nodejs 6.9.1

6
.travis.yml Normal file
View file

@ -0,0 +1,6 @@
language: node_js
node_js:
- 14
- 16
before_install:
- npm i -g snyk

39
BUILD.md
View file

@ -1,39 +0,0 @@
## Issues with building
Working with node 6.9.1 has uncovered some challenges from time to time. Some of these are related to node 6.9.1 and others may not be, however these are some of the issues and fixes I've come across:
### npm ERR! Error: EPERM: operation not permitted, utime
This error with `npm` is related to be related to file permission issues, specifically the `EPERM` (Error: Operation not permitted) error. This is typically caused by the `npm` process trying to modify or access files in a way that the user running the process doesn't have permission to do.
Here are some steps you can try to resolve this issue:
1. **Ensure Correct File Permissions**:
- Check the ownership and permissions of the directory `/workspaces/webssh2/node_modules/.staging/esquery-7b94f06a/dist` and its parent directories.
- You can try running:
```bash
sudo chown -R $(whoami) /workspaces/webssh2/node_modules
```
- Alternatively, ensure that the `vscode` user has the necessary permissions to access and modify these files.
2. **Run npm install as the correct user**:
- Make sure you're not accidentally running `npm` as a root or another user within the Docker container. If you're running it as the `vscode` user, ensure that the `vscode` user has the appropriate permissions in the `/workspaces/webssh2` directory.
3. **Clear npm cache**:
- Sometimes this error can be caused by a corrupt npm cache. You can try clearing the cache:
```bash
npm cache clean --force
```
- After clearing the cache, try running `npm install` again.
4. **Check for Staging Issues**:
- The error is occurring in a `.staging` directory, which is used by `npm` during the installation process. If the `.staging` directory is corrupted or incomplete, it can cause issues. You can remove the `node_modules` directory and try reinstalling:
```bash
rm -rf node_modules
npm install
```
5. **Try Running as Root (Not Recommended for Production)**:
- As a last resort, you can try running `npm install` as root within the container. However, this is not recommended due to potential security risks:
```bash
sudo npm install
```

13
BUILDING.md Normal file
View file

@ -0,0 +1,13 @@
# Buliding
To rebuild the client files, you need at least Node v14.
The source of the client files are located in `./app/client/src`
`npm run build` will compile the source files there into `./app/client/public/`. This directory is considered to be volitile and is deleted every time `npm run build` is invoked.
WebPack is used for building and the configuration is located in `./app/scripts`
If one wishes to make changes to the javascript, the html, or the css it should be done in `./app/client/src` and then complied using `npm run build`
For development purposes, you may also utilize `npm run builddev` which will not minimize the source and allow you to more easily troubleshoot while making customizations.

46
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,46 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at wmchurch@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/

94
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,94 @@
Guidelines for contributing code:
Make sure code passes linting from (StandardJS)[https://standardjs.com/]
# Contributing
When contributing to this repository, please first discuss the change you wish to make via issue,
email, or any other method with the owners of this repository before making a change.
Please note we have a code of conduct, please follow it in all your interactions with the project.
## Pull Request Process
1. Ensure any install or build dependencies are removed before the end of the layer when doing a
build.
2. Make sure code passes linting from (StandardJS)[https://standardjs.com/]
3. Explain what you're trying to accomplish in your commits
4. Update changelog and Readme if needed.
## Code of Conduct
### Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
nationality, personal appearance, race, religion, or sexual identity and
orientation.
### Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
### Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
### Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
### Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at [INSERT EMAIL ADDRESS]. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
### Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/

401
ChangeLog-Old.md
View file

@ -1,401 +0,0 @@
<a name="0.2.17"></a>
## 0.2.17 (2024-08-22)
### Bug Fixes
* correct handling of sshTerm query parameters ([b9ca79e](https://github.com/billchurch/WebSSH2/commit/b9ca79e))
* enable `autoConnect` only on `/ssh/host/` ([c9591d6](https://github.com/billchurch/WebSSH2/commit/c9591d6))
* handle http basic auth in `/ssh/host/` route ([1fc35f7](https://github.com/billchurch/WebSSH2/commit/1fc35f7))
* honor `ssh.term` settings as default when url param `sshTerm` is undefined ([303f53d](https://github.com/billchurch/WebSSH2/commit/303f53d))
* sanitize object no longer mutates original object ([ea01701](https://github.com/billchurch/WebSSH2/commit/ea01701))
* Serve the static files from the webssh2_client module with a custom prefix '/ssh/assets' instead of just '/ssh'. ([8fcf4b7](https://github.com/billchurch/WebSSH2/commit/8fcf4b7))
* vareiable scoping for conn and stream would prevent multiple user sessions ([650f4eb](https://github.com/billchurch/WebSSH2/commit/650f4eb))
* version comment in client.html ([ea12cc8](https://github.com/billchurch/WebSSH2/commit/ea12cc8))
### Features
* `Switch User` or `reauth` feature for Basic Auth sessions ([3e45c98](https://github.com/billchurch/WebSSH2/commit/3e45c98))
* `Switch User` or `reauth` feature for Basic Auth sessions ([a530f59](https://github.com/billchurch/WebSSH2/commit/a530f59))
* add allowReconnect, allowReauth, and autoLog features, normalize debug logs ([e2ea068](https://github.com/billchurch/WebSSH2/commit/e2ea068))
* Add session-based authentication for SSH connections using HTTP Basic auth and express.js ([afe462b](https://github.com/billchurch/WebSSH2/commit/afe462b))
* Add SSH routes and connection handler ([2d19f49](https://github.com/billchurch/WebSSH2/commit/2d19f49))
* get HTTP session secret from `WEBSSH_SESSION_SECRET` env if available. ([17bc82d](https://github.com/billchurch/WebSSH2/commit/17bc82d))
* HTTP Basic Authentication and auto-connection with /ssh/host/<hostIP> ([a0affca](https://github.com/billchurch/WebSSH2/commit/a0affca))
* Inject SSH host and port into webssh2 configuration ([e39fb88](https://github.com/billchurch/WebSSH2/commit/e39fb88))
* routes.js validate input from url parameters ([72d7477](https://github.com/billchurch/WebSSH2/commit/72d7477))
* Update connectionHandler.js and routes.js to propmpt for basic credentials when accessing `/ssh/host/<address>` and pre-populate credentials and host info AND auto-connect to server. ([fe7248e](https://github.com/billchurch/WebSSH2/commit/fe7248e))
* update webssh2_client 0.2.20 ([9b94627](https://github.com/billchurch/WebSSH2/commit/9b94627))
* update webssh2_client 0.2.21 ([9cfccb1](https://github.com/billchurch/WebSSH2/commit/9cfccb1))
* update webssh2_client to 0.2.19 ([418af1b](https://github.com/billchurch/WebSSH2/commit/418af1b))
* update webssh2_client@0.2.23 ([e06fabc](https://github.com/billchurch/WebSSH2/commit/e06fabc))
* validate handleResize ([b4cbfb4](https://github.com/billchurch/WebSSH2/commit/b4cbfb4))
* validate handleTerminal ([aab1a35](https://github.com/billchurch/WebSSH2/commit/aab1a35))
* validateSshTerm checks if term is undefined or null before validation ([28f329e](https://github.com/billchurch/WebSSH2/commit/28f329e))
<a name="0.2.12"></a>
## 0.2.12 (2024-07-10)
BIG-IP Specific version
### Changes
- `[ctrl]+[shift]+[6]` or `[ctrl]+[^]` now sends `RS` or `0x1E`
## [0.2.11] 2
<a name="0.2.11"></a>
## 0.2.11 (2021-05-12)
BIG-IP Specific version
### BREAKING
- Not compatible with versions of ephemeral_auth before 0.4.8 due to child resources moving under /ssh
### Changes
- in `config.json.sample` - `allowreauth` set to `false` by default
- in `config.json.sample` - potential future proofing for CORS support `http.origins`
- `ssh` module updated to 0.8.9
- Move all child resources to start from under /ssh
- /socket.io -> /ssh/socket.io
- /webssh2.css -> /ssh/webssh2.css
- /webssh2.bundle.js -> /ssh/webssh2.bundle.js
- /reauth -> /ssh/reauth
- perhaps more
<a name="0.2.9"></a>
## 0.2.9 (2019-06-13)
### Changes
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
- issue not exploitable on webssh2 implementation
- patched anyway
- sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
- See https://github.com/nodeca/js-yaml/issues/475 for more detail
<a name="0.2.8"></a>
## 0.2.8 (2019-05-26)
### Changes
- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
- fixes broken `npm run (build|builddev)`
- update font-awesome fonts to 5.6.3
- update webpack and dependancies
- update xterm to 3.8.0
### Fixes
- ILX
<a name="0.2.7"></a>
## 0.2.7 (2018-11-11)
### Changes
- `config.reauth` was not respected if initial auth presented was incorrect, regardless of `reauth` setting in `config.json` reauth would always be attempted. fixes [#117](../../issues/117)
- **BREAKING** moved app files to /app, this may be a breaking change
- Updated dockerfile for new app path
- Updated app dependancies
- xterm v3.8.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
- basic-auth v2.0.1
- https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
- express v4.16.4
- https://github.com/expressjs/express/releases/tag/4.16.4
- validator v10.9.0
- https://github.com/chriso/validator.js/releases/tag/10.9.0
- Updated dev dependancies
- snazzy v8.0.0
- standard v12.0.1
- uglifyjs-webpack-plugin v2.0.1
- ajv v6.5.5
- copy-webpack-plugin v4.6.0
- css-loader v1.0.1
- nodemon v1.18.6
- postcss-discard-comments v4.0.1
- snyk v1.108.2
- url-loader v1.1.2
- webpack v4.25.1
- webpack-cli v3.1.2
<a name="0.2.6"></a>
## 0.2.6 (2018-11-07)
### Changes
- Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
- Update node version supported to >=6 (PR #115) thanks @perlun
- Update packages
- developer dependencies
<a name="0.2.5"></a>
## 0.2.5 (2018-09-11)
### Added
- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
- Controlled by `config.json` option `options.allowreauth` true presents reauth dialog and false hides dialog
### Changed
- `options.challengeButton` enabled
- previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the `allowreplay` header value
- Updated debug module to v4
<a name="0.2.4"></a>
## 0.2.4 (2018-07-18)
### Added
- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
- Added bellStyle options
- `GET var`: **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound", "none"
- `config.json`: **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
- `workspace` folder on GITHUB for BIG-IP specific fixes/changes
### Changed
- Updated xterm.js to 3.1.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
- Default listen IP in `config.json` changed back to 127.0.0.1
### Bug Fixes
- ESC]0; is now removed from log files when using the browser-side logging feature
* **package:** update ssh2 to version 0.6.1 ([bf15b3e](https://github.com/billchurch/WebSSH2/commit/bf15b3e)), closes [#55](https://github.com/billchurch/WebSSH2/issues/55)
* **package:** update validator to version 10.1.0 ([1a15fa5](https://github.com/billchurch/WebSSH2/commit/1a15fa5)), closes [#62](https://github.com/billchurch/WebSSH2/issues/62)
<a name="0.2.0"></a>
# 0.2.0 (2018-02-10)
Mostly client (browser) related changes in this release
### Added
- Menu system
- Fontawesome icons
- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
- New terminal options (config.json as well as GET vars)
- terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
- terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
- terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
- Logging of MRH session (unassigned if not present)
- Express compression feature
### Changed
- Updated xterm.js to 3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
- Moved javascript events out of html into javascript
- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
- Moved logging and credentials buttons to menu system
- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
### Fixed
- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
<a name="0.1.4"></a>
## 0.1.4 (2018-01-30)
### Changed
- Moved socket and util out of folders into .js in root.
- added keepaliveInterval and keepaliveCountMax config options
### Bug Fixes
* package.json to reduce vulnerabilities ([196d769](https://github.com/billchurch/WebSSH2/commit/196d769))
<a name="0.1.3"></a>
## 0.1.3 (2017-09-28)
### Changed
- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
- Upgrade Express to 4.15.5 for ReDOS
- Upgrade basic-auth to v2.0
<a name="0.1.2"></a>
## 0.1.2 (2017-08-21)
### Added
- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
### Changed
- Updated xterm.js to 2.9.2 from 2.6.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
- ssh-streams to 0.1.19 from 0.1.16
- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
- https://github.com/chriso/validator.js/releases/tag/8.0.0
- Updated Express to 4.15.4, no fixes impacting WebSSH2
- https://github.com/expressjs/express/releases/tag/4.15.4
- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
- https://github.com/expressjs/session/releases/tag/v1.15.5
- Updated Debug to 3.0.0, no fixes impacting WebSSH2
- https://github.com/visionmedia/debug/releases/tag/3.0.0
- Running in strict mode ('use strict';)
### Bug Fixes
* package.json to reduce vulnerabilities ([e65a964](https://github.com/billchurch/WebSSH2/commit/e65a964))
<a name="0.1.1"></a>
## 0.1.1 (2017-06-03)
- `serverlog.client` and `serverlog.server` options added to `config.json` to enable logging of client commands to server log (only client portion implemented at this time)
- morgan express middleware for logging
### Changed
- Updated socket.io to 1.7.4
- continued refactoring, breaking up `index.js`
- revised error handling methods
- revised session termination methods
### Fixed
### Removed
- color console decorations from `util/index.js`
- SanatizeHeaders function from `util/index.js`
<a name="0.1.0"></a>
# 0.1.0 (2017-05-27)
### Added
- This ChangeLog.md file
- Support for UTF-8 characters (thanks @bara666)
- Snyk, Bithound, Travis CI
- Cross platform improvements (path mappings)
- Session fixup between Express and Socket.io
- Session secret settings in `config.json`
- env variable `DEBUG=ssh2` will put the `ssh2` module into debug mode
- env variable `DEBUG=WebSSH2` will output additional debug messages for functions
and events in the application (not including the ssh2 module debug)
- using Grunt to pull js and css source files from other modules `npm run build` to rebuild these if changed or updated.
- `useminified` option in `config.json` to enable using minified client side javascript (true) defaults to false (non-minified)
- sshterm= query option to specify TERM environment variable for host, valid strings are alpha-numeric with a hypen (validated). Otherwise the default ssh.term variable from `config.json` will be used.
- validation for host (v4,v6,fqdn,hostname), port (integer 2-65535), and header (sanitized) from URL input
### Changed
- error handling in public/client.js
- moved socket.io operations to their own file /socket/index.js, more changes like this to come (./socket/index.js)
- all session based variables are now under the req.session.ssh property or socket.request.ssh (./index.js)
- moved SSH algorithms to `config.json` and defined as a session variable (..session.ssh.algorithms)
-- prep for future feature to define algorithms in header or some other method to enable separate ciphers per host
- minified and combined all js files to a single js in `./public/webssh2.min.js` also included a sourcemap `./public/webssh2.min.js` which maps to `./public/webssh2.js` for easier troubleshooting.
- combined all css files to a single css in `./public/webssh2.css`
- minified all css files to a single css in `./public/webssh2.min.css`
- copied all unmodified source css and js to /public/src/css and /public/src/js respectively (for troubleshooting/etc)
- sourcemaps of all minified code (in /public/src and /public/src/js)
- renamed `client.htm` to `client-full.htm`
- created `client-min.htm` to serve minified javascript
- if header.text is null in `config.json` and header is not defined as a get parameter the Header will not be displayed. Both of these must be null / undefined and not specified as get parameters.
### Fixed
- Multiple errors may overwrite status bar which would cause confusion as to what originally caused the error. Example, ssh server disconnects which prompts a cascade of events (conn.on('end'), socket.on('disconnect'), conn.on('close')) and the original reason (conn.on('end')) would be lost and the user would erroneously receive a WEBSOCKET error as the last event to fire would be the websocket connection closing from the app.
- ensure ssh session is closed when a browser disconnects from the websocket
- if headerBackground is changed, status background is changed to the same color (typo, fixed)
### Removed
- Express Static References directly to module source directories due to concatenating and minifying js/css
<a name="0.0.5"></a>
## 0.0.5 (2017-03-23)
### Added
- Added experimental support for logging (see Readme)
### Fixed
- Terminal geometry now properly fills the browser screen and communicates this to the ssh session. Tested with IE 11 and recent versions of Chrome/Safari/Firefox.
<a name="0.0.4"></a>
## 0.0.4 (2017-03-23)
### Added
- Set default terminal to xterm-color
- Mouse event support
- New config option, config.ssh.term to set terminal
### Changed
- Update to Xterm.js 2.4.0
- Minor code formatting cleanup
<a name="0.0.3"></a>
## 0.0.3 (2017-02-16)
### Changed
- Update xterm to latest (2.3.0)
### Fixed
- Fixed misspelled config.ssh.port property
<a name="0.0.2"></a>
## 0.0.2 (2017-02-01)
### Changed
- Moving terminal emulation to xterm.js
- updating module version dependencies
### Fixed
- Fixed issue with banners not being displayed properly from UNIX hosts when only lf is used
<a name="0.0.1"></a>
## 0.0.1 (2016-07-28)
### Added
- Initial proof of concept and release. For historical purposes only.

508
ChangeLog.md
View file

@ -1,507 +1,3 @@
# Change Log
# Changelog Moved
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
<a name="0.2.20"></a>
## [0.2.20](https://github.com/billchurch/WebSSH2/compare/v0.2.19...v0.2.20) (2024-08-22)
<a name="0.2.19"></a>
## [0.2.19](https://github.com/billchurch/WebSSH2/compare/v0.2.18...v0.2.19) (2024-08-22)
<a name="0.2.18"></a>
## [0.2.18](https://github.com/billchurch/WebSSH2/compare/v0.2.17...v0.2.18) (2024-08-22)
### Features
* express.js session secret configurable in docker with WEBSSH_SESSION_SECRET env variable ([12e5431](https://github.com/billchurch/WebSSH2/commit/12e5431))
* ssh keyboard-interactive authentication support ([0f3c7ab](https://github.com/billchurch/WebSSH2/commit/0f3c7ab))
<a name="0.2.17"></a>
## 0.2.17 (2024-08-22)
### Bug Fixes
* correct handling of sshTerm query parameters ([b9ca79e](https://github.com/billchurch/WebSSH2/commit/b9ca79e))
* enable `autoConnect` only on `/ssh/host/` ([c9591d6](https://github.com/billchurch/WebSSH2/commit/c9591d6))
* handle http basic auth in `/ssh/host/` route ([1fc35f7](https://github.com/billchurch/WebSSH2/commit/1fc35f7))
* honor `ssh.term` settings as default when url param `sshTerm` is undefined ([303f53d](https://github.com/billchurch/WebSSH2/commit/303f53d))
* sanitize object no longer mutates original object ([ea01701](https://github.com/billchurch/WebSSH2/commit/ea01701))
* Serve the static files from the webssh2_client module with a custom prefix '/ssh/assets' instead of just '/ssh'. ([8fcf4b7](https://github.com/billchurch/WebSSH2/commit/8fcf4b7))
* vareiable scoping for conn and stream would prevent multiple user sessions ([650f4eb](https://github.com/billchurch/WebSSH2/commit/650f4eb))
* version comment in client.html ([ea12cc8](https://github.com/billchurch/WebSSH2/commit/ea12cc8))
### Features
* `Switch User` or `reauth` feature for Basic Auth sessions ([3e45c98](https://github.com/billchurch/WebSSH2/commit/3e45c98))
* `Switch User` or `reauth` feature for Basic Auth sessions ([a530f59](https://github.com/billchurch/WebSSH2/commit/a530f59))
* add allowReconnect, allowReauth, and autoLog features, normalize debug logs ([e2ea068](https://github.com/billchurch/WebSSH2/commit/e2ea068))
* Add session-based authentication for SSH connections using HTTP Basic auth and express.js ([afe462b](https://github.com/billchurch/WebSSH2/commit/afe462b))
* Add SSH routes and connection handler ([2d19f49](https://github.com/billchurch/WebSSH2/commit/2d19f49))
* get HTTP session secret from `WEBSSH_SESSION_SECRET` env if available. ([17bc82d](https://github.com/billchurch/WebSSH2/commit/17bc82d))
* HTTP Basic Authentication and auto-connection with /ssh/host/<hostIP> ([a0affca](https://github.com/billchurch/WebSSH2/commit/a0affca))
* Inject SSH host and port into webssh2 configuration ([e39fb88](https://github.com/billchurch/WebSSH2/commit/e39fb88))
* routes.js validate input from url parameters ([72d7477](https://github.com/billchurch/WebSSH2/commit/72d7477))
* Update connectionHandler.js and routes.js to propmpt for basic credentials when accessing `/ssh/host/<address>` and pre-populate credentials and host info AND auto-connect to server. ([fe7248e](https://github.com/billchurch/WebSSH2/commit/fe7248e))
* update webssh2_client 0.2.20 ([9b94627](https://github.com/billchurch/WebSSH2/commit/9b94627))
* update webssh2_client 0.2.21 ([9cfccb1](https://github.com/billchurch/WebSSH2/commit/9cfccb1))
* update webssh2_client to 0.2.19 ([418af1b](https://github.com/billchurch/WebSSH2/commit/418af1b))
* update webssh2_client@0.2.23 ([e06fabc](https://github.com/billchurch/WebSSH2/commit/e06fabc))
* validate handleResize ([b4cbfb4](https://github.com/billchurch/WebSSH2/commit/b4cbfb4))
* validate handleTerminal ([aab1a35](https://github.com/billchurch/WebSSH2/commit/aab1a35))
* validateSshTerm checks if term is undefined or null before validation ([28f329e](https://github.com/billchurch/WebSSH2/commit/28f329e))
<a name="0.2.12"></a>
## 0.2.12 (2024-07-10)
<a name="0.2.11"></a>
## 0.2.11 (2021-05-12)
<a name="0.2.9"></a>
## 0.2.9 (2019-06-13)
<a name="0.2.8"></a>
## 0.2.8 (2019-05-26)
<a name="0.2.7"></a>
## 0.2.7 (2018-11-11)
<a name="0.2.6"></a>
## 0.2.6 (2018-11-07)
<a name="0.2.5"></a>
## 0.2.5 (2018-09-11)
<a name="0.2.4"></a>
## 0.2.4 (2018-07-18)
### Bug Fixes
* **package:** update ssh2 to version 0.6.1 ([bf15b3e](https://github.com/billchurch/WebSSH2/commit/bf15b3e)), closes [#55](https://github.com/billchurch/WebSSH2/issues/55)
* **package:** update validator to version 10.1.0 ([1a15fa5](https://github.com/billchurch/WebSSH2/commit/1a15fa5)), closes [#62](https://github.com/billchurch/WebSSH2/issues/62)
<a name="0.2.0"></a>
# 0.2.0 (2018-02-10)
<a name="0.1.4"></a>
## 0.1.4 (2018-01-30)
### Bug Fixes
* package.json to reduce vulnerabilities ([196d769](https://github.com/billchurch/WebSSH2/commit/196d769))
<a name="0.1.3"></a>
## 0.1.3 (2017-09-28)
<a name="0.1.2"></a>
## 0.1.2 (2017-08-21)
### Bug Fixes
* package.json to reduce vulnerabilities ([e65a964](https://github.com/billchurch/WebSSH2/commit/e65a964))
<a name="0.1.1"></a>
## 0.1.1 (2017-06-03)
<a name="0.1.0"></a>
# 0.1.0 (2017-05-27)
<a name="0.0.5"></a>
## 0.0.5 (2017-03-23)
<a name="0.0.4"></a>
## 0.0.4 (2017-03-23)
<a name="0.0.3"></a>
## 0.0.3 (2017-02-16)
<a name="0.0.2"></a>
## 0.0.2 (2017-02-01)
<a name="0.0.1"></a>
## 0.0.1 (2016-07-28)
# Change Log
## [0.2.13] 2024-07-11
BIG-IP Specific version
### Fixes
- fixed missing reference to `read-config-ng` switchover which could prevent `config.json` from being read
## [0.2.12] 2024-07-10
BIG-IP Specific version
### Changes
- `[ctrl]+[shift]+[6]` or `[ctrl]+[^]` now sends `RS` or `0x1E`
## [0.2.11] 2020-05-12
BIG-IP Specific version
### BREAKING
- Not compatible with versions of ephemeral_auth before 0.4.8 due to child resources moving under /ssh
### Changes
- in `config.json.sample` - `allowreauth` set to `false` by default
- in `config.json.sample` - potential future proofing for CORS support `http.origins`
- `ssh` module updated to 0.8.9
- Move all child resources to start from under /ssh
- /socket.io -> /ssh/socket.io
- /webssh2.css -> /ssh/webssh2.css
- /webssh2.bundle.js -> /ssh/webssh2.bundle.js
- /reauth -> /ssh/reauth
- perhaps more
## [0.2.10] not actually released
## [0.2.9] 2019-06-13
### Changes
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
- issue not exploitable on webssh2 implementation
- patched anyway
- sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
- See https://github.com/nodeca/js-yaml/issues/475 for more detail
## [0.2.8] 2019-05-25
### Changes
- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
- fixes broken `npm run (build|builddev)`
- update font-awesome fonts to 5.6.3
- update webpack and dependancies
- update xterm to 3.8.0
### Fixes
- ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package
## [0.2.7] 2018-11-11
### Changes
- `config.reauth` was not respected if initial auth presented was incorrect, regardless of `reauth` setting in `config.json` reauth would always be attempted. fixes [#117](../../issues/117)
- **BREAKING** moved app files to /app, this may be a breaking change
- Updated dockerfile for new app path
- Updated app dependancies
- xterm v3.8.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
- basic-auth v2.0.1
- https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
- express v4.16.4
- https://github.com/expressjs/express/releases/tag/4.16.4
- validator v10.9.0
- https://github.com/chriso/validator.js/releases/tag/10.9.0
- Updated dev dependancies
- snazzy v8.0.0
- standard v12.0.1
- uglifyjs-webpack-plugin v2.0.1
- ajv v6.5.5
- copy-webpack-plugin v4.6.0
- css-loader v1.0.1
- nodemon v1.18.6
- postcss-discard-comments v4.0.1
- snyk v1.108.2
- url-loader v1.1.2
- webpack v4.25.1
- webpack-cli v3.1.2
## [0.2.6] 2018-11-09
### Changes
- Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
- Update node version supported to >=6 (PR #115) thanks @perlun
- Update packages
- developer dependencies
## [0.2.5] 2018-09-11
### Added
- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
- Controlled by `config.json` option `options.allowreauth` true presents reauth dialog and false hides dialog
### Changed
- `options.challengeButton` enabled
- previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the `allowreplay` header value
- Updated debug module to v4
## [0.2.4] 2018-07-18
### Added
- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
- Added bellStyle options
- `GET var`: **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound", "none"
- `config.json`: **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
- `workspace` folder on GITHUB for BIG-IP specific fixes/changes
### Changed
- Updated xterm.js to 3.1.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
- Default listen IP in `config.json` changed back to 127.0.0.1
### Fixed
- ESC]0; is now removed from log files when using the browser-side logging feature
## [0.2.3] unreleased
### Fixed
- ESC]0; is now removed from log files when using the browser-side logging feature
## [0.2.0] 2018-02-10
Mostly client (browser) related changes in this release
### Added
- Menu system
- Fontawesome icons
- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
- New terminal options (config.json as well as GET vars)
- terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
- terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
- terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
- Logging of MRH session (unassigned if not present)
- Express compression feature
### Changed
- Updated xterm.js to 3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
- Moved javascript events out of html into javascript
- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
- Moved logging and credentials buttons to menu system
- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
### Fixed
- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
# Change Log
## [0.1.4] 2018-01-30
### Changed
- Moved socket and util out of folders into .js in root.
- added keepaliveInterval and keepaliveCountMax config options
## [0.1.3] 2017-09-28
### Changed
- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
- Upgrade Express to 4.15.5 for ReDOS
- Upgrade basic-auth to v2.0
## [0.1.2] 2017-07-31
### Added
- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
### Changed
- Updated xterm.js to 2.9.2 from 2.6.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
- ssh-streams to 0.1.19 from 0.1.16
- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
- https://github.com/chriso/validator.js/releases/tag/8.0.0
- Updated Express to 4.15.4, no fixes impacting WebSSH2
- https://github.com/expressjs/express/releases/tag/4.15.4
- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
- https://github.com/expressjs/session/releases/tag/v1.15.5
- Updated Debug to 3.0.0, no fixes impacting WebSSH2
- https://github.com/visionmedia/debug/releases/tag/3.0.0
- Running in strict mode ('use strict';)
## [0.1.1] 2017-06-03
### Added
- `serverlog.client` and `serverlog.server` options added to `config.json` to enable logging of client commands to server log (only client portion implemented at this time)
- morgan express middleware for logging
### Changed
- Updated socket.io to 1.7.4
- continued refactoring, breaking up `index.js`
- revised error handling methods
- revised session termination methods
### Fixed
### Removed
- color console decorations from `util/index.js`
- SanatizeHeaders function from `util/index.js`
## [0.1.0] 2017-05-27
### Added
- This ChangeLog.md file
- Support for UTF-8 characters (thanks @bara666)
- Snyk, Bithound, Travis CI
- Cross platform improvements (path mappings)
- Session fixup between Express and Socket.io
- Session secret settings in `config.json`
- env variable `DEBUG=ssh2` will put the `ssh2` module into debug mode
- env variable `DEBUG=WebSSH2` will output additional debug messages for functions
and events in the application (not including the ssh2 module debug)
- using Grunt to pull js and css source files from other modules `npm run build` to rebuild these if changed or updated.
- `useminified` option in `config.json` to enable using minified client side javascript (true) defaults to false (non-minified)
- sshterm= query option to specify TERM environment variable for host, valid strings are alpha-numeric with a hypen (validated). Otherwise the default ssh.term variable from `config.json` will be used.
- validation for host (v4,v6,fqdn,hostname), port (integer 2-65535), and header (sanitized) from URL input
### Changed
- error handling in public/client.js
- moved socket.io operations to their own file /socket/index.js, more changes like this to come (./socket/index.js)
- all session based variables are now under the req.session.ssh property or socket.request.ssh (./index.js)
- moved SSH algorithms to `config.json` and defined as a session variable (..session.ssh.algorithms)
-- prep for future feature to define algorithms in header or some other method to enable separate ciphers per host
- minified and combined all js files to a single js in `./public/webssh2.min.js` also included a sourcemap `./public/webssh2.min.js` which maps to `./public/webssh2.js` for easier troubleshooting.
- combined all css files to a single css in `./public/webssh2.css`
- minified all css files to a single css in `./public/webssh2.min.css`
- copied all unmodified source css and js to /public/src/css and /public/src/js respectively (for troubleshooting/etc)
- sourcemaps of all minified code (in /public/src and /public/src/js)
- renamed `client.htm` to `client-full.htm`
- created `client-min.htm` to serve minified javascript
- if header.text is null in `config.json` and header is not defined as a get parameter the Header will not be displayed. Both of these must be null / undefined and not specified as get parameters.
### Fixed
- Multiple errors may overwrite status bar which would cause confusion as to what originally caused the error. Example, ssh server disconnects which prompts a cascade of events (conn.on('end'), socket.on('disconnect'), conn.on('close')) and the original reason (conn.on('end')) would be lost and the user would erroneously receive a WEBSOCKET error as the last event to fire would be the websocket connection closing from the app.
- ensure ssh session is closed when a browser disconnects from the websocket
- if headerBackground is changed, status background is changed to the same color (typo, fixed)
### Removed
- Express Static References directly to module source directories due to concatenating and minifying js/css
## [0.0.5] - 2017-03-23
### Added
- Added experimental support for logging (see Readme)
### Fixed
- Terminal geometry now properly fills the browser screen and communicates this to the ssh session. Tested with IE 11 and recent versions of Chrome/Safari/Firefox.
## [0.0.4] - 2017-03-23
### Added
- Set default terminal to xterm-color
- Mouse event support
- New config option, config.ssh.term to set terminal
### Changed
- Update to Xterm.js 2.4.0
- Minor code formatting cleanup
## [0.0.3] - 2017-02-16
### Changed
- Update xterm to latest (2.3.0)
### Fixed
- Fixed misspelled config.ssh.port property
## [0.0.2] - 2017-02-01
### Changed
- Moving terminal emulation to xterm.js
- updating module version dependencies
### Fixed
- Fixed issue with banners not being displayed properly from UNIX hosts when only lf is used
## [0.0.1] - 2016-06-28
### Added
- Initial proof of concept and release. For historical purposes only.
See [app/CHANGELOG.md](app/CHANGELOG.md)

74
DEPRECATED.md
View file

@ -1,74 +0,0 @@
# Deprecated Features in WebSSH2
This document outlines features, configuration options, and parameters that have been deprecated in the this version of WebSSH2. Please review this information to ensure your setup remains compatible and to make necessary adjustments.
## Removed `config.json` Options
The following configuration options have been **removed** from `config.json`:
### Terminal Configuration
The following options have been replaced with client-side terminal configuration handling in the browser:
- `terminal.cursorBlink` (boolean): Whether the cursor blinks.
- `terminal.scrollback` (integer): Scrollback limit.
- `terminal.tabStopWidth` (integer): Tab stop width.
- `terminal.bellStyle` (string): Bell style.
### Logging Configuration
- `serverlog.client` (boolean): Enabled or disabled client logging.
- `serverlog.server` (boolean): Enabled or disabled server logging.
- `accesslog` (boolean): Controlled whether access logging was enabled.
### Other
- `verify` (boolean): This option was never implemented and has been removed.
## Removed GET Parameters
The following GET parameters have been **removed** from the application:
### Terminal Configuration Parameters
These have been replaced with client-side terminal configuration handling in the browser:
- `readyTimeout=`
- `cursorBlink=`
- `scrollback=`
- `tabStopWidth=`
- `bellStyle=`
### Header Parameters
- `allowReplay=` (boolean): Controlled the use of the password replay feature. This is now exclusively controlled from server-side `config.json`.
- `mrhsession=` (string): Used to pass an APM session for event correlation. This unused option has been removed.
## Required Actions
1. **Review and Update Configuration Files:**
- Remove references to deprecated options in your `config.json` file.
- If you relied on any of the removed terminal configuration options, implement client-side configurations instead.
2. **Update Integrations:**
- If your integrations or workflows use any of the removed GET parameters, update them to remove these references.
3. **Logging and Verification Adjustments:**
- If you relied on `serverlog`, `accesslog`, or `verify` options, you may need to implement custom solutions for logging and verification.
4. **Client-Side Terminal Configuration:**
- Implement client-side terminal configurations to replace the removed server-side options.
5. **Review Header Configurations:**
- Update any configurations or integrations that relied on `allowReplay` or `mrhsession` GET parameters.
6. **Test Your Setup:**
- After making these changes, thoroughly test your WebSSH2 setup to ensure everything works as expected with the new configuration.
## Additional Notes
- The removal of these options is part of our effort to simplify the codebase and improve performance.
- If you encounter any issues after updating, please refer to the latest documentation or open an issue on our GitHub repository.
- For the most up-to-date information on configuration options, always refer to the current README.md and configuration files in the repository.
I appreciate your understanding and cooperation as we continue to improve WebSSH2. If you have any questions or need assistance with these changes, please don't hesitate to reach out to the project maintainers.

56
Dockerfile
View file

@ -1,51 +1,9 @@
# Use debian:bookworm-slim runtime as a parent image
FROM debian:bookworm-slim
FROM node:16-alpine
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN apk update && apk add bash
RUN apt-get update \
&& apt-get install -y curl \
&& apt-get -y autoclean
# nvm environment variables
ENV NVM_DIR /usr/local/nvm
ENV NODE_VERSION 6.9.1
RUN mkdir -p $NVM_DIR
# install nvm
# https://github.com/creationix/nvm#install-script
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
RUN echo "source $NVM_DIR/nvm.sh && \
nvm install $NODE_VERSION && \
nvm alias default $NODE_VERSION && \
nvm use default" | bash
# Set the working directory in the container
WORKDIR /usr/src/app
# Copy package.json and package-lock.json (if available)
COPY package*.json index.js ./
# Install production dependencies
# RUN npm install --production
RUN npm i --audit=false --bin-links=false --fund=false --production
COPY app/ ./app/
COPY config.json.sample config.json
# Set environment variables
ENV PORT=2222
ENV DEBUG=
ENV WEBSSH_SESSION_SECRET=
# Make port 2222 available to the world outside this container
EXPOSE 2222
# Run the app when the container launches
CMD ["npm", "start"]
WORKDIR /usr/src
COPY app/ /usr/src/
RUN npm ci --audit=false --bin-links=false --fund=false
EXPOSE 2222/tcp
ENTRYPOINT [ "/usr/local/bin/node", "index.js" ]

33
EventFlow.md
View file

@ -1,33 +0,0 @@
# Typical Event Flow
```mermaid
sequenceDiagram
participant Client
participant Socket.IO
participant WebSSH2 Server
participant SSH Server
Client->>Socket.IO: Connect
Socket.IO->>WebSSH2 Server: io.on connection
Note over WebSSH2 Server: Socket Established
WebSSH2 Server->>Client: Emit request_auth
Client->>WebSSH2 Server: Send authentication data
Note over WebSSH2 Server: handleAuthenticate
Note over WebSSH2 Server: initializeConnection
WebSSH2 Server->>SSH Server: Connect (ssh.connect)
SSH Server-->>WebSSH2 Server: Connection ready
Note over WebSSH2 Server: conn.on ready
WebSSH2 Server->>Client: Emit authentication success
WebSSH2 Server->>Client: Emit permissions
WebSSH2 Server->>Client: Update footer element
Client->>WebSSH2 Server: Send terminal data
Note over WebSSH2 Server: handleTerminal
Note over WebSSH2 Server: Set term, rows, cols
Note over WebSSH2 Server: Ready for SSH communication
Note over WebSSH2 Server: createShell
WebSSH2 Server->>SSH Server: open shell
SSH Server-->>WebSSH2 Server: stream.on('data')
WebSSH2 Server-->>Client: socket.emit('data')
Client-->>WebSSH2 Server: socket.on('data')
WebSSH2 Server-->>SSH Server: stream.write('data')
```

39
FLOWS.md
View file

@ -1,39 +0,0 @@
# Application Flow
```mermaid
sequenceDiagram
participant Client
participant Express
participant SocketIO
participant SSHConnection
participant SSHServer
Client->>Express: HTTP Request
Express->>Client: Send client files
Client->>SocketIO: Establish Socket.IO connection
alt HTTP Basic Auth used
SocketIO->>SSHConnection: Jump to "Connect with credentials"
else No pre-existing credentials
SocketIO->>Client: Emit "authentication" (request_auth)
Client->>SocketIO: Emit "authenticate" (with credentials)
end
SocketIO->>SSHConnection: Connect with credentials
SSHConnection->>SSHServer: Establish SSH connection
alt Keyboard Interactive Auth
SSHServer->>SSHConnection: Request additional auth
SSHConnection->>SocketIO: Emit "authentication" (keyboard-interactive)
SocketIO->>Client: Forward auth request
Client->>SocketIO: Send auth response
SocketIO->>SSHConnection: Forward auth response
SSHConnection->>SSHServer: Complete authentication
end
SSHServer->>SSHConnection: Connection established
SSHConnection->>SocketIO: Connection successful
SocketIO->>Client: Emit "authentication" (success)
Client->>SocketIO: Emit "terminal" (with specs)
SocketIO->>SSHConnection: Create shell with specs
SSHConnection->>SSHServer: Create shell session
SSHConnection->>SocketIO: Shell created
SocketIO->>Client: Ready for input/output
Note over Client,SSHServer: Bidirectional data flow established
```

2
Makefile Normal file
View file

@ -0,0 +1,2 @@
test:
cd ./app; npm run test

448
README.md
View file

@ -1,205 +1,367 @@
# WebSSH2 - Web SSH Client
# WebSSH2
![Orthrus Mascot](images/orthrus2.png)
[![Build Status](https://travis-ci.com/billchurch/webssh2.svg?branch=main)](https://travis-ci.com/billchurch/webssh2) [![GitHub version](https://img.shields.io/github/v/release/billchurch/webssh2)](https://github.com/billchurch/webssh2/releases/latest) [![docker build images](https://github.com/billchurch/webssh2/actions/workflows/docker-multiplatform.yml/badge.svg)](https://github.com/billchurch/webssh2/actions/workflows/docker-multiplatform.yml)
WebSSH2 is an HTML5 web-based terminal emulator and SSH client. It uses SSH2 as a client on a host to proxy a Websocket / Socket.io connection to an SSH2 server.
[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/billchurch)
![WebSSH2 demo](https://user-images.githubusercontent.com/1668075/182425293-acc8741e-cc92-4105-afdc-9538e1685d4b.gif)
Web SSH Client using ssh2, socket.io, xterm.js, and express
![WebSSH2 Screenshot](images/Screenshot.png)
A bare bones example of an HTML5 web-based terminal emulator and SSH client. We use SSH2 as a client on a host to proxy a Websocket / Socket.io connection to a SSH2 server.
## Table of Contents
<img width="600" height="340" alt="WebSSH2 v0.2.0 demo" src="https://user-images.githubusercontent.com/1668075/182425293-acc8741e-cc92-4105-afdc-9538e1685d4b.gif">
- [Requirements](#requirements)
- [Installation](#installation)
- [Docker Setup](#docker-setup)
- [Usage](#usage)
- [Configuration](#configuration)
- [Features](#features)
- [Routes](#routes)
- [Deprecation Notice](#deprecation-notice)
- [Tips](#tips)
- [Support](#support)
# Requirements
Node v14.x or above. If using <v14.x you should be able to run by replacing the "read-config" package to @1 like this (after a clone):
## Requirements
`npm install --save read-config@1
`
- Node.js 6.9.1
Just keep in mind that there is no intention to ensure compatability with Node < v14
## Installation
# Instructions
The instructions previously showed cloning directly from main, while normally safe may include "work in progress". It's recommended that after you clone, you switch to a particular tag.
1. Clone the repository:
```
git clone https://github.com/billchurch/webssh2.git
cd webssh2
```
To install:
2. Install dependencies:
```
npm install --production
```
For development purposes, use `npm install` instead.
1. Clone to a location somewhere
3. Configure the application by editing `config.json` if needed.
2. Checkout to the `current` tag using `git checkout current` or choose a particular [release](https://github.com/billchurch/webssh2/releases/) tag
4. Start the server:
```
npm start
```
3. `cd app` and `npm install --production`. If you want to develop and rebuild javascript and other files utilize `npm install` instead.
## Docker Setup
4. If desired, edit app/config.json to change the listener to your liking. There are also some default options which may be definied for a few of the variables.
1. Build and run the Docker container (with debug messages):
```bash
docker build -t webssh2 .
docker run --name webssh2 --rm -it -p 2222:2222 -e "DEBUG=webssh*,-webssh2:ssh2" webssh2
```
5. Run `npm start`
## Usage
6. Fire up a browser, navigate to IP/port of your choice and specify a host (https isn't used here because it's assumed it will be off-loaded to some sort of proxy):
Access the web client by navigating to:
```
http://localhost:2222/ssh
```
You'll be prompted for host details and SSH credentials.
Alternatively you may use the `/ssh/host/<host>` route:
```
http://localhost:2222/ssh/host/127.0.0.1
```
You'll be prompted for SSH credentials via HTTP Basic Authentication.
P
## Configuration
You will be prompted for credentials to use on the SSH server via HTTP Basic authentcaiton. This is to permit usage with some SSO systems that can replay credentials over HTTP basic.
### GET Parameters
Alternatively in main for testing, you can send credentials via POST with the variables "username" and "userpassword".
- `port=` - _integer_ - SSH server port (default: `22`)
- `header=` - _string_ - Optional header text
- `headerBackground=` - _string_ - Optional background color (default: `"green"`)
- `sshterm=` - _string_ - Terminal type for pty (default: xterm-color)
# Customizing client files
### Config File Options
See [BUILDING.md](BUILDING.md) for more details.
Edit `config.json` to customize the following options:
# Docker
- `listen.ip` - _string_ - IP address to listen on (default: `"127.0.0.1"`)
- `listen.port` - _integer_ - Port to listen on (default: `2222`)
- `http.origins` - _array_ - CORS origins for socket.io (default: `["*:*"]`)
- `user.name` - _string_ - Default SSH username (default: `null`)
- `user.password` - _string_ - Default SSH password (default: `null`)
- `ssh.host` - _string_ - Default SSH host (default: `null`)
- `ssh.port` - _integer_ - Default SSH port (default: `22`)
- `ssh.term` - _string_ - Terminal emulation (default: `"xterm-color"`)
- `ssh.readyTimeout` - _integer_ - SSH handshake timeout in ms (default: `20000`)
- `ssh.keepaliveInterval` - _integer_ - SSH keepalive interval in ms (default: `120000`)
- `ssh.keepaliveCountMax` - _integer_ - Max SSH keepalive packets (default: `10`)
- `header.text` - _string_ - Header text (default: `null`)
- `header.background` - _string_ - Header background color (default: `"green"`)
- `session.name` - _string_ - Session cookie name (default: `"webssh2.sid"`)
- `session.secret` - _string_ - Session secret key (default: `crypto.randomBytes(32).toString("hex")`)
- `options.challengeButton` - _boolean_ - Enable challenge button (default: `true`)
- `options.autoLog` - _boolean_ - Enable auto-logging (default: `false`)
- `options.allowReauth` - _boolean_ - Allow reauthentication (default: `true`)
- `options.allowReconnect` - _boolean_ - Allow reconnection (default: `true`)
- `options.allowReplay` - _boolean_ - Allow credential replay (default: `true`)
## NOTICE
Docker versions differ from what is in `main` and are release dependant.
For detailed SSH algorithm configurations, refer to the full config file.
Meaning billchurch/webssh2:latest is the latest official release. This does NOT sync with what is in `main` on this repo. `main` is development and will change until it gets a release tag.
## Features
On occasion, examples or instructions on `main` will drift from what is released. You should refer to the tag of the version you're using to ensure you are following the proper guidance.
### Keyboard Interactive Authentication
That being said the most current release version is [0.4.6](https://github.com/billchurch/webssh2/tree/0.4.6), see that tag for details.
Keyboard Interactive authentication provides a flexible way to handle various authentication scenarios, including multi-factor authentication.
## Instructions
#### How it works
Some configuration options are available as [Environment Variables](#environment-variables). If there is a configuration option you require which does not have an environment variable please [open an issue requesting](../../issues/new/choose).
1. When the SSH server requests Keyboard Interactive authentication, WebSSH2 can handle it in two ways:
a) Automatically (default behavior)
b) By prompting the user through the web interface
[webssh2 images are available in docker hub](https://hub.docker.com/repository/docker/billchurch/webssh2).
2. In automatic mode:
- If all prompts contain the word "password" (case-insensitive), WebSSH2 will automatically respond using the password provided during the initial connection attempt.
- If any prompt doesn't contain "password", all prompts will be forwarded to the web client for user input.
the `latest` tag will pull the most recent stable release, otherwise you can pull individual tags/releases/versions of this repo by using a particular version in the tag.
3. When prompts are sent to the web client:
- A dialog box appears in the user's browser, displaying all prompts from the SSH server.
- The user can input responses for each prompt.
- Responses are sent back to the SSH server to complete the authentication process.
For instance:
#### Configuration Options
```docker pull billchurch/webssh2:0.4.6```
You can customize the Keyboard Interactive authentication behavior using the following option in your `config.json`:
or
```json
```docker pull billchurch/webssh2:0.4.7-alpha.2```
or
```docker pull billchurch/webssh2```
for the most recent
If you want to play around localy:
Copy app/config.json.template to app/config.json and modify the latter:
```js
{
"ssh": {
"alwaysSendKeyboardInteractivePrompts": false
// ...
"listen": {
"ip": "0.0.0.0",
"port": 2222
}
// ...
}
```
- `alwaysSendKeyboardInteractivePrompts` (boolean, default: false):
- When set to `true`, all Keyboard Interactive prompts will always be sent to the web client, regardless of their content.
- When set to `false` (default), WebSSH2 will attempt to automatically handle password prompts and only send non-password prompts to the web client.
Rebuild and run
#### Use Cases
```bash
docker build -t webssh2 .
docker run --name webssh2 -d -p 2222:2222 webssh2
```
1. **Simple Password Authentication**:
With default settings, if the SSH server uses Keyboard Interactive for password authentication, WebSSH2 will automatically handle it without additional user interaction.
Alternatively if you don't want to rebuild, mount the config at runtime:
2. **Multi-Factor Authentication**:
For SSH servers requiring additional factors (e.g., OTP), WebSSH2 will present prompts to the user through the web interface.
```bash
docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/config.json webssh2
```
Alternatively if you don't want to build either and mount the config at runtime relying on the community image :
3. **Always Prompt User**:
By setting `alwaysSendKeyboardInteractivePrompts` to `true`, you can ensure that users always see and respond to all authentication prompts, which can be useful for security-sensitive environments or for debugging purposes.
```bash
docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/config.json billchurch/webssh2
```
# Options
#### Security Considerations
## Environment Variables
Environment variables introduced in 0.4.7 will override anything specified in `config.json`. This is useful for settings that may be per-node, or in a container environment. These are optional and will default to whatever their peer config.json settings are
- The automatic password handling feature is designed for convenience but may not be suitable for high-security environments. Consider setting `alwaysSendKeyboardInteractivePrompts` to `true` if you want users to explicitly enter their credentials for each session.
- Ensure that your WebSSH2 installation uses HTTPS to protect the communication between the web browser and the WebSSH2 server.
* **LISTEN** - _string_ - IP address node should listen on for client connections, defaults to `127.0.0.1`. Peer is **listen.ip**
* **PORT** - _integer_ - Port node should listen on for client connections, defaults to `2222`. Peer is **listen.port**
* **SOCKETIO_ORIGINS** - _array_ - COORS origins to allow connections from to socket.io server, defaults to `localhost:2222`. Changed in 0.3.1, to enable previous, less secure, default behavior of everything use `*:*` (not recommended). Check [#240](../../issues/240). Peer is **socketio.origins**
* **SOCKETIO_PATH** _string_ - Path to socket.io client files. Default: `/ssh/socket.io`. Peer is **socketio.path**
* **SOCKETIO_SERVECLIENT** _boolean_ - serve the socket.io client. This is built into the custom javascript, so you shouldn't need this. Kept as an option just in case. Default: `false`. Peer is **socketio.serveClient**
For more information on SSH keyboard-interactive authentication, refer to [RFC 4256](https://tools.ietf.org/html/rfc4256).
## POST request vars (in main branch for testing)
## Routes
* **username** - _string_ - username to log into ssh with
WebSSH2 provides two main routes:
* **userpassword** _string_ password to log into ssh with
### 1. `/ssh`
* **port=** - _integer_ - port of SSH server (defaults to 22)
- **URL:** `http(s)://your-webssh2-server/ssh`
- **Features:**
- Interactive login form
* **header=** - _string_ - optional header to display on page
<img width="341" alt="image" src="https://github.com/user-attachments/assets/829d1776-3bc5-4315-b0c6-9e96a648ce06">
- Terminal configuration options
* **headerBackground=** - _string_ - optional background color of header to display on page
<img width="341" alt="image" src="https://github.com/user-attachments/assets/bf60f5ba-7221-4177-8d64-946907aed5ff">
* **sshterm=** - _string_ - optional specify terminal emulation to use, defaults to `ssh.term` in `config.json` or `vt100` if that is null
### 2. `/ssh/host/:host`
* **readyTimeout=** - _integer_ - How long (in milliseconds) to wait for the SSH handshake to complete. **Default:** 20000. **Enforced Values:** Min: 1, Max: 300000
- **URL:** `http(s)://your-webssh2-server/ssh/host/:host`
- **Authentication:** HTTP Basic Auth
- **Features:**
- Quick connections to specific hosts
- Optional `port` parameter (e.g., `?port=2222`)
* **cursorBlink** - _boolean_ - Cursor blinks (true), does not (false) **Default:** true.
## Deprecation Notice
* **scrollback** - _integer_ - Lines in the scrollback buffer. **Default:** 10000. **Enforced Values:** Min: 1, Max: 200000
Several configuration options and GET parameters have been deprecated. For a list of removed options and required actions, please refer to [DEPRECATED.md](./DEPRECATED.md).
* **tabStopWidth** - _integer_ - Tab stops at _n_ characters **Default:** 8. **Enforced Values:** Min: 1, Max: 100
## Tips
* **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound", "none"
- To add custom JavaScript, modify `./src/client.htm`, `./src/index.js`, or add your file to `webpack.*.js`.
- For security, use HTTPS when transmitting credentials via HTTP Basic Auth.
- Terminal settings for `/ssh/host/:host` can be customized after login via `Menu | Settings` and persist across sessions.
- You can enable debug from the console by passing the `DEBUG` environment variable to your start script: `DEBUG=webssh*,-webssh2:ssh2 npm run start`. The `webssh2:ssh2` namespace is very chatty and shows all of the SSH protocol information, the `-webssh2:ssh2` excludes that namespace from the line above, otherwise `DEBUG=webssh*` will capture all of the WebSSH2 specific bits. You may also debug Socket.IO and Express related events with `engine`, `socket` and `express` namespaces, or go for broke and debug everything with `DEBUG=*`.
* **fontSize** - _number_ - Size of terminal font. **Default:** 12
For more detailed information on configuration and usage, please refer to the full documentation or open an issue on GitHub.
* **fontFamily** - _string_ - Font family
## Support
If you like what I do, and want to support me you can [buy me a coffee](https://www.buymeacoffee.com/billchurch)!
* **letterSpacing** - _number_ - Letter spacing
[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/billchurch)
* **lineHeight** - _number_ - Line height
## GET request vars
* **port=** - _integer_ - port of SSH server (defaults to 22)
* **header=** - _string_ - optional header to display on page
* **headerBackground=** - _string_ - optional background color of header to display on page
* **sshterm=** - _string_ - optional specify terminal emulation to use, defaults to `ssh.term` in `config.json` or `vt100` if that is null
* **readyTimeout=** - _integer_ - How long (in milliseconds) to wait for the SSH handshake to complete. **Default:** 20000. **Enforced Values:** Min: 1, Max: 300000
* **cursorBlink** - _boolean_ - Cursor blinks (true), does not (false) **Default:** true.
* **scrollback** - _integer_ - Lines in the scrollback buffer. **Default:** 10000. **Enforced Values:** Min: 1, Max: 200000
* **tabStopWidth** - _integer_ - Tab stops at _n_ characters **Default:** 8. **Enforced Values:** Min: 1, Max: 100
* **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound", "none"
* **fontSize** - _number_ - Size of terminal font. **Default:** "12"
* **fontFamily** - _string_ - Font family
* **letterSpacing** - _number_ - Letter spacing
* **lineHeight** - _integer_ - Line height
## Headers
* **allowreplay** - _boolean_ - Allow use of password replay feature, example `allowreplay: true`
* **mrhsession** - _string_ - Can be used to pass APM session for event correlation `mrhsession: abc123`
## Config File Options
`config.json` contains several options which may be specified to customize to your needs, vs editing the javascript directly. This is JSON format so mind your spacing, brackets, etc...
* **listen.ip** - _string_ - IP address node should listen on for client connections, defaults to `127.0.0.1`
* **listen.port** - _integer_ - Port node should listen on for client connections, defaults to `2222`
* **socketio.serveClient** - _boolean_ - serve the socket.io client. This is built into the custom javascript, so you shouldn't need this. Kept as an option just in case. Default: `false`
* **socketio.path** - _string_ - Path to socket.io client files. Default: `/ssh/socket.io`
* **socketio.origins** - _array_ - COORS origins to allow connections from to socket.io server, defaults to `localhost:2222`. Changed in 0.3.1, to enable previous, less secure, default behavior of everything use `*:*` (not recommended). Check [#240](../../issues/240)
* **user.name** - _string_ - Specify user name to authenticate with. In normal cases this should be left to the default `null` setting.
* **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.
* **user.overridebasic** - _boolean_ - When set to `true` ignores `Authorization: Basic` header sent from client and use credentials defined in `user.name` and `user.password` instead. Defaults to `false`. [issue 242](../../issues/242) for more information.
* **ssh.host** - _string_ - Specify host to connect to. May be either hostname or IP address. Defaults to `null`.
* **ssh.port** - _integer_ - Specify SSH port to connect to, defaults to `22`
* **ssh.term** - _string_ - Specify terminal emulation to use, defaults to `vt100` if null
* **ssh.readyTimeout** - _integer_ - How long (in milliseconds) to wait for the SSH handshake to complete. **Default:** 20000.
* **ssh.keepaliveInterval** - _integer_ - How often (in milliseconds) to send SSH-level keepalive packets to the server (in a similar way as OpenSSH's ServerAliveInterval config option). Set to 0 to disable. **Default:** 120000.
* **ssh.keepaliveCountMax** - _integer_ - How many consecutive, unanswered SSH-level keepalive packets that can be sent to the server before disconnection (similar to OpenSSH's ServerAliveCountMax config option). **Default:** 10.
* **allowedSubnets** - _array_ - A list of subnets that the server is allowed to connect to via SSH. An empty array means all subnets are permitted; no restriction. **Default:** empty array.
* **terminal.cursorBlink** - _boolean_ - Cursor blinks (true), does not (false) **Default:** true.
* **terminal.scrollback** - _integer_ - Lines in the scrollback buffer. **Default:** 10000.
* **terminal.tabStopWidth** - _integer_ - Tab stops at _n_ characters **Default:** 8.
* **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
* **terminal.fontSize** - _number_ - Size of terminal font. **Default:** 14.
* **terminal.fontFamily** - _string_ - Font family
* **terminal.letterSpacing** - _number_ - Letter spacing
* **terminal.lineHeight** - _number_ - Line height
* **header.text** - _string_ - Specify header text, defaults to `My Header` but may also be set to `null`. When set to `null` no header bar will be displayed on the client.
* **header.background** - _string_ - Header background, defaults to `green`.
* **session.name** - _string_ - Name of session ID cookie. it's not a horrible idea to make this something unique.
* **session.secret** - _string_ - Secret key for cookie encryption. You should change this in production.
* **options.challengeButton** - _boolean_ - Challenge button. This option, which is still under development, allows the user to resend the password to the server (in cases of step-up authentication for things like `sudo` or a router `enable` command.
* **options.allowreauth** - _boolean_ - Reauth button. This option creates an option to provide a button to create a new session with new credentials. See [issue 51](../../issues/51) and [pull 85](../../pull/85) for more detail.
* **algorithms** - _object_ - This option allows you to explicitly override the default transport layer algorithms used for the connection. Each value must be an array of valid algorithms for that category. The order of the algorithms in the arrays are important, with the most favorable being first. Valid keys:
* **kex** - _array_ - Key exchange algorithms.
* Default values:
1. ecdh-sha2-nistp256 **(node v0.11.14 or newer)**
2. ecdh-sha2-nistp384 **(node v0.11.14 or newer)**
3. ecdh-sha2-nistp521 **(node v0.11.14 or newer)**
4. diffie-hellman-group-exchange-sha256 **(node v0.11.12 or newer)**
5. diffie-hellman-group14-sha1
* Supported values:
* ecdh-sha2-nistp256 **(node v0.11.14 or newer)**
* ecdh-sha2-nistp384 **(node v0.11.14 or newer)**
* ecdh-sha2-nistp521 **(node v0.11.14 or newer)**
* diffie-hellman-group-exchange-sha256 **(node v0.11.12 or newer)**
* diffie-hellman-group14-sha1
* diffie-hellman-group-exchange-sha1 **(node v0.11.12 or newer)**
* diffie-hellman-group1-sha1
* **cipher** - _array_ - Ciphers.
* Default values:
1. aes128-ctr
2. aes192-ctr
3. aes256-ctr
4. aes128-gcm **(node v0.11.12 or newer)**
5. aes128-gcm@openssh.com **(node v0.11.12 or newer)**
6. aes256-gcm **(node v0.11.12 or newer)**
7. aes256-gcm@openssh.com **(node v0.11.12 or newer)**
* Supported values:
* aes128-ctr
* aes192-ctr
* aes256-ctr
* aes128-gcm **(node v0.11.12 or newer)**
* aes128-gcm@openssh.com **(node v0.11.12 or newer)**
* aes256-gcm **(node v0.11.12 or newer)**
* aes256-gcm@openssh.com **(node v0.11.12 or newer)**
* aes256-cbc
* aes192-cbc
* aes128-cbc
* blowfish-cbc
* 3des-cbc
* arcfour256
* arcfour128
* cast128-cbc
* arcfour
* **hmac** - _array_ - (H)MAC algorithms.
* Default values:
1. hmac-sha2-256
2. hmac-sha2-512
3. hmac-sha1
* Supported values:
* hmac-sha2-256
* hmac-sha2-512
* hmac-sha1
* hmac-md5
* hmac-sha2-256-96
* hmac-sha2-512-96
* hmac-ripemd160
* hmac-sha1-96
* hmac-md5-96
* **compress** - _array_ - Compression algorithms.
* Default values:
1. none
2. zlib@openssh.com
3. zlib
* Supported values:
* none
* zlib@openssh.com
* zlib
* **serverlog.client** - _boolean_ - Enables client command logging on server log (console.log). Very simple at this point, buffers data from client until it receives a line-feed then dumps buffer to console.log with session information for tracking. Will capture anything send from client, including passwords, so use for testing only... Default: false. Example:
* _serverlog.client: GcZDThwA4UahDiKO2gkMYd7YPIfVAEFW/mnf0NUugLMFRHhsWAAAA host: 192.168.99.80 command: ls -lat_
* **serverlog.server** - _boolean_ - not implemented, default: false.
* **accesslog** - _boolean_ - http style access logging to console.log, default: false
* **safeShutdownDuration** - _integer_ - maximum delay, in seconds, given to users before the server stops when doing a safe shutdown
# Client-side logging
Clicking `Start logging` on the status bar will log all data to the client. A `Download log` option will appear after starting the logging. You may download at any time to the client. You may stop logging at any time my pressing the `Logging - STOP LOG`. Note that clicking the `Start logging` option again will cause the current log to be overwritten, so be sure to download first.
# Example:
http://localhost:2222/ssh/host/192.168.1.1?port=2244&header=My%20Header&headerBackground=red
# CONTRIBUTING
As of 0.4.0, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
If you've not used it before, I recommend installing the [vscode extensions](https://blog.echobind.com/integrating-prettier-eslint-airbnb-style-guide-in-vscode-47f07b5d7d6a) for that and [Prettier](https://prettier.io/) and getting familiar. The autocorrections are great (especially if you hate dealing with semi-colons...)
All contributions are welcome, all may not make it into a release... To increase the chances of your contribution making it into a release, try your best to conform to the style guides and targets of the project.
# Tips
* You can enable extended debug messages in the browser Java console using:
* `localStorage.debug = '*';` - Debug Everything (a lot of messages)
* `localStorage.debug = 'WebSSH2';` - Debug potentially interesting WebSSH2 related messages (replaying credentials, resizing data, other control messages)
* If you want to add custom JavaScript to the browser client you can either modify `./src/client.html` and add a **\<script\>** element, modify `./src/index.js` directly, or check out `webpack.*.js` and add your custom javascript file to a task there (best option).

16
SECURITY.md Normal file
View file

@ -0,0 +1,16 @@
# Security Policy
## Supported Versions
The following versions will get security updates.
| Version | Supported |
| ------- | ------------------ |
| 0.4.x | :white_check_mark: |
| 0.3.x | :x: |
| 0.2.x | :x: |
| 0.1.x | :x: |
## Reporting a Vulnerability
If you find a vulnerability, simply [open an issue](../../issues/new) with the details, use the label `security`.

138
SERVER_API.md
View file

@ -1,138 +0,0 @@
# WebSSH2 Server API Documentation
## Overview
The WebSSH2 server provides a WebSocket interface for establishing SSH connections. This API documentation outlines the events and data structures used for communication between the client and the server.
Currently this implementation requires Socket.IO v2.2.0 due to this instance targeting node 6.9.1 for a legacy project. Future releases will not have this limitation.
## Connection
The server uses Socket.IO for real-time communication. Connect to the WebSocket server at the same host and port as the HTTP server, with the path `/ssh/socket.io`.
## Events
### Server to Client Events
1. `authentication`
- Emitted to request authentication or provide authentication results.
- Payload:
```javascript
{
action: string, // "request_auth" or "auth_result"
success?: boolean, // Only present for "auth_result"
message?: string // Error message if authentication fails
}
```
2. `permissions`
- Emitted after successful authentication to provide allowed actions.
- Payload:
```javascript
{
autoLog: boolean,
allowReplay: boolean,
allowReconnect: boolean,
allowReauth: boolean
}
```
3. `getTerminal`
- Emitted to request terminal specifications from the client.
- Payload: `true`
4. `data`
- Emitted when there's output from the SSH session.
- Payload: `string` (UTF-8 encoded terminal output)
5. `ssherror`
- Emitted when an SSH-related error occurs.
- Payload: `string` (Error message)
6. `updateUI`
- Emitted to update specific UI elements.
- Payload:
```javascript
{
element: string, // UI element identifier
value: any // New value for the element
}
```
### Client to Server Events
1. `authenticate`
- Emit this event to provide authentication credentials.
- Payload:
```javascript
{
username: string,
password: string,
host: string,
port: number,
term?: string // Optional terminal type
}
```
2. `terminal`
- Emit this event to provide terminal specifications.
- Payload:
```javascript
{
term: string, // e.g., "xterm-256color"
cols: number,
rows: number
}
```
3. `data`
- Emit this event to send user input to the SSH session.
- Payload: `string` (UTF-8 encoded user input)
4. `resize`
- Emit this event when the terminal size changes.
- Payload:
```javascript
{
cols: number,
rows: number
}
```
5. `control`
- Emit this event for special control commands.
- Payload: `string` ("replayCredentials" or "reauth")
6. `disconnect`
- Emit this event to close the connection.
- No payload required
## Authentication Flow
1. The server emits `authentication` with `action: "request_auth"`.
2. The client emits `authenticate` with credentials.
3. The server may emit `authentication` with `action: "keyboard-interactive"` for additional authentication steps.
4. The server emits `authentication` with `action: "auth_result"` and `success: true/false`.
## Establishing SSH Session
1. After successful authentication, the server emits `getTerminal`.
2. The client emits `terminal` with terminal specifications.
3. The server establishes the SSH connection and starts emitting `data` events with terminal output.
4. The client can now send `data` events with user input.
## Error Handling
- The client should listen for `ssherror` events and handle them appropriately (e.g., displaying error messages to the user).
## UI Updates
- The client should listen for `updateUI` events and update the corresponding UI elements.
## Best Practices
1. Handle connection errors and implement reconnection logic.
2. Implement proper error handling and user feedback.
3. Securely manage authentication credentials.
4. Handle terminal resizing appropriately.
5. Implement support for special control commands (replay credentials, reauthentication).

24
app/.eslintrc.json Normal file
View file

@ -0,0 +1,24 @@
{
"ignorePatterns": ["**/*{.,-}min.js"],
"env": {
"browser": true,
"es2021": true,
"node": true
},
"extends": [
"airbnb-base",
"prettier"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 12,
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"prettier"
],
"rules": {
"prettier/prettier": ["error"]
}
}

1
app/.npmrc Normal file
View file

@ -0,0 +1 @@
tag-version-prefix=""

4
app/.prettierrc Normal file
View file

@ -0,0 +1,4 @@
{
"printWidth": 100,
"singleQuote": true
}

4
app/.snyk Normal file
View file

@ -0,0 +1,4 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.22.1
ignore: {}
patch: {}

461
app/CHANGELOG.md Normal file
View file

@ -0,0 +1,461 @@
# Changelog
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
## [0.5.0-pre-4](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-4...webssh2-v0.5.0-pre-4) (2022-08-07)
### Features
* test change for release ([476b566](https://github.com/billchurch/webssh2/commit/476b566c08a84bd35aaccf847253875b2c3afb10))
## [0.4.7-pre-4](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-3...webssh2-v0.4.7-pre-4) (2022-08-03)
### Miscellaneous Chores
* release 0.4.7-pre-4 ([7d4ba87](https://github.com/billchurch/webssh2/commit/7d4ba87bc1c198600ea33ee220553ef46ea2a103))
## [0.4.7-pre-3](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.7-pre-2...webssh2-v0.4.7-pre-3) (2022-08-03)
### Miscellaneous Chores
* release 0.4.7-pre-3 ([0c78c1f](https://github.com/billchurch/webssh2/commit/0c78c1f31cc6380b7f0706822fc418cfede11413))
## [0.4.7-pre-2](https://github.com/billchurch/webssh2/compare/webssh2-v0.4.6...webssh2-v0.4.7-pre-2) (2022-08-02)
### ⚠ BREAKING CHANGES
* validate referer to /reauth is valid
* bump xterm to 4.18.0
* consistent logging messages see #286
* config system changes #284 (#285)
### Features
* add additional params for POST requests [#290](https://github.com/billchurch/webssh2/issues/290) ([46c1560](https://github.com/billchurch/webssh2/commit/46c1560e3c126376e18124e14e5c7fb8c029a0a1))
* add additional vars to POST requests [#290](https://github.com/billchurch/webssh2/issues/290) ([0a4e419](https://github.com/billchurch/webssh2/commit/0a4e419fb371ae95340fa890497022a2aa9d063a))
* add fontFamily, letterSpacing, lineHeight ([97f3088](https://github.com/billchurch/webssh2/commit/97f3088780744e13a6724a4967a4896aac3f20d8))
* add fontSize option [#292](https://github.com/billchurch/webssh2/issues/292) ([5e78812](https://github.com/billchurch/webssh2/commit/5e788129744d326e78ec91bda86ed5cecfd70d3f))
* config system changes [#284](https://github.com/billchurch/webssh2/issues/284) ([#285](https://github.com/billchurch/webssh2/issues/285)) ([9c99b09](https://github.com/billchurch/webssh2/commit/9c99b0940ec726193deae3c4999d25a297874d67))
* consistent logging messages see [#286](https://github.com/billchurch/webssh2/issues/286) ([50cfcb9](https://github.com/billchurch/webssh2/commit/50cfcb97788cbd3409b4605adceef3d47e370e38))
* credentials over http post for [#290](https://github.com/billchurch/webssh2/issues/290) ([5b8f88c](https://github.com/billchurch/webssh2/commit/5b8f88cfef1745c88748277217204e6c38c7ff7e))
* reorder viewport setup at ssh handshake [#292](https://github.com/billchurch/webssh2/issues/292) ([140e1e2](https://github.com/billchurch/webssh2/commit/140e1e24b14d6b74848e9d250c2b44f806ad627d))
* validate referer to /reauth is valid ([0dcaa6e](https://github.com/billchurch/webssh2/commit/0dcaa6e15062cdc3252ce52abd9057caf4c00a30))
### Bug Fixes
* Fix the parameter passing problem of setDefaultCredentials to make it perform data initialization normally ([#288](https://github.com/billchurch/webssh2/issues/288)) ([40cbb35](https://github.com/billchurch/webssh2/commit/40cbb35616fa17c1c36520690f40ebce0b488153))
* invalid css in style.css ([ffab534](https://github.com/billchurch/webssh2/commit/ffab5345dcb568fa2bb50a96f403174ad3728286))
### package
* bump xterm to 4.18.0 ([84c09ec](https://github.com/billchurch/webssh2/commit/84c09ec8a1909e4bbd0051debdbb905276a4245e))
### [0.4.6](https://github.com/billchurch/WebSSH2/compare/v0.2.10-0...v0.4.6) (2022-04-17)
### Features
* add SIGTERM to safe shutdown feature ([675b4f5](https://github.com/billchurch/WebSSH2/commit/675b4f5a3a92b187b620684eb1ce1b7afa0e2e08))
* **auth:** ssh private key auth implemented via config.json ([#161](https://github.com/billchurch/WebSSH2/issues/161)) ([342df8e](https://github.com/billchurch/WebSSH2/commit/342df8eb9cafba52eb63b50a60e11e1431d6fbd4))
* **config:** specify local source address and port for client connections fixes [#152](https://github.com/billchurch/WebSSH2/issues/152) ([#158](https://github.com/billchurch/WebSSH2/issues/158)) ([65d6ec6](https://github.com/billchurch/WebSSH2/commit/65d6ec68452b80c42fd62534355e456ce1f16a32))
* CORS support ([b324f33](https://github.com/billchurch/WebSSH2/commit/b324f338adeb3518322941639fb83ba9370814cc)), closes [#240](https://github.com/billchurch/WebSSH2/issues/240)
### Bug Fixes
* deprecated term.setOption ([d903da8](https://github.com/billchurch/WebSSH2/commit/d903da87c41882a3736683c7de497cb8bd37f885))
* dockerignore ([#272](https://github.com/billchurch/WebSSH2/issues/272)) ([8a68cca](https://github.com/billchurch/WebSSH2/commit/8a68ccaffa374584b5d9531f9dbeae616bd971f5))
* fixes default for allowreauth ([#239](https://github.com/billchurch/WebSSH2/issues/239)) ([dcfd81b](https://github.com/billchurch/WebSSH2/commit/dcfd81b454b9fe66edec489266dc35a765464c6b)), closes [#238](https://github.com/billchurch/WebSSH2/issues/238)
* missing ENTRYPOINT for Dockerfile ([6a3a47a](https://github.com/billchurch/WebSSH2/commit/6a3a47a13de3cd70d603379a27e055f08a6ee62c))
* obey host ssh.host in config fixes [#190](https://github.com/billchurch/WebSSH2/issues/190) ([7b7e8e7](https://github.com/billchurch/WebSSH2/commit/7b7e8e753358ed48f52eb9aa2fc359bf758f304b))
* subnet unauthorized now emits "ssherror" which persists across websocket termination ([e796f9f](https://github.com/billchurch/WebSSH2/commit/e796f9fb5874d6557433f25e8976b7aa58fa8144))
* update config.json.sample ([#177](https://github.com/billchurch/WebSSH2/issues/177)) ([42f973b](https://github.com/billchurch/WebSSH2/commit/42f973b4796f7f50237dc8ce613e477aa89352ca))
* update read-config-ng to 3.0.5, fixes [#277](https://github.com/billchurch/WebSSH2/issues/277) ([3e82c0d](https://github.com/billchurch/WebSSH2/commit/3e82c0dc4d31d1c97a7cf98139ef8e6dc0213b22))
* update xterm.js fixes [#261](https://github.com/billchurch/WebSSH2/issues/261) ([c801ef9](https://github.com/billchurch/WebSSH2/commit/c801ef9e5826e13a403a6462241cf8a4ff456d45))
## 0.4.5 [20220417]
### Fixes
- update read-config-ng to 3.0.5, fixes [#277](../../issues/277)
## 0.4.5 [20220331]
### Fixes
- Update socket.io to 4.2.0
- Update read-config-ng to 3.0.4
## 0.4.4 [20211209]
### Fixes
- Add ./node_modules to .dockerignore [#240](../../issues/240) thanks @UncleSamSwiss
- validator to 13.7.0 [to mitigate potential Regular Expression Denial of Service (ReDoS)](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600)
- cidr-matcher should be [re-installed to pickup >json-schema@4.0.0 due to prototype pollution vulnerability](https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922)
- Update xterm.js to 4.15.0 [#261](../../issues/261)
- Replace deprecated term.setOptions with term.options
### Changes
- update README.md for additional Docker methods thanks @Utopiah
## 0.4.3 [20211019]
- update dependencies
- ssh2 to 1.4.0 [to mitigate potential command injection in windows](https://snyk.io/vuln/SNYK-JS-SSH2-1656673)
## 0.4.2 [20210813]
### changes
- update dependencies
- socket.io to 4.1.1
- read-config-ng to 3.0.2
- debug to 4.3.1
## 0.4.1 [20210703]
### Fixes
- lost comma in config.json.sample 71fe377
### Changes
- bump ws@7.4.6 to [mitigate potential ReDoS vulnerability](https://github.com/websockets/ws/releases/tag/7.4.6)
- dev: update CI tools
- dev: update dev tools
- dev: update build tools
## 0.4.0 [20210519]
### BREAKING
- Disabled ssh.serverlog.client option, this disables the POC which allowed for logging of the data sent between the client/server to the console.log.
- Dropping support for node versions under 14
### Changes
- Removed HTML menu code from ./app/server/socket.js, the menu is now fully laid out in the ./app/client/src/index.html and the option elements are hidden by default. Not sure why it wasn't done this way from the start, but there it is.
- Updated socket.io to v4.1.1
- Client javascript `./app/client/src/js/index.ts` is now built on TypeScript (`npm run build` will generate javascript for client and place into `app/client/public/webssh2.bundle.js` as before)
- Build environment changes
- removed unused xterm-addon-search, xterm-addon-weblinks, standard, postcss-discard-comments
- added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools
### Added
- Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy
- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic`
### CONTRIBUTING
In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
If you've not used it before, I recommend installing the [vscode extensions](https://blog.echobind.com/integrating-prettier-eslint-airbnb-style-guide-in-vscode-47f07b5d7d6a) for that and [Prettier](https://prettier.io/) and getting familiar. The autocorrections are great (especially if you hate dealing with semi-colons...)
As of 0.4.0-testing-0, the client code is written in [TypeScript](https://www.typescriptlang.org/docs/handbook/typescript-in-5-minutes.html). It's not that much different from JavaScript, and the introduction strong typing will ultimately help to produce better code. Eventually we want to move the whole project to TypeScript but that make take a bit more time. Take a moment to look at ./app/client/src/js/index.ts to see what TypeScript looks like.
## 0.3.1 [20210513]
### BREAKING
- Ability to configure CORS settings for socket.io see [#240](../../issues/240) for more information on how this may break existing deployments. Default settings in example `config.json` are currently permissive `http.origins: ["*:*"]` please note that if a `config.json` is not present, the default is `http.origins: ["localhost:2222"]
### Added
- Safe Shutdown Feature - thanks to @edgarogh
- Sending SIGINT or SIGTERM to node process responsible for WebSSH2 or Docker process will result in a "safe" shutdown
- Timer is configured in config.safeShutdownDuration
- feat: Use docker build to create multi-arch images (#202)
### Fixed
- obey host ssh.host in config fixes #190
### Changed
- `config.json.sample`: `allowreauth` now defaults to `false` fixes #238
- update ssh2 to 0.8.8 -> 0.8.9 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.8...v0.8.9)
- update xterm to 4.12.0 [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.4.0...4.12.0)
- update read-config-ng to 3.0.2
- update morgan to 1.10.0
- update debug to 4.3.1
- update express-session to 1.17.1
- update validator to 13.6.0
- development tools updates (build environment requires minimum of Node 10, only needed for customization)
- update @fortawesome/fontawesome-svg-core to 1.2.35
- update @fortawesome/free-solid-svg-icons to 5.15.3
- update copy-webpack-plugin to 8.1.1
- update cross-env to 7.0.3
- update css-loader to 5.2.4
- update file-loader to 6.2.0
- update mini-css-extract-plugin to 1.6.0
- update postcss-discard-comments to 5.0.0
- update snazzy to 9.0.0
- update standard to 16.0.3
- update standard-version to 9.3.0
- update style-loader to 2.0.0
- update terser-webpack-plugin to 5.1.1
- update url-loader to 4.1.1
- update webpack to 5.37.0
- update webpack-cli to 4.7.0
- update webpack-merge to 5.7.3
- update webpack-stream to 6.1.2
- update xterm-addon-fit to 0.5.0
- update xterm-addon-search to 0.8.0
- update xterm-addon-web-links to 0.4.0
- update ssri from 6.0.1 to 6.0.2 [#233](../../pull/233)
- update hosted-git-info from 2.8.5 to 2.8.9 [#237](../../pull/237)
- update lodash from 4.17.19 to 4.17.21 [#236](../../pull/236)
- update handlebars from 4.7.6 to 4.7.7 [#235](../../pull/235)
- update y18n from 4.0.0 to 4.0.1 [#230](../../pull/230)
- update elliptic from 6.5.3 to 6.5.4 [#228](../../pull/222833)
- update ini from 1.3.5 to 1.3.8 [#217](../../pull/217)
## 0.3.0 [20200315]
🍀🍀🍀
### Added
- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
- favicon
- added module `serve-favicon` to serve favicon from root if pre-fetched by browser
- added `link rel=icon` line in client.htm to serve favico.ico out of /ssh/
### Changed
- Using new repo for read-config -> read-config-ng-
- removed express compression feature, added no real value.
- module updates
- ssh2 to 0.8.6 -> 0.8.8 - [comparison at ssh2 repo](https://github.com/mscdex/ssh2/compare/v0.8.6...v0.8.8)
- xterm 4.2.0 -> 4.4.0 - [comparison at xtermjs repo](https://github.com/xtermjs/xterm.js/compare/4.2.0...4.4.0)
- read-config-ng 3.0.1 - (taking over abandoned repo)n
- development module updates (does not impact production, only for development and rebuilding)
- fortawesome/fontawesome-svg-core 1.2.27
- fortawesome/free-solid-svg-icons 5.12.1
- standard-version 7.1.0
- webpack 4.42.0
- webpack-cli 3.3.11
- terser-webpack-plugin 2.3.5
- copy-webpack-plugin 5.1.1
- cross-env 7.0.2
- css-loader 3.4.2
- file-loader 5.1.0
- style-loader 1.1.3
- url-loader 3.0.0
### Potentially Breaking Changes
- Move all child resources to start from under /ssh
- /socket.io -> /ssh/socket.io
- /webssh2.css -> /ssh/webssh2.css
- /webssh2.bundle.js -> /ssh/webssh2.bundle.js
- /reauth -> /ssh/reauth
- perhaps more
### Fixes
- Typo in config.json.sample, thanks @wuchihsu, fixes #173
### Housekeeping
- Removed irrelavant build scripts from /scripts
## 0.2.9 [2019-06-13]
### Changes
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
- issue not exploitable on webssh2 implementation
- patched anyway
- sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
- See https://github.com/nodeca/js-yaml/issues/475 for more detail
## 0.2.8 [2019-05-25]
### Changes
- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue [#118](../../issues/118). Thanks @smilesm2 for the idea.
- fixes broken `npm run (build|builddev)`
- update font-awesome fonts to 5.6.3
- update webpack and dependancies
- update xterm to 3.8.0
### Fixes
- ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package
## 0.2.7 [2018-11-11]
### Changes
- `config.reauth` was not respected if initial auth presented was incorrect, regardless of `reauth` setting in `config.json` reauth would always be attempted. fixes [#117](../../issues/117)
- **BREAKING** moved app files to /app, this may be a breaking change
- Updated dockerfile for new app path
- Updated app dependancies
- xterm v3.8.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
- basic-auth v2.0.1
- https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
- express v4.16.4
- https://github.com/expressjs/express/releases/tag/4.16.4
- validator v10.9.0
- https://github.com/chriso/validator.js/releases/tag/10.9.0
- Updated dev dependancies
- snazzy v8.0.0
- standard v12.0.1
- uglifyjs-webpack-plugin v2.0.1
- ajv v6.5.5
- copy-webpack-plugin v4.6.0
- css-loader v1.0.1
- nodemon v1.18.6
- postcss-discard-comments v4.0.1
- snyk v1.108.2
- url-loader v1.1.2
- webpack v4.25.1
- webpack-cli v3.1.2
## 0.2.6 [2018-11-09]
### Changes
- Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
- Update node version supported to >=6 (PR #115) thanks @perlun
- Update packages
- developer dependencies
## 0.2.5 [2018-09-11]
### Added
- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
- Controlled by `config.json` option `options.allowreauth` true presents reauth dialog and false hides dialog
### Changed
- `options.challengeButton` enabled
- previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the `allowreplay` header value
- Updated debug module to v4
## 0.2.4 [2018-07-18]
### Added
- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
- Added bellStyle options
- `GET var`: **bellStyle** - _string_ - Style of terminal bell: ("sound"|"none"). **Default:** "sound". **Enforced Values:** "sound "none"
- `config.json`: **terminal.bellStyle** - _string_ - Style of terminal bell: (sound|none). **Default:** "sound".
- `workspace` folder on GITHUB for BIG-IP specific fixes/changes
### Changed
- Updated xterm.js to 3.1.0
- https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
- Default listen IP in `config.json` changed back to 127.0.0.1
### Fixed
- ESC]0; is now removed from log files when using the browser-side logging feature
## 0.2.3 unreleased
### Fixed
- ESC]0; is now removed from log files when using the browser-side logging feature
## 0.2.0 [2018-02-10]
Mostly client (browser) related changes in this release
### Added
- Menu system
- Fontawesome icons
- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
- New terminal options (config.json as well as GET vars)
- terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
- terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
- terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
- Logging of MRH session (unassigned if not present)
- Express compression feature
### Changed
- Updated xterm.js to 3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
- See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
- Moved javascript events out of html into javascript
- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
- Moved logging and credentials buttons to menu system
- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
### Fixed
- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
## 0.1.4 [2018-01-30]
### Changed
- Moved socket and util out of folders into .js in root.
- added keepaliveInterval and keepaliveCountMax config options
## 0.1.3 [2017-09-28]
### Changed
- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
- Upgrade Express to 4.15.5 for ReDOS
- Upgrade basic-auth to v2.0
## 0.1.2 [2017-07-31]
### Added
- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
### Changed
- Updated xterm.js to 2.9.2 from 2.6.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
- ssh-streams to 0.1.19 from 0.1.16
- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
- https://github.com/chriso/validator.js/releases/tag/8.0.0
- Updated Express to 4.15.4, no fixes impacting WebSSH2
- https://github.com/expressjs/express/releases/tag/4.15.4
- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
- https://github.com/expressjs/session/releases/tag/v1.15.5
- Updated Debug to 3.0.0, no fixes impacting WebSSH2
- https://github.com/visionmedia/debug/releases/tag/3.0.0
- Running in strict mode ('use strict';)
## 0.1.1 [2017-06-03]
### Added
- `serverlog.client` and `serverlog.server` options added to `config.json` to enable logging of client commands to server log (only client portion implemented at this time)
- morgan express middleware for logging
### Changed
- Updated socket.io to 1.7.4
- continued refactoring, breaking up `index.js`
- revised error handling methods
- revised session termination methods
### Fixed
### Removed
- color console decorations from `util/index.js`
- SanatizeHeaders function from `util/index.js`
## 0.1.0 [2017-05-27]
### Added
- This ChangeLog.md file
- Support for UTF-8 characters (thanks @bara666)
- Snyk, Bithound, Travis CI
- Cross platform improvements (path mappings)
- Session fixup between Express and Socket.io
- Session secret settings in `config.json`
- env variable `DEBUG=ssh2` will put the `ssh2` module into debug mode
- env variable `DEBUG=WebSSH2` will output additional debug messages for functions
and events in the application (not including the ssh2 module debug)
- using Grunt to pull js and css source files from other modules `npm run build` to rebuild these if changed or updated.
- `useminified` option in `config.json` to enable using minified client side javascript (true) defaults to false (non-minified)
- sshterm= query option to specify TERM environment variable for host, valid strings are alpha-numeric with a hypen (validated). Otherwise the default ssh.term variable from `config.json` will be used.
- validation for host (v4,v6,fqdn,hostname), port (integer 2-65535), and header (sanitized) from URL input
### Changed
- error handling in public/client.js
- moved socket.io operations to their own file /socket/index.js, more changes like this to come (./socket/index.js)
- all session based variables are now under the req.session.ssh property or socket.request.ssh (./index.js)
- moved SSH algorithms to `config.json` and defined as a session variable (..session.ssh.algorithms)
-- prep for future feature to define algorithms in header or some other method to enable separate ciphers per host
- minified and combined all js files to a single js in `./public/webssh2.min.js` also included a sourcemap `./public/webssh2.min.js` which maps to `./public/webssh2.js` for easier troubleshooting.
- combined all css files to a single css in `./public/webssh2.css`
- minified all css files to a single css in `./public/webssh2.min.css`
- copied all unmodified source css and js to /public/src/css and /public/src/js respectively (for troubleshooting/etc)
- sourcemaps of all minified code (in /public/src and /public/src/js)
- renamed `client.htm` to `client-full.htm`
- created `client-min.htm` to serve minified javascript
- if header.text is null in `config.json` and header is not defined as a get parameter the Header will not be displayed. Both of these must be null / undefined and not specified as get parameters.
### Fixed
- Multiple errors may overwrite status bar which would cause confusion as to what originally caused the error. Example, ssh server disconnects which prompts a cascade of events (conn.on('end'), socket.on('disconnect'), conn.on('close')) and the original reason (conn.on('end')) would be lost and the user would erroneously receive a WEBSOCKET error as the last event to fire would be the websocket connection closing from the app.
- ensure ssh session is closed when a browser disconnects from the websocket
- if headerBackground is changed, status background is changed to the same color (typo, fixed)
### Removed
- Express Static References directly to module source directories due to concatenating and minifying js/css
## 0.0.5 - [2017-03-23]
### Added
- Added experimental support for logging (see Readme)
### Fixed
- Terminal geometry now properly fills the browser screen and communicates this to the ssh session. Tested with IE 11 and recent versions of Chrome/Safari/Firefox.
## 0.0.4 - [2017-03-23]
### Added
- Set default terminal to xterm-color
- Mouse event support
- New config option, config.ssh.term to set terminal
### Changed
- Update to Xterm.js 2.4.0
- Minor code formatting cleanup
## 0.0.3 - [2017-02-16]
### Changed
- Update xterm to latest (2.3.0)
### Fixed
- Fixed misspelled config.ssh.port property
## 0.0.2 - [2017-02-01]
### Changed
- Moving terminal emulation to xterm.js
- updating module version dependencies
### Fixed
- Fixed issue with banners not being displayed properly from UNIX hosts when only lf is used
## 0.0.1 - [2016-06-28]
### Added
- Initial proof of concept and release. For historical purposes only.

21
app/LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2017 Bill Church
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

70
app/app.js
View file

@ -1,70 +0,0 @@
// server
// app/app.js
const express = require("express")
const config = require("./config")
const socketHandler = require("./socket")
const sshRoutes = require("./routes")
const { applyMiddleware } = require("./middleware")
const { createServer, startServer } = require("./server")
const { configureSocketIO } = require("./io")
const { handleError, ConfigError } = require("./errors")
const { createNamespacedDebug } = require("./logger")
const { DEFAULTS, MESSAGES } = require("./constants")
const debug = createNamespacedDebug("app")
/**
* Creates and configures the Express application
* @returns {Object} An object containing the app and sessionMiddleware
*/
function createApp() {
const app = express()
try {
// Resolve the correct path to the webssh2_client module
const clientPath = DEFAULTS.WEBSSH2_CLIENT_PATH
// Apply middleware
const { sessionMiddleware } = applyMiddleware(app, config)
// Serve static files from the webssh2_client module with a custom prefix
app.use("/ssh/assets", express.static(clientPath))
// Use the SSH routes
app.use("/ssh", sshRoutes)
return { app: app, sessionMiddleware: sessionMiddleware }
} catch (err) {
throw new ConfigError(
`${MESSAGES.EXPRESS_APP_CONFIG_ERROR}: ${err.message}`
)
}
}
/**
* Initializes and starts the server
* @returns {Object} An object containing the server, io, and app instances
*/
function initializeServer() {
try {
const { app, sessionMiddleware } = createApp()
const server = createServer(app)
const io = configureSocketIO(server, sessionMiddleware, config)
// Set up Socket.IO listeners
socketHandler(io, config)
// Start the server
startServer(server, config)
debug("Server initialized")
return { server: server, io: io, app: app }
} catch (err) {
handleError(err)
process.exit(1)
}
}
module.exports = { initializeServer: initializeServer, config: config }

BIN
app/bun.lockb Executable file
View file

Binary file not shown.

32
app/client/public/client.htm Normal file
View file

@ -0,0 +1,32 @@
<!DOCTYPE html>
<html>
<head>
<title>WebSSH2</title>
<style>
html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
</style>
<link rel="stylesheet" href="/ssh/webssh2.css" />
<link rel="icon" href="/ssh/favicon.ico" />
</head>
<body>
<div class="box">
<div id="header"></div>
<div id="terminal-container" class="terminal"></div>
<div id="bottomdiv">
<div class="dropup" id="menu">
<i class="fas fa-bars fa-fw"></i> Menu
<div id="dropupContent" class="dropup-content">
<a id="logBtn"><i class="fas fa-clipboard fa-fw"></i> Start Log</a>
<a id="downloadLogBtn"><i class="fas fa-download fa-fw"></i> Download Log</a>
<a id="reauthBtn" style="display: none;"><i class="fas fa-key fa-fw"></i> Switch User</a>
<a id="credentialsBtn" style="display: none;"><i class="fas fa-key fa-fw"></i> Credentials</a>
</div>
</div>
<div id="footer"></div>
<div id="status"></div>
<div id="countdown"></div>
</div>
</div>
<script src="/ssh/webssh2.bundle.js" defer></script>
</body>
</html>

BIN
app/client/public/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 15 KiB

1
app/client/public/webssh2.bundle.js Normal file
View file

File diff suppressed because one or more lines are too long

366
app/client/public/webssh2.css Normal file
View file

@ -0,0 +1,366 @@
/**
* Copyright (c) 2014 The xterm.js authors. All rights reserved.
* Copyright (c) 2012-2013, Christopher Jeffrey (MIT License)
* https://github.com/chjj/term.js
* @license MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* Originally forked from (with the author's permission):
* Fabrice Bellard's javascript vt100 for jslinux:
* http://bellard.org/jslinux/
* Copyright (c) 2011 Fabrice Bellard
* The original design remains. The terminal itself
* has been extended to include xterm CSI codes, among
* other features.
*/
/**
* Default styles for xterm.js
*/
.xterm {
cursor: text;
position: relative;
user-select: none;
-ms-user-select: none;
-webkit-user-select: none;
}
.xterm.focus,
.xterm:focus {
outline: none;
}
.xterm .xterm-helpers {
position: absolute;
top: 0;
/**
* The z-index of the helpers must be higher than the canvases in order for
* IMEs to appear on top.
*/
z-index: 5;
}
.xterm .xterm-helper-textarea {
padding: 0;
border: 0;
margin: 0;
/* Move textarea out of the screen to the far left, so that the cursor is not visible */
position: absolute;
opacity: 0;
left: -9999em;
top: 0;
width: 0;
height: 0;
z-index: -5;
/** Prevent wrapping so the IME appears against the textarea at the correct position */
white-space: nowrap;
overflow: hidden;
resize: none;
}
.xterm .composition-view {
/* TODO: Composition position got messed up somewhere */
background: #000;
color: #FFF;
display: none;
position: absolute;
white-space: nowrap;
z-index: 1;
}
.xterm .composition-view.active {
display: block;
}
.xterm .xterm-viewport {
/* On OS X this is required in order for the scroll bar to appear fully opaque */
background-color: #000;
overflow-y: scroll;
cursor: default;
position: absolute;
right: 0;
left: 0;
top: 0;
bottom: 0;
}
.xterm .xterm-screen {
position: relative;
}
.xterm .xterm-screen canvas {
position: absolute;
left: 0;
top: 0;
}
.xterm .xterm-scroll-area {
visibility: hidden;
}
.xterm-char-measure-element {
display: inline-block;
visibility: hidden;
position: absolute;
top: 0;
left: -9999em;
line-height: normal;
}
.xterm.enable-mouse-events {
/* When mouse events are enabled (eg. tmux), revert to the standard pointer cursor */
cursor: default;
}
.xterm.xterm-cursor-pointer,
.xterm .xterm-cursor-pointer {
cursor: pointer;
}
.xterm.column-select.focus {
/* Column selection mode */
cursor: crosshair;
}
.xterm .xterm-accessibility:not(.debug),
.xterm .xterm-message {
position: absolute;
left: 0;
top: 0;
bottom: 0;
right: 0;
z-index: 10;
color: transparent;
pointer-events: none;
}
.xterm .xterm-accessibility-tree:not(.debug) *::selection {
color: transparent;
}
.xterm .xterm-accessibility-tree {
user-select: text;
white-space: pre;
}
.xterm .live-region {
position: absolute;
left: -9999px;
width: 1px;
height: 1px;
overflow: hidden;
}
.xterm-dim {
/* Dim should not apply to background, so the opacity of the foreground color is applied
* explicitly in the generated class and reset to 1 here */
opacity: 1 !important;
}
.xterm-underline-1 { text-decoration: underline; }
.xterm-underline-2 { text-decoration: double underline; }
.xterm-underline-3 { text-decoration: wavy underline; }
.xterm-underline-4 { text-decoration: dotted underline; }
.xterm-underline-5 { text-decoration: dashed underline; }
.xterm-overline {
text-decoration: overline;
}
.xterm-overline.xterm-underline-1 { text-decoration: overline underline; }
.xterm-overline.xterm-underline-2 { text-decoration: overline double underline; }
.xterm-overline.xterm-underline-3 { text-decoration: overline wavy underline; }
.xterm-overline.xterm-underline-4 { text-decoration: overline dotted underline; }
.xterm-overline.xterm-underline-5 { text-decoration: overline dashed underline; }
.xterm-strikethrough {
text-decoration: line-through;
}
.xterm-screen .xterm-decoration-container .xterm-decoration {
z-index: 6;
position: absolute;
}
.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer {
z-index: 7;
}
.xterm-decoration-overview-ruler {
z-index: 8;
position: absolute;
top: 0;
right: 0;
pointer-events: none;
}
.xterm-decoration-top {
z-index: 2;
position: relative;
}
body, html {
font-family: helvetica, sans-serif, arial;
font-size: 1em;
background-color: rgb(0, 0, 0);
color: rgb(240, 240, 240);
height: 100%;
margin: 0;
}
#header {
color: rgb(240, 240, 240);
background-color: rgb(0, 128, 0);
width: 100%;
border-color: white;
border-style: none none solid none;
border-width: 1px;
text-align: center;
flex: 0 1 auto;
z-index: 99;
height:19px;
display: none;
}
.box {
display: block;
height: 100%;
}
#terminal-container {
display: block;
width: calc(100% - 1px);
margin: 0 auto;
padding: 2px;
height: calc(100% - 19px);
}
#terminal-container .terminal {
background-color: #000000;
color: #fafafa;
padding: 2px;
height: calc(100% - 19px);
}
#terminal-container .terminal:focus .terminal-cursor {
background-color: #fafafa;
}
#bottomdiv {
position: fixed;
left: 0;
bottom: 0;
width: 100%;
background-color: rgb(50, 50, 50);
border-color: white;
border-style: solid none none none;
border-width: 1px;
z-index: 99;
height: 19px;
}
#footer {
display: inline-block;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 5px;
padding-right: 5px;
border-color: white;
border-style: none none none solid;
border-width: 1px;
text-align: left;
}
#status {
display: inline-block;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 10px;
padding-right: 10px;
border-color: white;
border-style: none solid none solid;
border-width: 1px;
text-align: left;
z-index: 100;
}
#countdown {
display: none;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 10px;
padding-right: 10px;
border-color: white;
border-style: none solid none solid;
border-width: 1px;
text-align: left;
z-index: 100;
}
#countdown.active {
display: inline-block;
animation: countdown infinite alternate 200ms;
}
@keyframes countdown {
from {
background-color: rgb(255, 255, 0);
}
to {
background-color: inherit;
}
}
#menu {
display: inline-block;
font-size: 16px;
color: rgb(255, 255, 255);
padding-left: 10px;
z-index: 100;
}
#menu:hover .dropup-content {
display: block;
}
#logBtn, #credentialsBtn, #reauthBtn {
color: #000;
}
.dropup {
position: relative;
display: inline-block;
cursor: pointer;
}
.dropup-content {
display: none;
position: absolute;
background-color: #f1f1f1;
font-size: 16px;
min-width: 160px;
bottom: 18px;
z-index: 101;
}
.dropup-content a {
color: #777;
padding: 12px 16px;
text-decoration: none;
display: block;
}
.dropup-content a:hover {
background-color: #ccc
}
.dropup:hover .dropup-content {
display: block;
}
.dropup:active .dropup-content {
display: block;
}
.dropup:hover .dropbtn {
background-color: #3e8e41;
}

1
app/client/src/README.md Normal file
View file

@ -0,0 +1 @@
Customizations and modifications to the client (browser) go here. Then run "npm run build" to integrate into ../public (where client files are served from). Note that ../public is a flat directory structure. ../public directory is deleted and refreshed eatch thime "npm run build" is run.

32
app/client/src/client.htm Normal file
View file

@ -0,0 +1,32 @@
<!DOCTYPE html>
<html>
<head>
<title>WebSSH2</title>
<style>
html, body {background-color: #000;height: 100%;margin: 0;}.dropup-content {display: none;}
</style>
<link rel="stylesheet" href="/ssh/webssh2.css" />
<link rel="icon" href="/ssh/favicon.ico" />
</head>
<body>
<div class="box">
<div id="header"></div>
<div id="terminal-container" class="terminal"></div>
<div id="bottomdiv">
<div class="dropup" id="menu">
<i class="fas fa-bars fa-fw"></i> Menu
<div id="dropupContent" class="dropup-content">
<a id="logBtn"><i class="fas fa-clipboard fa-fw"></i> Start Log</a>
<a id="downloadLogBtn"><i class="fas fa-download fa-fw"></i> Download Log</a>
<a id="reauthBtn" style="display: none;"><i class="fas fa-key fa-fw"></i> Switch User</a>
<a id="credentialsBtn" style="display: none;"><i class="fas fa-key fa-fw"></i> Credentials</a>
</div>
</div>
<div id="footer"></div>
<div id="status"></div>
<div id="countdown"></div>
</div>
</div>
<script src="/ssh/webssh2.bundle.js" defer></script>
</body>
</html>

146
app/client/src/css/style.css Normal file
View file

@ -0,0 +1,146 @@
body, html {
font-family: helvetica, sans-serif, arial;
font-size: 1em;
background-color: rgb(0, 0, 0);
color: rgb(240, 240, 240);
height: 100%;
margin: 0;
}
#header {
color: rgb(240, 240, 240);
background-color: rgb(0, 128, 0);
width: 100%;
border-color: white;
border-style: none none solid none;
border-width: 1px;
text-align: center;
flex: 0 1 auto;
z-index: 99;
height:19px;
display: none;
}
.box {
display: block;
height: 100%;
}
#terminal-container {
display: block;
width: calc(100% - 1px);
margin: 0 auto;
padding: 2px;
height: calc(100% - 19px);
}
#terminal-container .terminal {
background-color: #000000;
color: #fafafa;
padding: 2px;
height: calc(100% - 19px);
}
#terminal-container .terminal:focus .terminal-cursor {
background-color: #fafafa;
}
#bottomdiv {
position: fixed;
left: 0;
bottom: 0;
width: 100%;
background-color: rgb(50, 50, 50);
border-color: white;
border-style: solid none none none;
border-width: 1px;
z-index: 99;
height: 19px;
}
#footer {
display: inline-block;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 5px;
padding-right: 5px;
border-color: white;
border-style: none none none solid;
border-width: 1px;
text-align: left;
}
#status {
display: inline-block;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 10px;
padding-right: 10px;
border-color: white;
border-style: none solid none solid;
border-width: 1px;
text-align: left;
z-index: 100;
}
#countdown {
display: none;
color: rgb(240, 240, 240);
background-color: rgb(50, 50, 50);
padding-left: 10px;
padding-right: 10px;
border-color: white;
border-style: none solid none solid;
border-width: 1px;
text-align: left;
z-index: 100;
}
#countdown.active {
display: inline-block;
animation: countdown infinite alternate 200ms;
}
@keyframes countdown {
from {
background-color: rgb(255, 255, 0);
}
to {
background-color: inherit;
}
}
#menu {
display: inline-block;
font-size: 16px;
color: rgb(255, 255, 255);
padding-left: 10px;
z-index: 100;
}
#menu:hover .dropup-content {
display: block;
}
#logBtn, #credentialsBtn, #reauthBtn {
color: #000;
}
.dropup {
position: relative;
display: inline-block;
cursor: pointer;
}
.dropup-content {
display: none;
position: absolute;
background-color: #f1f1f1;
font-size: 16px;
min-width: 160px;
bottom: 18px;
z-index: 101;
}
.dropup-content a {
color: #777;
padding: 12px 16px;
text-decoration: none;
display: block;
}
.dropup-content a:hover {
background-color: #ccc
}
.dropup:hover .dropup-content {
display: block;
}
.dropup:active .dropup-content {
display: block;
}
.dropup:hover .dropbtn {
background-color: #3e8e41;
}

BIN
app/client/src/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 15 KiB

285
app/client/src/js/index.ts Normal file
View file

@ -0,0 +1,285 @@
/* eslint-disable import/no-extraneous-dependencies */
import { io } from 'socket.io-client';
import { Terminal } from '@xterm/xterm';
import { FitAddon } from '@xterm/addon-fit';
import { library, dom } from '@fortawesome/fontawesome-svg-core';
import { faBars, faClipboard, faDownload, faKey, faCog } from '@fortawesome/free-solid-svg-icons';
library.add(faBars, faClipboard, faDownload, faKey, faCog);
dom.watch();
const debug = require('debug')('WebSSH2');
require('@xterm/xterm/css/xterm.css');
require('../css/style.css');
/* global Blob, logBtn, credentialsBtn, reauthBtn, downloadLogBtn */ // eslint-disable-line
let sessionLogEnable = false;
let loggedData = false;
let allowreplay = false;
let allowreauth = false;
let sessionLog: string;
let sessionFooter: any;
let logDate: {
getFullYear: () => any;
getMonth: () => number;
getDate: () => any;
getHours: () => any;
getMinutes: () => any;
getSeconds: () => any;
};
let currentDate: Date;
let myFile: string;
let errorExists: boolean;
const term = new Terminal();
// DOM properties
const logBtn = document.getElementById('logBtn');
const credentialsBtn = document.getElementById('credentialsBtn');
const reauthBtn = document.getElementById('reauthBtn');
const downloadLogBtn = document.getElementById('downloadLogBtn');
const status = document.getElementById('status');
const header = document.getElementById('header');
const footer = document.getElementById('footer');
const countdown = document.getElementById('countdown');
const fitAddon = new FitAddon();
const terminalContainer = document.getElementById('terminal-container');
term.loadAddon(fitAddon);
term.open(terminalContainer);
term.focus();
fitAddon.fit();
const socket = io({
path: '/ssh/socket.io',
});
// reauthenticate
function reauthSession () { // eslint-disable-line
debug('re-authenticating');
socket.emit('control', 'reauth');
window.location.href = '/ssh/reauth';
return false;
}
// cross browser method to "download" an element to the local system
// used for our client-side logging feature
function downloadLog () { // eslint-disable-line
if (loggedData === true) {
myFile = `WebSSH2-${logDate.getFullYear()}${
logDate.getMonth() + 1
}${logDate.getDate()}_${logDate.getHours()}${logDate.getMinutes()}${logDate.getSeconds()}.log`;
// regex should eliminate escape sequences from being logged.
const blob = new Blob(
[
sessionLog.replace(
// eslint-disable-next-line no-control-regex
/[\u001b\u009b][[\]()#;?]*(?:\d{1,4}(?:;\d{0,4})*)?[0-9A-ORZcf-nqry=><;]/g,
''
),
],
{
// eslint-disable-line no-control-regex
type: 'text/plain',
}
);
const elem = window.document.createElement('a');
elem.href = window.URL.createObjectURL(blob);
elem.download = myFile;
document.body.appendChild(elem);
elem.click();
document.body.removeChild(elem);
}
term.focus();
}
// Set variable to toggle log data from client/server to a varialble
// for later download
function toggleLog () { // eslint-disable-line
if (sessionLogEnable === true) {
sessionLogEnable = false;
loggedData = true;
logBtn.innerHTML = '<i class="fas fa-clipboard fa-fw"></i> Start Log';
currentDate = new Date();
sessionLog = `${sessionLog}\r\n\r\nLog End for ${sessionFooter}: ${currentDate.getFullYear()}/${
currentDate.getMonth() + 1
}/${currentDate.getDate()} @ ${currentDate.getHours()}:${currentDate.getMinutes()}:${currentDate.getSeconds()}\r\n`;
logDate = currentDate;
term.focus();
return false;
}
sessionLogEnable = true;
loggedData = true;
logBtn.innerHTML = '<i class="fas fa-cog fa-spin fa-fw"></i> Stop Log';
downloadLogBtn.style.color = '#000';
downloadLogBtn.addEventListener('click', downloadLog);
currentDate = new Date();
sessionLog = `Log Start for ${sessionFooter}: ${currentDate.getFullYear()}/${
currentDate.getMonth() + 1
}/${currentDate.getDate()} @ ${currentDate.getHours()}:${currentDate.getMinutes()}:${currentDate.getSeconds()}\r\n\r\n`;
logDate = currentDate;
term.focus();
return false;
}
// replay password to server, requires
function replayCredentials () { // eslint-disable-line
socket.emit('control', 'replayCredentials');
debug(`control: replayCredentials`);
term.focus();
return false;
}
// draw/re-draw menu and reattach listeners
// when dom is changed, listeners are abandonded
function drawMenu() {
logBtn.addEventListener('click', toggleLog);
if (allowreauth) {
reauthBtn.addEventListener('click', reauthSession);
reauthBtn.style.display = 'block';
}
if (allowreplay) {
credentialsBtn.addEventListener('click', replayCredentials);
credentialsBtn.style.display = 'block';
}
if (loggedData) {
downloadLogBtn.addEventListener('click', downloadLog);
downloadLogBtn.style.display = 'block';
}
}
function resizeScreen() {
fitAddon.fit();
socket.emit('resize', { cols: term.cols, rows: term.rows });
debug(`resize: ${JSON.stringify({ cols: term.cols, rows: term.rows })}`);
}
window.addEventListener('resize', resizeScreen, false);
term.onData((data) => {
socket.emit('data', data);
});
socket.on('data', (data: string | Uint8Array) => {
term.write(data);
if (sessionLogEnable) {
sessionLog += data;
}
});
socket.on('connect', () => {
socket.emit('geometry', term.cols, term.rows);
debug(`geometry: ${term.cols}, ${term.rows}`);
});
socket.on(
'setTerminalOpts',
(data: {
cursorBlink: boolean;
scrollback: number;
tabStopWidth: number;
bellStyle: 'none' | 'sound';
fontSize: number;
fontFamily: string;
letterSpacing: number;
lineHeight: number;
}) => {
term.options = data;
}
);
socket.on('title', (data: string) => {
document.title = data;
});
socket.on('menu', () => {
drawMenu();
});
socket.on('status', (data: string) => {
status.innerHTML = data;
});
socket.on('ssherror', (data: string) => {
status.innerHTML = data;
status.style.backgroundColor = 'red';
errorExists = true;
});
socket.on('headerBackground', (data: string) => {
header.style.backgroundColor = data;
});
socket.on('header', (data: string) => {
if (data) {
header.innerHTML = data;
header.style.display = 'block';
// header is 19px and footer is 19px, recaculate new terminal-container and resize
terminalContainer.style.height = 'calc(100% - 38px)';
resizeScreen();
}
});
socket.on('footer', (data: string) => {
sessionFooter = data;
footer.innerHTML = data;
});
socket.on('statusBackground', (data: string) => {
status.style.backgroundColor = data;
});
socket.on('allowreplay', (data: boolean) => {
if (data === true) {
debug(`allowreplay: ${data}`);
allowreplay = true;
drawMenu();
} else {
allowreplay = false;
debug(`allowreplay: ${data}`);
}
});
socket.on('allowreauth', (data: boolean) => {
if (data === true) {
debug(`allowreauth: ${data}`);
allowreauth = true;
drawMenu();
} else {
allowreauth = false;
debug(`allowreauth: ${data}`);
}
});
socket.on('disconnect', (err: any) => {
if (!errorExists) {
status.style.backgroundColor = 'red';
status.innerHTML = `WEBSOCKET SERVER DISCONNECTED: ${err}`;
}
socket.io.reconnection(false);
countdown.classList.remove('active');
});
socket.on('error', (err: any) => {
if (!errorExists) {
status.style.backgroundColor = 'red';
status.innerHTML = `ERROR: ${err}`;
}
});
socket.on('reauth', () => {
if (allowreauth) {
reauthSession();
}
});
// safe shutdown
let hasCountdownStarted = false;
socket.on('shutdownCountdownUpdate', (remainingSeconds: any) => {
if (!hasCountdownStarted) {
countdown.classList.add('active');
hasCountdownStarted = true;
}
countdown.innerText = `Shutting down in ${remainingSeconds}s`;
});
term.onTitleChange((title) => {
document.title = title;
});

9
app/client/tsconfig.json Normal file
View file

@ -0,0 +1,9 @@
{
"compilerOptions": {
"outDir": "./built",
"allowJs": true,
"target": "es6",
"moduleResolution": "node"
},
"include": ["./src/**/*"],
}

160
app/config.js
View file

@ -1,160 +0,0 @@
// server
// app/config.js
const path = require("path")
const fs = require("fs")
const readConfig = require("read-config-ng")
const { deepMerge, validateConfig } = require("./utils")
const { generateSecureSecret } = require("./crypto-utils")
const { createNamespacedDebug } = require("./logger")
const { ConfigError, handleError } = require("./errors")
const { DEFAULTS } = require("./constants")
const debug = createNamespacedDebug("config")
const defaultConfig = {
listen: {
ip: "0.0.0.0",
port: DEFAULTS.LISTEN_PORT
},
http: {
origins: ["*:*"]
},
user: {
name: null,
password: null
},
ssh: {
host: null,
port: DEFAULTS.SSH_PORT,
term: DEFAULTS.SSH_TERM,
readyTimeout: 20000,
keepaliveInterval: 120000,
keepaliveCountMax: 10,
alwaysSendKeyboardInteractivePrompts: false
},
header: {
text: null,
background: "green"
},
options: {
challengeButton: true,
autoLog: false,
allowReauth: true,
allowReconnect: true,
allowReplay: true
},
algorithms: {
kex: [
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha1"
],
cipher: [
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"aes128-gcm",
"aes128-gcm@openssh.com",
"aes256-gcm",
"aes256-gcm@openssh.com",
"aes256-cbc"
],
hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"],
compress: ["none", "zlib@openssh.com", "zlib"]
},
session: {
secret: process.env.WEBSSH_SESSION_SECRET || generateSecureSecret(),
name: "webssh2.sid"
}
}
function getConfigPath() {
const nodeRoot = path.dirname(require.main.filename)
return path.join(nodeRoot, "config.json")
}
function loadConfig() {
const configPath = getConfigPath()
try {
if (fs.existsSync(configPath)) {
const providedConfig = readConfig.sync(configPath)
const mergedConfig = deepMerge(
JSON.parse(JSON.stringify(defaultConfig)),
providedConfig
)
if (process.env.PORT) {
mergedConfig.listen.port = parseInt(process.env.PORT, 10)
debug("Using PORT from environment: %s", mergedConfig.listen.port)
}
const validatedConfig = validateConfig(mergedConfig)
debug("Merged and validated configuration")
return validatedConfig
}
debug("Missing config.json for webssh. Using default config")
return defaultConfig
} catch (err) {
const error = new ConfigError(
`Problem loading config.json for webssh: ${err.message}`
)
handleError(error)
return defaultConfig
}
}
/**
* Configuration for the application.
*
* @returns {Object} config
* @property {Object} listen - Configuration for listening IP and port.
* @property {string} listen.ip - The IP address to listen on.
* @property {number} listen.port - The port number to listen on.
* @property {Object} http - Configuration for HTTP settings.
* @property {string[]} http.origins - The allowed origins for HTTP requests.
* @property {Object} user - Configuration for user settings.
* @property {string|null} user.name - The name of the user.
* @property {string|null} user.password - The password of the user.
* @property {Object} ssh - Configuration for SSH settings.
* @property {string|null} ssh.host - The SSH host.
* @property {number} ssh.port - The SSH port.
* @property {string} ssh.term - The SSH terminal type.
* @property {number} ssh.readyTimeout - The SSH ready timeout.
* @property {number} ssh.keepaliveInterval - The SSH keepalive interval.
* @property {number} ssh.keepaliveCountMax - The SSH keepalive count maximum.
* @property {Object} header - Configuration for header settings.
* @property {string|null} header.text - The header text.
* @property {string} header.background - The header background color.
* @property {Object} options - Configuration for options settings.
* @property {boolean} options.challengeButton - Whether to show the challenge button.
* @property {boolean} options.autoLog - Whether to automatically log.
* @property {boolean} options.allowReauth - Whether to allow reauthentication.
* @property {boolean} options.allowReconnect - Whether to allow reconnection.
* @property {boolean} options.allowReplay - Whether to allow replay.
* @property {Object} algorithms - Configuration for algorithms settings.
* @property {string[]} algorithms.kex - The key exchange algorithms.
* @property {string[]} algorithms.cipher - The cipher algorithms.
* @property {string[]} algorithms.hmac - The HMAC algorithms.
* @property {string[]} algorithms.compress - The compression algorithms.
* @property {Object} session - Configuration for session settings.
* @property {string} session.secret - The session secret.
* @property {string} session.name - The session name.
*/
const config = loadConfig()
function getCorsConfig() {
return {
origin: config.http.origins,
methods: ["GET", "POST"],
credentials: true
}
}
// Extend the config object with the getCorsConfig function
config.getCorsConfig = getCorsConfig
module.exports = config

36
config.json.sample → app/config.json.sample
View file

@ -1,15 +1,18 @@
{
"listen": {
"ip": "0.0.0.0",
"port": 2222
"port": 2224
},
"http": {
"origins": ["*.*"]
"socketio": {
"serveClient": false,
"path": "/ssh/socket.io",
"origins": ["localhost:2222"],
},
"user": {
"name": null,
"password": null,
"privatekey": null
"privatekey": null,
"overridebasic": false
},
"ssh": {
"host": null,
@ -22,16 +25,24 @@
"keepaliveCountMax": 10,
"allowedSubnets": []
},
"terminal": {
"cursorBlink": true,
"scrollback": 10000,
"tabStopWidth": 8,
"bellStyle": "sound",
"fontSize": 14
},
"header": {
"text": null,
"background": "green"
},
"session": {
"name": "WebSSH2",
"secret": "mysecret"
},
"options": {
"challengeButton": true,
"autoLog": false,
"allowReauth": true,
"allowReconnect": true,
"allowReplay": true
"allowreauth": false
},
"algorithms": {
"kex": [
@ -61,5 +72,12 @@
"zlib@openssh.com",
"zlib"
]
}
},
"serverlog": {
"client": false,
"server": false
},
"accesslog": false,
"verify": false,
"safeShutdownDuration": 300
}

104
app/configSchema.js
View file

@ -1,104 +0,0 @@
/**
* Schema for validating the config
*/
const configSchema = {
type: "object",
properties: {
listen: {
type: "object",
properties: {
ip: { type: "string", format: "ipv4" },
port: { type: "integer", minimum: 1, maximum: 65535 }
},
required: ["ip", "port"]
},
http: {
type: "object",
properties: {
origins: {
type: "array",
items: { type: "string" }
}
},
required: ["origins"]
},
user: {
type: "object",
properties: {
name: { type: ["string", "null"] },
password: { type: ["string", "null"] }
},
required: ["name", "password"]
},
ssh: {
type: "object",
properties: {
host: { type: ["string", "null"] },
port: { type: "integer", minimum: 1, maximum: 65535 },
term: { type: "string" },
readyTimeout: { type: "integer" },
keepaliveInterval: { type: "integer" },
keepaliveCountMax: { type: "integer" }
},
required: [
"host",
"port",
"term",
"readyTimeout",
"keepaliveInterval",
"keepaliveCountMax"
]
},
header: {
type: "object",
properties: {
text: { type: ["string", "null"] },
background: { type: "string" }
},
required: ["text", "background"]
},
options: {
type: "object",
properties: {
challengeButton: { type: "boolean" },
autoLog: { type: "boolean" },
allowReauth: { type: "boolean" },
allowReconnect: { type: "boolean" },
allowReplay: { type: "boolean" }
},
required: ["challengeButton", "allowReauth", "allowReplay"]
},
algorithms: {
type: "object",
properties: {
kex: {
type: "array",
items: { type: "string" }
},
cipher: {
type: "array",
items: { type: "string" }
},
hmac: {
type: "array",
items: { type: "string" }
},
compress: {
type: "array",
items: { type: "string" }
}
},
required: ["kex", "cipher", "hmac", "compress"]
},
session: {
type: "object",
properties: {
secret: { type: "string" },
name: { type: "string" }
},
required: ["secret", "name"]
}
},
required: ["listen", "http", "user", "ssh", "header", "options", "algorithms"]
}
module.exports = configSchema

61
app/connectionHandler.js
View file

@ -1,61 +0,0 @@
// server
// app/connectionHandler.js
const fs = require("fs")
const path = require("path")
const { createNamespacedDebug } = require("./logger")
const { HTTP, MESSAGES, DEFAULTS } = require("./constants")
const { modifyHtml } = require("./utils")
const debug = createNamespacedDebug("connectionHandler")
/**
* Handle reading the file and processing the response.
* @param {string} filePath - The path to the HTML file.
* @param {Object} config - The configuration object to inject into the HTML.
* @param {Object} res - The Express response object.
*/
function handleFileRead(filePath, config, res) {
// eslint-disable-next-line consistent-return
fs.readFile(filePath, "utf8", (err, data) => {
if (err) {
return res
.status(HTTP.INTERNAL_SERVER_ERROR)
.send(MESSAGES.CLIENT_FILE_ERROR)
}
const modifiedHtml = modifyHtml(data, config)
res.send(modifiedHtml)
})
}
/**
* Handle the connection request and send the modified client HTML.
* @param {Object} req - The Express request object.
* @param {Object} res - The Express response object.
*/
function handleConnection(req, res) {
debug("Handling connection req.path:", req.path)
const clientPath = path.resolve(
__dirname,
"..",
"node_modules",
"webssh2_client",
"client",
"public"
)
const tempConfig = {
socket: {
url: `${req.protocol}://${req.get("host")}`,
path: "/ssh/socket.io"
},
autoConnect: req.path.startsWith("/host/") // Automatically connect if path starts with /host/
}
const filePath = path.join(clientPath, DEFAULTS.CLIENT_FILE)
handleFileRead(filePath, tempConfig, res)
}
module.exports = handleConnection

63
app/constants.js
View file

@ -1,63 +0,0 @@
// server
// app/constants.js
const path = require("path")
/**
* Error messages
*/
const MESSAGES = {
INVALID_CREDENTIALS: "Invalid credentials format",
SSH_CONNECTION_ERROR: "SSH CONNECTION ERROR",
SHELL_ERROR: "SHELL ERROR",
CONFIG_ERROR: "CONFIG_ERROR",
UNEXPECTED_ERROR: "An unexpected error occurred",
EXPRESS_APP_CONFIG_ERROR: "Failed to configure Express app",
CLIENT_FILE_ERROR: "Error loading client file",
FAILED_SESSION_SAVE: "Failed to save session",
CONFIG_VALIDATION_ERROR: "Config validation error"
}
/**
* Default values
*/
const DEFAULTS = {
SSH_PORT: 22,
LISTEN_PORT: 2222,
SSH_TERM: "xterm-color",
IO_PING_TIMEOUT: 60000, // 1 minute
IO_PING_INTERVAL: 25000, // 25 seconds
IO_PATH: "/ssh/socket.io",
WEBSSH2_CLIENT_PATH: path.resolve(
__dirname,
"..",
"node_modules",
"webssh2_client",
"client",
"public"
),
CLIENT_FILE: "client.htm"
}
/**
* HTTP Related
*/
const HTTP = {
OK: 200,
UNAUTHORIZED: 401,
INTERNAL_SERVER_ERROR: 500,
AUTHENTICATE: "WWW-Authenticate",
REALM: 'Basic realm="WebSSH2"',
AUTH_REQUIRED: "Authentication required.",
COOKIE: "basicauth",
PATH: "/ssh/host/",
SAMESITE: "Strict",
SESSION_SID: "webssh2_sid",
CREDS_CLEARED: "Credentials cleared."
}
module.exports = {
MESSAGES,
DEFAULTS,
HTTP
}

16
app/crypto-utils.js
View file

@ -1,16 +0,0 @@
// server
// app/crypto-utils.js
const crypto = require("crypto")
/**
* Generates a secure random session secret
* @returns {string} A random 32-byte hex string
*/
function generateSecureSecret() {
return crypto.randomBytes(32).toString("hex")
}
module.exports = {
generateSecureSecret
}

74
app/errors.js
View file

@ -1,74 +0,0 @@
// server
// app/errors.js
const util = require("util")
const { logError, createNamespacedDebug } = require("./logger")
const { HTTP, MESSAGES } = require("./constants")
const debug = createNamespacedDebug("errors")
/**
* Custom error for WebSSH2
* @param {string} message - The error message
* @param {string} code - The error code
*/
function WebSSH2Error(message, code) {
Error.captureStackTrace(this, this.constructor)
this.name = this.constructor.name
this.message = message
this.code = code
}
util.inherits(WebSSH2Error, Error)
/**
* Custom error for configuration issues
* @param {string} message - The error message
*/
function ConfigError(message) {
WebSSH2Error.call(this, message, MESSAGES.CONFIG_ERROR)
}
util.inherits(ConfigError, WebSSH2Error)
/**
* Custom error for SSH connection issues
* @param {string} message - The error message
*/
function SSHConnectionError(message) {
WebSSH2Error.call(this, message, MESSAGES.SSH_CONNECTION_ERROR)
}
util.inherits(SSHConnectionError, WebSSH2Error)
/**
* Handles an error by logging it and optionally sending a response
* @param {Error} err - The error to handle
* @param {Object} [res] - The response object (if in an Express route)
*/
function handleError(err, res) {
if (err instanceof WebSSH2Error) {
logError(err.message, err)
debug(err.message)
if (res) {
res
.status(HTTP.INTERNAL_SERVER_ERROR)
.json({ error: err.message, code: err.code })
}
} else {
logError(MESSAGES.UNEXPECTED_ERROR, err)
debug(`handleError: ${MESSAGES.UNEXPECTED_ERROR}: %O`, err)
if (res) {
res
.status(HTTP.INTERNAL_SERVER_ERROR)
.json({ error: MESSAGES.UNEXPECTED_ERROR })
}
}
}
module.exports = {
WebSSH2Error: WebSSH2Error,
ConfigError: ConfigError,
SSHConnectionError: SSHConnectionError,
handleError: handleError
}

32
app/index.js Normal file
View file

@ -0,0 +1,32 @@
/* eslint no-console: ["error", { allow: ["warn", "error"] }] */
/* jshint esversion: 6, asi: true, node: true */
/*
* index.js
*
* WebSSH2 - Web to SSH2 gateway
* Bill Church - https://github.com/billchurch/WebSSH2 - May 2017
* See LICENSE file
*
* test change
*/
const { config } = require('./server/app');
const { server } = require('./server/app');
server.listen({ host: config.listen.ip, port: config.listen.port });
// eslint-disable-next-line no-console
console.log(`WebSSH2 service listening on ${config.listen.ip}:${config.listen.port}`);
server.on('error', (err) => {
if (err.code === 'EADDRINUSE') {
config.listen.port += 1;
console.warn(`WebSSH2 Address in use, retrying on port ${config.listen.port}`);
setTimeout(() => {
server.listen(config.listen.port);
}, 250);
} else {
// eslint-disable-next-line no-console
console.log(`WebSSH2 server.listen ERROR: ${err.code}`);
}
});

36
app/io.js
View file

@ -1,36 +0,0 @@
const socketIo = require("socket.io")
const sharedsession = require("express-socket.io-session")
const { createNamespacedDebug } = require("./logger")
const { DEFAULTS } = require("./constants")
const debug = createNamespacedDebug("app")
/**
* Configures Socket.IO with the given server
* @param {http.Server} server - The HTTP server instance
* @param {Function} sessionMiddleware - The session middleware
* @param {Object} config - The configuration object
* @returns {import('socket.io').Server} The Socket.IO server instance
*/
function configureSocketIO(server, sessionMiddleware, config) {
const io = socketIo(server, {
serveClient: false,
path: DEFAULTS.IO_PATH,
pingTimeout: DEFAULTS.IO_PING_TIMEOUT,
pingInterval: DEFAULTS.IO_PING_INTERVAL,
cors: config.getCorsConfig()
})
// Share session with io sockets
io.use(
sharedsession(sessionMiddleware, {
autoSave: true
})
)
debug("IO configured")
return io
}
module.exports = { configureSocketIO }

17
app/jsconfig.json Normal file
View file

@ -0,0 +1,17 @@
{
"compilerOptions": {
"module": "ESNext",
"moduleResolution": "Node",
"target": "ES2020",
"jsx": "preserve",
"strictFunctionTypes": true
},
"exclude": [
"node_modules",
"**/node_modules/*"
],
"include": [
"server/*.js",
"index.js"
]
}

30
app/logger.js
View file

@ -1,30 +0,0 @@
// server
// app/logger.js
const createDebug = require("debug")
/**
* Creates a debug function for a specific namespace
* @param {string} namespace - The debug namespace
* @returns {Function} The debug function
*/
function createNamespacedDebug(namespace) {
return createDebug(`webssh2:${namespace}`)
}
/**
* Logs an error message
* @param {string} message - The error message
* @param {Error} [error] - The error object
*/
function logError(message, error) {
console.error(message)
if (error) {
console.error(`ERROR: ${error}`)
}
}
module.exports = {
createNamespacedDebug: createNamespacedDebug,
logError: logError
}

77
app/middleware.js
View file

@ -1,77 +0,0 @@
// server
// app/middleware.js
const createDebug = require("debug")
const session = require("express-session")
const bodyParser = require("body-parser")
const debug = createDebug("webssh2:middleware")
const { HTTP } = require("./constants")
/**
* Creates and configures session middleware
* @param {Object} config - The configuration object
* @returns {Function} The session middleware
*/
function createSessionMiddleware(config) {
return session({
secret: config.session.secret,
resave: false,
saveUninitialized: true,
name: config.session.name
})
}
/**
* Creates body parser middleware
* @returns {Function[]} Array of body parser middleware
*/
function createBodyParserMiddleware() {
return [bodyParser.urlencoded({ extended: true }), bodyParser.json()]
}
/**
* Creates cookie-setting middleware
* @returns {Function} The cookie-setting middleware
*/
function createCookieMiddleware() {
return (req, res, next) => {
if (req.session.sshCredentials) {
const cookieData = {
host: req.session.sshCredentials.host,
port: req.session.sshCredentials.port
}
res.cookie(HTTP.COOKIE, JSON.stringify(cookieData), {
httpOnly: false,
path: HTTP.PATH,
sameSite: HTTP.SAMESITE
})
}
next()
}
}
/**
* Applies all middleware to the Express app
* @param {express.Application} app - The Express application
* @param {Object} config - The configuration object
* @returns {Object} An object containing the session middleware
*/
function applyMiddleware(app, config) {
const sessionMiddleware = createSessionMiddleware(config)
app.use(sessionMiddleware)
app.use(createBodyParserMiddleware())
app.use(createCookieMiddleware())
debug("applyMiddleware")
return { sessionMiddleware }
}
module.exports = {
applyMiddleware,
createSessionMiddleware,
createBodyParserMiddleware,
createCookieMiddleware
}

11335
app/package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

89
app/package.json Normal file
View file

@ -0,0 +1,89 @@
{
"name": "webssh2",
"version": "0.6.0-pre-1",
"ignore": [
".gitignore"
],
"bin": "./index.js",
"description": "A Websocket to SSH2 gateway using term.js, socket.io, ssh2, and express",
"homepage": "https://github.com/billchurch/WebSSH2",
"keywords": [
"ssh",
"webssh",
"terminal",
"webterminal"
],
"license": "SEE LICENSE IN FILE - LICENSE",
"private": false,
"repository": {
"type": "git",
"url": "git+https://github.com/billchurch/WebSSH2.git"
},
"contributors": [
{
"name": "Bill Church",
"email": "wmchurch@gmail.com"
}
],
"engines": {
"node": ">= 14"
},
"bugs": {
"url": "https://github.com/billchurch/WebSSH2/issues"
},
"dependencies": {
"basic-auth": "~2.0.1",
"cidr-matcher": "^2.1.1",
"debug": "^4.3.4",
"express": "^4.19.2",
"express-session": "^1.18.0",
"morgan": "~1.10.0",
"read-config-ng": "^3.0.7",
"serve-favicon": "^2.5.0",
"socket.io": "^4.7.5",
"ssh2": "^1.15.0",
"validator": "^13.11.0",
"winston": "^3.13.0"
},
"scripts": {
"start": "node index.js",
"build": "webpack --progress --config scripts/webpack.prod.js",
"builddev": "webpack --progress --config scripts/webpack.dev.js",
"analyze": "webpack --json --config scripts/webpack.prod.js | webpack-bundle-size-analyzer",
"test": "snyk test",
"watch": "nodemon index.js",
"cleanmac": "find . -name '.DS_Store' -type f -delete",
"release": "standard-version"
},
"devDependencies": {
"@fortawesome/fontawesome-svg-core": "^6.5.2",
"@fortawesome/free-solid-svg-icons": "^6.5.2",
"@typescript-eslint/eslint-plugin": "^7.7.1",
"@typescript-eslint/parser": "^7.7.1",
"@xterm/addon-fit": "^0.10.0",
"@xterm/xterm": "^5.5.0",
"clean-webpack-plugin": "^4.0.0",
"copy-webpack-plugin": "^12.0.2",
"css-loader": "^7.1.1",
"eslint": "^8.56.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-import": "^2.29.1",
"eslint-plugin-prettier": "^5.1.3",
"mini-css-extract-plugin": "^2.9.0",
"nodaemon": "0.0.5",
"npm-check-updates": "^16.14.20",
"prettier": "^3.2.5",
"snazzy": "^9.0.0",
"snyk": "^1.1290.0",
"socket.io-client": "^4.7.5",
"source-map-loader": "^5.0.0",
"standard-version": "^9.5.0",
"terser-webpack-plugin": "^5.3.10",
"ts-loader": "^9.5.1",
"typescript": "^5.4.5",
"webpack": "^5.91.0",
"webpack-cli": "^5.1.4",
"webpack-merge": "^5.10.0"
}
}

87
app/routes.js
View file

@ -1,87 +0,0 @@
// server
// app/routes.js
const express = require("express")
const basicAuth = require("basic-auth")
const validator = require("validator")
const {
getValidatedHost,
getValidatedPort,
maskSensitiveData,
validateSshTerm
} = require("./utils")
const handleConnection = require("./connectionHandler")
const { createNamespacedDebug } = require("./logger")
const { ConfigError, handleError } = require("./errors")
const { HTTP } = require("./constants")
const debug = createNamespacedDebug("routes")
const router = express.Router()
// eslint-disable-next-line consistent-return
function auth(req, res, next) {
debug("auth: Basic Auth")
const credentials = basicAuth(req)
if (!credentials) {
res.setHeader(HTTP.AUTHENTICATE, HTTP.REALM)
return res.status(HTTP.UNAUTHORIZED).send(HTTP.AUTH_REQUIRED)
}
// Validate and sanitize credentials
req.session.sshCredentials = {
username: validator.escape(credentials.name),
password: credentials.pass // We don't sanitize the password as it might contain special characters
}
req.session.usedBasicAuth = true // Set this flag when Basic Auth is used
next()
}
// Scenario 1: No auth required, uses websocket authentication instead
router.get("/", (req, res) => {
debug("router.get./: Accessed / route")
handleConnection(req, res)
})
// Scenario 2: Auth required, uses HTTP Basic Auth
router.get("/host/:host", auth, (req, res) => {
debug(`router.get.host: /ssh/host/${req.params.host} route`)
try {
const host = getValidatedHost(req.params.host)
const port = getValidatedPort(req.query.port)
// Validate and sanitize sshterm parameter if it exists
const sshterm = validateSshTerm(req.query.sshterm)
req.session.sshCredentials = req.session.sshCredentials || {}
req.session.sshCredentials.host = host
req.session.sshCredentials.port = port
if (req.query.sshterm) {
req.session.sshCredentials.term = sshterm
}
req.session.usedBasicAuth = true
// Sanitize and log the sshCredentials object
const sanitizedCredentials = maskSensitiveData(
JSON.parse(JSON.stringify(req.session.sshCredentials))
)
debug("/ssh/host/ Credentials: ", sanitizedCredentials)
handleConnection(req, res, { host: host })
} catch (err) {
const error = new ConfigError(`Invalid configuration: ${err.message}`)
handleError(error, res)
}
})
// Clear credentials route
router.get("/clear-credentials", (req, res) => {
req.session.sshCredentials = null
res.status(HTTP.OK).send(HTTP.CREDENTIALS_CLEARED)
})
router.get("/force-reconnect", (req, res) => {
req.session.sshCredentials = null
res.status(HTTP.UNAUTHORIZED).send(HTTP.AUTH_REQUIRED)
})
module.exports = router

45
app/scripts/webpack.common.js Normal file
View file

@ -0,0 +1,45 @@
/* eslint-disable import/no-extraneous-dependencies */
const path = require('path');
const { CleanWebpackPlugin } = require('clean-webpack-plugin');
const CopyWebpackPlugin = require('copy-webpack-plugin');
const MiniCssExtractPlugin = require('mini-css-extract-plugin');
module.exports = {
context: path.resolve('__dirname', '../'),
resolve: {
// Add '.ts' and '.tsx' as resolvable extensions.
extensions: ['', '.webpack.js', '.web.js', '.ts', '.tsx', '.js'],
},
entry: {
webssh2: './client/src/js/index.ts',
},
plugins: [
new CleanWebpackPlugin(),
new CopyWebpackPlugin({
patterns: ['./client/src/client.htm', './client/src/favicon.ico'],
}),
new MiniCssExtractPlugin(),
],
output: {
filename: '[name].bundle.js',
path: path.resolve(__dirname, '../client/public'),
},
module: {
rules: [
{
test: /\.css$/,
use: [MiniCssExtractPlugin.loader, 'css-loader'],
},
// All files with a '.ts' or '.tsx' extension will be handled by 'ts-loader'.
{
test: /\.tsx?$/,
loader: 'ts-loader',
},
// All output '.js' files will have any sourcemaps re-processed by 'source-map-loader'.
{
test: /\.js$/,
loader: 'source-map-loader',
},
],
},
};

10
app/scripts/webpack.dev.js Normal file
View file

@ -0,0 +1,10 @@
/* eslint-disable import/no-extraneous-dependencies */
const merge = require('webpack-merge');
const common = require('./webpack.common.js');
module.exports = merge(common, {
devtool: 'inline-source-map',
devServer: {
contentBase: '../client/public',
},
});

19
app/scripts/webpack.prod.js Normal file
View file

@ -0,0 +1,19 @@
/* eslint-disable import/no-extraneous-dependencies */
const TerserPlugin = require('terser-webpack-plugin');
const { merge } = require('webpack-merge');
const common = require('./webpack.common.js');
module.exports = merge(common, {
mode: 'production',
optimization: {
minimize: true,
minimizer: [
new TerserPlugin({
terserOptions: {
ie8: false,
safari10: false,
},
}),
],
},
});

37
app/server.js
View file

@ -1,37 +0,0 @@
const http = require("http")
// const { createNamespacedDebug } = require("./logger")
// const debug = createNamespacedDebug("server")
/**
* Creates and configures the HTTP server
* @param {express.Application} app - The Express application instance
* @returns {http.Server} The HTTP server instance
*/
function createServer(app) {
return http.createServer(app)
}
/**
* Handles server errors
* @param {Error} err - The error object
*/
function handleServerError(err) {
console.error("HTTP Server ERROR: %O", err)
}
/**
* Starts the server
* @param {http.Server} server - The server instance
* @param {Object} config - The configuration object
*/
function startServer(server, config) {
server.listen(config.listen.port, config.listen.ip, () => {
console.log(
`startServer: listening on ${config.listen.ip}:${config.listen.port}`
)
})
server.on("error", handleServerError)
}
module.exports = { createServer, startServer }

111
app/server/app.js Normal file
View file

@ -0,0 +1,111 @@
/* jshint esversion: 6, asi: true, node: true */
/* eslint no-unused-expressions: ["error", { "allowShortCircuit": true, "allowTernary": true }],
no-console: ["error", { allow: ["warn", "error", "info"] }] */
// app.js
// eslint-disable-next-line import/order
const config = require('./config');
const path = require('path');
const nodeRoot = path.dirname(require.main.filename);
const publicPath = path.join(nodeRoot, 'client', 'public');
const express = require('express');
const logger = require('morgan');
const app = express();
const server = require('http').createServer(app);
const favicon = require('serve-favicon');
const io = require('socket.io')(server, config.socketio);
const session = require('express-session')(config.express);
const appSocket = require('./socket');
const { setDefaultCredentials, basicAuth } = require('./util');
const { webssh2debug } = require('./logging');
const { reauth, connect, notfound, handleErrors } = require('./routes');
setDefaultCredentials(config.user);
// safe shutdown
let remainingSeconds = config.safeShutdownDuration;
let shutdownMode = false;
let shutdownInterval;
let connectionCount = 0;
// eslint-disable-next-line consistent-return
function safeShutdownGuard(req, res, next) {
if (!shutdownMode) return next();
res.status(503).end('Service unavailable: Server shutting down');
}
// express
app.use(safeShutdownGuard);
app.use(session);
if (config.accesslog) app.use(logger('common'));
app.disable('x-powered-by');
app.use(favicon(path.join(publicPath, 'favicon.ico')));
app.use(express.urlencoded({ extended: true }));
app.post('/ssh/host/:host?', connect);
app.post('/ssh', express.static(publicPath, config.express.ssh));
app.use('/ssh', express.static(publicPath, config.express.ssh));
app.use(basicAuth);
app.get('/ssh/reauth', reauth);
app.get('/ssh/host/:host?', connect);
app.use(notfound);
app.use(handleErrors);
// clean stop
function stopApp(reason) {
shutdownMode = false;
if (reason) console.info(`Stopping: ${reason}`);
clearInterval(shutdownInterval);
io.close();
server.close();
}
// bring up socket
io.on('connection', appSocket);
// socket.io
// expose express session with socket.request.session
io.use((socket, next) => {
socket.request.res ? session(socket.request, socket.request.res, next) : next(next); // eslint disable-line
});
function countdownTimer() {
if (!shutdownMode) clearInterval(shutdownInterval);
remainingSeconds -= 1;
if (remainingSeconds <= 0) {
stopApp('Countdown is over');
} else io.emit('shutdownCountdownUpdate', remainingSeconds);
}
const signals = ['SIGTERM', 'SIGINT'];
signals.forEach((signal) =>
process.on(signal, () => {
if (shutdownMode) stopApp('Safe shutdown aborted, force quitting');
if (!connectionCount > 0) stopApp('All connections ended');
shutdownMode = true;
console.error(
`\r\n${connectionCount} client(s) are still connected.\r\nStarting a ${remainingSeconds} seconds countdown.\r\nPress Ctrl+C again to force quit`
);
if (!shutdownInterval) shutdownInterval = setInterval(countdownTimer, 1000);
})
);
module.exports = { server, config };
const onConnection = (socket) => {
connectionCount += 1;
socket.on('disconnect', () => {
connectionCount -= 1;
if (connectionCount <= 0 && shutdownMode) {
stopApp('All clients disconnected');
}
});
socket.on('geometry', (cols, rows) => {
// TODO need to rework how we pass settings to ssh2, this is less than ideal
socket.request.session.ssh.cols = cols;
socket.request.session.ssh.rows = rows;
webssh2debug(socket, `SOCKET GEOMETRY: termCols = ${cols}, termRows = ${rows}`);
});
};
io.on('connection', onConnection);

136
app/server/config.js Normal file
View file

@ -0,0 +1,136 @@
/* eslint no-unused-expressions: ["error", { "allowShortCircuit": true, "allowTernary": true }],
no-console: ["error", { allow: ["warn", "error", "info"] }] */
const fs = require('fs');
const path = require('path');
const debugWebSSH2 = require('debug')('WebSSH2');
const crypto = require('crypto');
const util = require('util');
const readconfig = require('read-config-ng');
const nodeRoot = path.dirname(require.main.filename);
const configPath = path.join(nodeRoot, 'config.json');
let myConfig;
// establish defaults
const configDefault = {
listen: {
ip: '0.0.0.0',
port: 2222,
},
socketio: {
serveClient: false,
path: '/ssh/socket.io',
origins: ['localhost:2222'],
},
express: {
secret: crypto.randomBytes(20).toString('hex'),
name: 'WebSSH2',
resave: true,
saveUninitialized: false,
unset: 'destroy',
ssh: {
dotfiles: 'ignore',
etag: false,
extensions: ['htm', 'html'],
index: false,
maxAge: '1s',
redirect: false,
setHeaders(res) {
res.set('x-timestamp', Date.now());
},
},
},
user: {
name: null,
password: null,
privatekey: null,
overridebasic: false,
},
ssh: {
host: null,
port: 22,
term: 'xterm-color',
readyTimeout: 20000,
keepaliveInterval: 120000,
keepaliveCountMax: 10,
allowedSubnets: [],
},
terminal: {
cursorBlink: true,
scrollback: 10000,
tabStopWidth: 8,
bellStyle: 'sound',
},
header: {
text: null,
background: 'green',
},
options: {
challengeButton: true,
allowreauth: true,
},
algorithms: {
kex: [
'ecdh-sha2-nistp256',
'ecdh-sha2-nistp384',
'ecdh-sha2-nistp521',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group14-sha1',
],
cipher: [
'aes128-ctr',
'aes192-ctr',
'aes256-ctr',
'aes128-gcm',
'aes128-gcm@openssh.com',
'aes256-gcm',
'aes256-gcm@openssh.com',
'aes256-cbc',
],
hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'],
compress: ['none', 'zlib@openssh.com', 'zlib'],
},
serverlog: {
client: false,
server: false,
},
accesslog: false,
verify: false,
safeShutdownDuration: 300,
};
// test if config.json exists, if not provide error message but try to run anyway
try {
if (!fs.existsSync(configPath)) {
console.error(
`\n\nERROR: Missing config.json for WebSSH2. Current config: ${util.inspect(myConfig)}`
);
console.error('\n See config.json.sample for details\n\n');
}
console.info(`WebSSH2 service reading config from: ${configPath}`);
const configFile = readconfig(configPath, { override: true });
// myConfig = merger.mergeObjects([configDefault, configFile]);
myConfig = { ...configDefault, ...configFile };
debugWebSSH2(`\nCurrent config: ${util.inspect(myConfig)}`);
} catch (err) {
myConfig = configDefault;
console.error(
`\n\nERROR: Missing config.json for WebSSH2. Current config: ${util.inspect(myConfig)}`
);
console.error('\n See config.json.sample for details\n\n');
console.error(`ERROR:\n\n ${err}`);
}
const config = myConfig;
if (process.env.LISTEN) config.listen.ip = process.env.LISTEN;
if (process.env.PORT) config.listen.port = process.env.PORT;
if (process.env.SOCKETIO_ORIGINS) config.socketio.origins = process.env.SOCKETIO_ORIGINS;
if (process.env.SOCKETIO_PATH) config.socketio.path = process.env.SOCKETIO_PATH;
if (process.env.SOCKETIO_SERVECLIENT)
config.socketio.serveClient = process.env.SOCKETIO_SERVECLIENT;
module.exports = config;

36
app/server/form.html Normal file
View file

@ -0,0 +1,36 @@
<head><title>Post Test</title></head>
<html>
<body>
<h1>Credentials over HTTP POST test</h1>
<p>This is a test to demonstrate sending credentials over POST instead of requiring HTTP Basic. If you use this, be sure to secure the app/site with HTTPS!</p>
<form method="POST" action="http://localhost:2222/ssh/host/192.168.0.1">
<p>
<label for="username">Username</label>
<input name="username">
</p>
<label for="userpassword">Password</label>
<input name="userpassword" type="password">
</p>
<p>
<label for="header">Header text</label>
<input name="header" value="This is a test">
<p>
<label for="headerBackground">Header Background Color</label>
<input name="headerBackground" value="red">
</p>
<fieldset>
<legend>Cursor Blink:</legend>
<div>
<input type="radio" id="false" name="cursorBlink" value="false"
checked>
<label for="false">False</label>
</div>
<div>
<input type="radio" id="true" name="cursorBlink" value="true">
<label for="true">True</label>
</div>
</fieldset>
<button>Login</button>
</form>
</body>
</html>

47
app/server/logging.js Normal file
View file

@ -0,0 +1,47 @@
/* eslint no-unused-expressions: ["error", { "allowShortCircuit": true, "allowTernary": true }],
no-console: ["error", { allow: ["warn", "error", "info"] }] */
/* jshint esversion: 6, asi: true, node: true */
// logging.js
// private
const debug = require('debug');
const util = require('util');
/**
* generate consistent prefix for log messages
* with epress session id and socket session id
* @param {object} socket Socket information
*/
function prefix(socket) {
return `(${socket.request.sessionID}/${socket.id})`;
}
// public
function webssh2debug(socket, msg) {
debug('WebSSH2')(`${prefix(socket)} ${msg}`);
}
/**
* audit log to console
* @param {object} socket Socket information
* @param {object} msg log message
*/
function auditLog(socket, msg) {
console.info(`WebSSH2 ${prefix(socket)} AUDIT: ${msg}`);
}
/**
* logs error to socket client (if connected)
* and console.
* @param {object} socket Socket information
* @param {string} myFunc Function calling this function
* @param {object} err error object or error message
*/
function logError(socket, myFunc, err) {
console.error(`WebSSH2 ${prefix(socket)} ERROR: ${myFunc}: ${err}`);
webssh2debug(socket, `logError: ${myFunc}: ${util.inspect(err)}`);
if (!socket.request.session) return;
socket.emit('ssherror', `SSH ${myFunc}: ${err}`);
}
module.exports = { logError, auditLog, webssh2debug };

203
app/server/routes.js Normal file
View file

@ -0,0 +1,203 @@
/* eslint-disable no-console */
// ssh.js
const validator = require('validator');
const path = require('path');
const nodeRoot = path.dirname(require.main.filename);
const publicPath = path.join(nodeRoot, 'client', 'public');
const { parseBool } = require('./util');
const config = require('./config');
exports.reauth = function reauth(req, res) {
let { referer } = req.headers;
if (!validator.isURL(referer, { host_whitelist: ['localhost'] })) {
console.error(
`WebSSH2 (${req.sessionID}) ERROR: Referrer '${referer}' for '/reauth' invalid. Setting to '/' which will probably fail.`
);
referer = '/';
}
res
.status(401)
.send(
`<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; url=${referer}"></head><body bgcolor="#000"></body></html>`
);
};
exports.connect = function connect(req, res) {
res.sendFile(path.join(path.join(publicPath, 'client.htm')));
let { host, port } = config.ssh;
let { text: header, background: headerBackground } = config.header;
let { term: sshterm, readyTimeout } = config.ssh;
let {
cursorBlink,
scrollback,
tabStopWidth,
bellStyle,
fontSize,
fontFamily,
letterSpacing,
lineHeight,
} = config.terminal;
// capture, assign, and validate variables
if (req.params?.host) {
if (
validator.isIP(`${req.params.host}`) ||
validator.isFQDN(req.params.host) ||
/^(([a-z]|[A-Z]|\d|[!^(){}\-_~])+)?\w$/.test(req.params.host)
) {
host = req.params.host;
}
}
if (req.method === 'POST' && req.body.username && req.body.userpassword) {
req.session.username = req.body.username;
req.session.userpassword = req.body.userpassword;
if (req.body.port && validator.isInt(`${req.body.port}`, { min: 1, max: 65535 }))
port = req.body.port;
if (req.body.header) header = req.body.header;
if (req.body.headerBackground) {
headerBackground = req.body.headerBackground;
console.log(`background: ${req.body.headerBackground}`);
}
if (req.body.sshterm && /^(([a-z]|[A-Z]|\d|[!^(){}\-_~])+)?\w$/.test(req.body.sshterm))
sshterm = req.body.sshterm;
if (req.body.cursorBlink && validator.isBoolean(`${req.body.cursorBlink}`))
cursorBlink = parseBool(req.body.cursorBlink);
if (req.body.scrollback && validator.isInt(`${req.body.scrollback}`, { min: 1, max: 200000 }))
scrollback = req.body.scrollback;
if (req.body.tabStopWidth && validator.isInt(`${req.body.tabStopWidth}`, { min: 1, max: 100 }))
tabStopWidth = req.body.tabStopWidth;
if (req.body.bellStyle && ['sound', 'none'].indexOf(req.body.bellStyle) > -1)
bellStyle = req.body.bellStyle;
if (
req.body.readyTimeout &&
validator.isInt(`${req.body.readyTimeout}`, { min: 1, max: 300000 })
)
readyTimeout = req.body.readyTimeout;
if (req.body.fontSize && validator.isNumeric(`${req.body.fontSize}`))
fontSize = req.body.fontSize;
if (req.body.fontFamily) fontFamily = req.body.fontFamily;
if (req.body.letterSpacing && validator.isNumeric(`${req.body.letterSpacing}`))
letterSpacing = req.body.letterSpacing;
if (req.body.lineHeight && validator.isNumeric(`${req.body.lineHeight}`))
lineHeight = req.body.lineHeight;
}
if (req.method === 'GET') {
if (req.query?.port && validator.isInt(`${req.query.port}`, { min: 1, max: 65535 }))
port = req.query.port;
if (req.query?.header) header = req.query.header;
if (req.query?.headerBackground) headerBackground = req.query.headerBackground;
if (req.query?.sshterm && /^(([a-z]|[A-Z]|\d|[!^(){}\-_~])+)?\w$/.test(req.query.sshterm))
sshterm = req.query.sshterm;
if (req.query?.cursorBlink && validator.isBoolean(`${req.query.cursorBlink}`))
cursorBlink = parseBool(req.query.cursorBlink);
if (
req.query?.scrollback &&
validator.isInt(`${req.query.scrollback}`, { min: 1, max: 200000 })
)
scrollback = req.query.scrollback;
if (
req.query?.tabStopWidth &&
validator.isInt(`${req.query.tabStopWidth}`, { min: 1, max: 100 })
)
tabStopWidth = req.query.tabStopWidth;
if (req.query?.bellStyle && ['sound', 'none'].indexOf(req.query.bellStyle) > -1)
bellStyle = req.query.bellStyle;
if (
req.query?.readyTimeout &&
validator.isInt(`${req.query.readyTimeout}`, { min: 1, max: 300000 })
)
readyTimeout = req.query.readyTimeout;
if (req.query?.fontSize && validator.isNumeric(`${req.query.fontSize}`))
fontSize = req.query.fontSize;
if (req.query?.fontFamily) fontFamily = req.query.fontFamily;
if (req.query?.lineHeight && validator.isNumeric(`${req.query.lineHeight}`))
lineHeight = req.query.lineHeight;
if (req.query?.letterSpacing && validator.isNumeric(`${req.query.letterSpacing}`))
letterSpacing = req.query.letterSpacing;
}
req.session.ssh = {
host,
port,
localAddress: config.ssh.localAddress,
localPort: config.ssh.localPort,
header: {
name: header,
background: headerBackground,
},
algorithms: config.algorithms,
keepaliveInterval: config.ssh.keepaliveInterval,
keepaliveCountMax: config.ssh.keepaliveCountMax,
allowedSubnets: config.ssh.allowedSubnets,
term: sshterm,
terminal: {
cursorBlink,
scrollback,
tabStopWidth,
bellStyle,
fontSize,
fontFamily,
letterSpacing,
lineHeight,
},
cols: null,
rows: null,
allowreplay:
config.options.challengeButton ||
(validator.isBoolean(`${req.headers.allowreplay}`)
? parseBool(req.headers.allowreplay)
: false),
allowreauth: config.options.allowreauth || false,
mrhsession:
validator.isAlphanumeric(`${req.headers.mrhsession}`) && req.headers.mrhsession
? req.headers.mrhsession
: 'none',
serverlog: {
client: config.serverlog.client || false,
server: config.serverlog.server || false,
},
readyTimeout,
};
if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name);
if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background);
};
exports.notfound = function notfound(_req, res) {
res.status(404).send("Sorry, can't find that!");
};
exports.handleErrors = function handleErrors(err, _req, res) {
console.error(err.stack);
res.status(500).send('Something broke!');
};

241
app/server/socket.js Normal file
View file

@ -0,0 +1,241 @@
/* eslint-disable complexity */
/* eslint no-unused-expressions: ["error", { "allowShortCircuit": true, "allowTernary": true }],
no-console: ["error", { allow: ["warn", "error"] }] */
/* jshint esversion: 6, asi: true, node: true */
// socket.js
// private
const debug = require('debug');
const SSH = require('ssh2').Client;
const CIDRMatcher = require('cidr-matcher');
const validator = require('validator');
const dnsPromises = require('dns').promises;
const util = require('util');
const { webssh2debug, auditLog, logError } = require('./logging');
/**
* parse conn errors
* @param {object} socket Socket object
* @param {object} err Error object
*/
function connError(socket, err) {
let msg = util.inspect(err);
const { session } = socket.request;
if (err?.level === 'client-authentication') {
msg = `Authentication failure user=${session.username} from=${socket.handshake.address}`;
socket.emit('allowreauth', session.ssh.allowreauth);
socket.emit('reauth');
}
if (err?.code === 'ENOTFOUND') {
msg = `Host not found: ${err.hostname}`;
}
if (err?.level === 'client-timeout') {
msg = `Connection Timeout: ${session.ssh.host}`;
}
logError(socket, 'CONN ERROR', msg);
}
/**
* check ssh host is in allowed subnet
* @param {object} socket Socket information
*/
async function checkSubnet(socket) {
let ipaddress = socket.request.session.ssh.host;
if (!validator.isIP(`${ipaddress}`)) {
try {
const result = await dnsPromises.lookup(socket.request.session.ssh.host);
ipaddress = result.address;
} catch (err) {
logError(
socket,
'CHECK SUBNET',
`${err.code}: ${err.hostname} user=${socket.request.session.username} from=${socket.handshake.address}`
);
socket.emit('ssherror', '404 HOST IP NOT FOUND');
socket.disconnect(true);
return;
}
}
const matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets);
if (!matcher.contains(ipaddress)) {
logError(
socket,
'CHECK SUBNET',
`Requested host ${ipaddress} outside configured subnets / REJECTED user=${socket.request.session.username} from=${socket.handshake.address}`
);
socket.emit('ssherror', '401 UNAUTHORIZED');
socket.disconnect(true);
}
}
// public
module.exports = function appSocket(socket) {
let login = false;
socket.once('disconnecting', (reason) => {
webssh2debug(socket, `SOCKET DISCONNECTING: ${reason}`);
if (login === true) {
auditLog(
socket,
`LOGOUT user=${socket.request.session.username} from=${socket.handshake.address} host=${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
);
login = false;
}
});
async function setupConnection() {
// if websocket connection arrives without an express session, kill it
if (!socket.request.session) {
socket.emit('401 UNAUTHORIZED');
webssh2debug(socket, 'SOCKET: No Express Session / REJECTED');
socket.disconnect(true);
return;
}
// If configured, check that requsted host is in a permitted subnet
if (socket.request.session?.ssh?.allowedSubnets?.length > 0) {
checkSubnet(socket);
}
const conn = new SSH();
conn.on('banner', (data) => {
// need to convert to cr/lf for proper formatting
socket.emit('data', data.replace(/\r?\n/g, '\r\n').toString('utf-8'));
});
conn.on('handshake', () => {
socket.emit('setTerminalOpts', socket.request.session.ssh.terminal);
socket.emit('menu');
socket.emit('allowreauth', socket.request.session.ssh.allowreauth);
socket.emit('title', `ssh://${socket.request.session.ssh.host}`);
if (socket.request.session.ssh.header.background)
socket.emit('headerBackground', socket.request.session.ssh.header.background);
if (socket.request.session.ssh.header.name)
socket.emit('header', socket.request.session.ssh.header.name);
socket.emit(
'footer',
`ssh://${socket.request.session.username}@${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
);
});
conn.on('ready', () => {
webssh2debug(
socket,
`CONN READY: LOGIN: user=${socket.request.session.username} from=${socket.handshake.address} host=${socket.request.session.ssh.host} port=${socket.request.session.ssh.port} allowreplay=${socket.request.session.ssh.allowreplay} term=${socket.request.session.ssh.term}`
);
auditLog(
socket,
`LOGIN user=${socket.request.session.username} from=${socket.handshake.address} host=${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
);
login = true;
socket.emit('status', 'SSH CONNECTION ESTABLISHED');
socket.emit('statusBackground', 'green');
socket.emit('allowreplay', socket.request.session.ssh.allowreplay);
const { term, cols, rows } = socket.request.session.ssh;
conn.shell({ term, cols, rows }, (err, stream) => {
if (err) {
logError(socket, `EXEC ERROR`, err);
conn.end();
socket.disconnect(true);
return;
}
socket.once('disconnect', (reason) => {
webssh2debug(socket, `CLIENT SOCKET DISCONNECT: ${util.inspect(reason)}`);
conn.end();
socket.request.session.destroy();
});
socket.on('error', (errMsg) => {
webssh2debug(socket, `SOCKET ERROR: ${errMsg}`);
logError(socket, 'SOCKET ERROR', errMsg);
conn.end();
socket.disconnect(true);
});
socket.on('control', (controlData) => {
if (controlData === 'replayCredentials' && socket.request.session.ssh.allowreplay) {
stream.write(`${socket.request.session.userpassword}\n`);
}
if (controlData === 'reauth' && socket.request.session.username && login === true) {
auditLog(
socket,
`LOGOUT user=${socket.request.session.username} from=${socket.handshake.address} host=${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
);
login = false;
conn.end();
socket.disconnect(true);
}
webssh2debug(socket, `SOCKET CONTROL: ${controlData}`);
});
socket.on('resize', (data) => {
stream.setWindow(data.rows, data.cols);
webssh2debug(socket, `SOCKET RESIZE: ${JSON.stringify([data.rows, data.cols])}`);
});
socket.on('data', (data) => {
stream.write(data);
});
stream.on('data', (data) => {
socket.emit('data', data.toString('utf-8'));
});
stream.on('close', (code, signal) => {
webssh2debug(socket, `STREAM CLOSE: ${util.inspect([code, signal])}`);
if (socket.request.session?.username && login === true) {
auditLog(
socket,
`LOGOUT user=${socket.request.session.username} from=${socket.handshake.address} host=${socket.request.session.ssh.host}:${socket.request.session.ssh.port}`
);
login = false;
}
if (code !== 0 && typeof code !== 'undefined')
logError(socket, 'STREAM CLOSE', util.inspect({ message: [code, signal] }));
socket.disconnect(true);
conn.end();
});
stream.stderr.on('data', (data) => {
console.error(`STDERR: ${data}`);
});
});
});
conn.on('end', (err) => {
if (err) logError(socket, 'CONN END BY HOST', err);
webssh2debug(socket, 'CONN END BY HOST');
socket.disconnect(true);
});
conn.on('close', (err) => {
if (err) logError(socket, 'CONN CLOSE', err);
webssh2debug(socket, 'CONN CLOSE');
socket.disconnect(true);
});
conn.on('error', (err) => connError(socket, err));
conn.on('keyboard-interactive', (_name, _instructions, _instructionsLang, _prompts, finish) => {
webssh2debug(socket, 'CONN keyboard-interactive');
finish([socket.request.session.userpassword]);
});
if (
socket.request.session.username &&
(socket.request.session.userpassword || socket.request.session.privatekey) &&
socket.request.session.ssh
) {
// console.log('hostkeys: ' + hostkeys[0].[0])
const { ssh } = socket.request.session;
ssh.username = socket.request.session.username;
ssh.password = socket.request.session.userpassword;
ssh.tryKeyboard = true;
ssh.debug = debug('ssh2');
conn.connect(ssh);
} else {
webssh2debug(
socket,
`CONN CONNECT: Attempt to connect without session.username/password or session varialbles defined, potentially previously abandoned client session. disconnecting websocket client.\r\nHandshake information: \r\n ${util.inspect(
socket.handshake
)}`
);
socket.emit('ssherror', 'WEBSOCKET ERROR - Refresh the browser and try again');
socket.request.session.destroy();
socket.disconnect(true);
}
}
setupConnection();
};

47
app/server/util.js Normal file
View file

@ -0,0 +1,47 @@
/* jshint esversion: 6, asi: true, node: true */
// util.js
// private
const debug = require('debug')('WebSSH2');
const Auth = require('basic-auth');
let defaultCredentials = { username: null, password: null, privatekey: null };
exports.setDefaultCredentials = function setDefaultCredentials({
name: username,
password,
privatekey,
overridebasic,
}) {
defaultCredentials = { username, password, privatekey, overridebasic };
};
exports.basicAuth = function basicAuth(req, res, next) {
const myAuth = Auth(req);
// If Authorize: Basic header exists and the password isn't blank
// AND config.user.overridebasic is false, extract basic credentials
// from client]
const { username, password, privatekey, overridebasic } = defaultCredentials;
if (myAuth && myAuth.pass !== '' && !overridebasic) {
req.session.username = myAuth.name;
req.session.userpassword = myAuth.pass;
debug(`myAuth.name: ${myAuth.name} and password ${myAuth.pass ? 'exists' : 'is blank'}`);
} else {
req.session.username = username;
req.session.userpassword = password;
req.session.privatekey = privatekey;
}
if (!req.session.userpassword && !req.session.privatekey) {
res.statusCode = 401;
debug('basicAuth credential request (401)');
res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"');
res.end('Username and password required for web SSH service.');
return;
}
next();
};
// takes a string, makes it boolean (true if the string is true, false otherwise)
exports.parseBool = function parseBool(str) {
return str.toLowerCase() === 'true';
};

328
app/socket.js
View file

@ -1,328 +0,0 @@
// server
// app/socket.js
const validator = require("validator")
const EventEmitter = require("events")
const SSHConnection = require("./ssh")
const { createNamespacedDebug } = require("./logger")
const { SSHConnectionError, handleError } = require("./errors")
const debug = createNamespacedDebug("socket")
const {
isValidCredentials,
maskSensitiveData,
validateSshTerm
} = require("./utils")
const { MESSAGES } = require("./constants")
class WebSSH2Socket extends EventEmitter {
constructor(socket, config) {
super()
this.socket = socket
this.config = config
this.ssh = new SSHConnection(config)
this.sessionState = {
authenticated: false,
username: null,
password: null,
host: null,
port: null,
term: null,
cols: null,
rows: null
}
this.initializeSocketEvents()
}
initializeSocketEvents() {
debug(`io.on connection: ${this.socket.id}`)
if (
this.socket.handshake.session.usedBasicAuth &&
this.socket.handshake.session.sshCredentials
) {
const creds = this.socket.handshake.session.sshCredentials
debug(
`handleConnection: ${this.socket.id}, Host: ${creds.host}: HTTP Basic Credentials Exist, creds: %O`,
maskSensitiveData(creds)
)
this.handleAuthenticate(creds)
} else if (!this.sessionState.authenticated) {
debug(`handleConnection: ${this.socket.id}, emitting request_auth`)
this.socket.emit("authentication", { action: "request_auth" })
}
this.ssh.on("keyboard-interactive", data => {
this.handleKeyboardInteractive(data)
})
this.socket.on("authenticate", creds => {
this.handleAuthenticate(creds)
})
this.socket.on("terminal", data => {
this.handleTerminal(data)
})
this.socket.on("disconnect", reason => {
this.handleConnectionClose(reason)
})
}
handleKeyboardInteractive(data) {
const self = this
debug(`handleKeyboardInteractive: ${this.socket.id}, %O`, data)
// Send the keyboard-interactive request to the client
this.socket.emit(
"authentication",
Object.assign(
{
action: "keyboard-interactive"
},
data
)
)
// Set up a one-time listener for the client's response
this.socket.once("authentication", clientResponse => {
const maskedclientResponse = maskSensitiveData(clientResponse, {
properties: ["responses"]
})
debug(
"handleKeyboardInteractive: Client response masked %O",
maskedclientResponse
)
if (clientResponse.action === "keyboard-interactive") {
// Forward the client's response to the SSH connection
self.ssh.emit("keyboard-interactive-response", clientResponse.responses)
}
})
}
handleAuthenticate(creds) {
debug(`handleAuthenticate: ${this.socket.id}, %O`, maskSensitiveData(creds))
if (isValidCredentials(creds)) {
this.sessionState.term = validateSshTerm(creds.term)
? creds.term
: this.config.ssh.term
this.initializeConnection(creds)
} else {
debug(`handleAuthenticate: ${this.socket.id}, CREDENTIALS INVALID`)
this.socket.emit("authentication", {
success: false,
message: "Invalid credentials format"
})
}
}
initializeConnection(creds) {
const self = this
debug(
`initializeConnection: ${this.socket.id}, INITIALIZING SSH CONNECTION: Host: ${creds.host}, creds: %O`,
maskSensitiveData(creds)
)
this.ssh
.connect(creds)
.then(() => {
this.sessionState = Object.assign({}, this.sessionState, {
authenticated: true,
username: creds.username,
password: creds.password,
host: creds.host,
port: creds.port
})
const authResult = { action: "auth_result", success: true }
this.socket.emit("authentication", authResult)
const permissions = {
autoLog: this.config.options.autoLog || false,
allowReplay: this.config.options.allowReplay || false,
allowReconnect: this.config.options.allowReconnect || false,
allowReauth: this.config.options.allowReauth || false
}
this.socket.emit("permissions", permissions)
this.updateElement("footer", `ssh://${creds.host}:${creds.port}`)
if (this.config.header && this.config.header.text !== null) {
this.updateElement("header", this.config.header.text)
}
this.socket.emit("getTerminal", true)
})
.catch(err => {
debug(
`initializeConnection: SSH CONNECTION ERROR: ${this.socket.id}, Host: ${creds.host}, Error: ${err.message}`
)
handleError(new SSHConnectionError(`${err.message}`))
this.socket.emit("ssherror", `${err.message}`)
})
}
/**
* Handles terminal data.
* @param {Object} data - The terminal data.
*/
handleTerminal(data) {
const { term, rows, cols } = data
if (term && validateSshTerm(term)) this.sessionState.term = term
if (rows && validator.isInt(rows.toString()))
this.sessionState.rows = parseInt(rows, 10)
if (cols && validator.isInt(cols.toString()))
this.sessionState.cols = parseInt(cols, 10)
this.createShell()
}
/**
* Creates a new SSH shell session.
*/
createShell() {
this.ssh
.shell({
term: this.sessionState.term,
cols: this.sessionState.cols,
rows: this.sessionState.rows
})
.then(stream => {
stream.on("data", data => {
this.socket.emit("data", data.toString("utf-8"))
})
// stream.stderr.on("data", data => debug(`STDERR: ${data}`)) // needed for shell.exec
stream.on("close", (code, signal) => {
debug("close: SSH Stream closed")
this.handleConnectionClose(code, signal)
})
stream.on("end", () => {
debug("end: SSH Stream ended")
})
stream.on("error", (err) => {
debug("error: SSH Stream error %O", err)
})
this.socket.on("data", data => {
stream.write(data)
})
this.socket.on("control", controlData => {
this.handleControl(controlData)
})
this.socket.on("resize", data => {
this.handleResize(data)
})
})
.catch(err => this.handleError("createShell: ERROR", err))
}
handleResize(data) {
const { rows, cols } = data
if (rows && validator.isInt(rows.toString()))
this.sessionState.rows = parseInt(rows, 10)
if (cols && validator.isInt(cols.toString()))
this.sessionState.cols = parseInt(cols, 10)
this.ssh.resizeTerminal(this.sessionState.rows, this.sessionState.cols)
}
/**
* Handles control commands.
* @param {string} controlData - The control command received.
*/
handleControl(controlData) {
if (
validator.isIn(controlData, ["replayCredentials", "reauth"]) &&
this.ssh.stream
) {
if (controlData === "replayCredentials") {
this.replayCredentials()
} else if (controlData === "reauth") {
this.handleReauth()
}
} else {
console.warn(
`handleControl: Invalid control command received: ${controlData}`
)
}
}
/**
* Replays stored credentials.
*/
replayCredentials() {
if (this.config.options.allowReplay && this.ssh.stream) {
this.ssh.stream.write(`${this.sessionState.password}\n`)
}
}
/**
* Handles reauthentication.
*/
handleReauth() {
if (this.config.options.allowReauth) {
this.clearSessionCredentials()
this.socket.emit("authentication", { action: "reauth" })
}
}
/**
* Handles errors.
* @param {string} context - The error context.
* @param {Error} err - The error object.
*/
handleError(context, err) {
const errorMessage = err ? `: ${err.message}` : ""
handleError(new SSHConnectionError(`SSH ${context}${errorMessage}`))
this.socket.emit("ssherror", `SSH ${context}${errorMessage}`)
this.handleConnectionClose()
}
/**
* Updates a UI element on the client side.
* @param {string} element - The element to update.
* @param {any} value - The new value for the element.
*/
updateElement(element, value) {
this.socket.emit("updateUI", { element, value })
}
/**
* Handles the closure of the connection.
* @param {string} reason - The reason for the closure.
*/
handleConnectionClose(code, signal) {
this.ssh.end()
debug(
`handleConnectionClose: ${this.socket.id}, Code: ${code}, Signal: ${signal}`
)
this.socket.disconnect(true)
}
/**
* Clears session credentials.
*/
clearSessionCredentials() {
if (this.socket.handshake.session.sshCredentials) {
this.socket.handshake.session.sshCredentials.username = null
this.socket.handshake.session.sshCredentials.password = null
}
this.socket.handshake.session.usedBasicAuth = false
this.sessionState.authenticated = false
this.sessionState.username = null
this.sessionState.password = null
this.socket.handshake.session.save(err => {
if (err)
console.error(
`clearSessionCredentials: ${MESSAGES.FAILED_SESSION_SAVE} ${this.socket.id}:`,
err
)
})
}
}
module.exports = function(io, config) {
io.on("connection", socket => new WebSSH2Socket(socket, config))
}

205
app/ssh.js
View file

@ -1,205 +0,0 @@
// server
// app/ssh.js
const SSH = require("ssh2").Client
const EventEmitter = require("events")
const { createNamespacedDebug } = require("./logger")
const { SSHConnectionError, handleError } = require("./errors")
const { maskSensitiveData } = require("./utils")
const debug = createNamespacedDebug("ssh")
/**
* SSHConnection class handles SSH connections and operations.
* @extends EventEmitter
*/
class SSHConnection extends EventEmitter {
/**
* Create an SSHConnection.
* @param {Object} config - Configuration object for the SSH connection.
*/
constructor(config) {
super()
this.config = config
this.conn = null
this.stream = null
this.creds = null
}
/**
* Connects to the SSH server using the provided credentials.
* @param {Object} creds - The credentials object containing host, port, username, and password.
* @returns {Promise<SSH>} - A promise that resolves with the SSH connection instance.
*/
connect(creds) {
this.creds = creds
debug("connect: %O", maskSensitiveData(creds))
return new Promise((resolve, reject) => {
if (this.conn) {
this.conn.end()
}
this.conn = new SSH()
const sshConfig = this.getSSHConfig(creds)
this.conn.on("ready", () => {
debug(`connect: ready: ${creds.host}`)
resolve(this.conn)
})
this.conn.on("end", () => {
debug(`connect: end: `)
})
this.conn.on("close", () => {
debug(`connect: close: `)
})
this.conn.on("error", err => {
const error = new SSHConnectionError(`${err.message}`)
handleError(error)
reject(error)
})
this.conn.on(
"keyboard-interactive",
(name, instructions, lang, prompts, finish) => {
this.handleKeyboardInteractive(
name,
instructions,
lang,
prompts,
finish
)
}
)
this.conn.connect(sshConfig)
})
}
/**
* Handles keyboard-interactive authentication prompts.
* @param {string} name - The name of the authentication request.
* @param {string} instructions - The instructions for the keyboard-interactive prompt.
* @param {string} lang - The language of the prompt.
* @param {Array<Object>} prompts - The list of prompts provided by the server.
* @param {Function} finish - The callback to complete the keyboard-interactive authentication.
*/
handleKeyboardInteractive(name, instructions, lang, prompts, finish) {
debug("handleKeyboardInteractive: Keyboard-interactive auth %O", prompts)
// Check if we should always send prompts to the client
if (this.config.ssh.alwaysSendKeyboardInteractivePrompts) {
this.sendPromptsToClient(name, instructions, prompts, finish)
return
}
const responses = []
let shouldSendToClient = false
for (let i = 0; i < prompts.length; i += 1) {
if (
prompts[i].prompt.toLowerCase().includes("password") &&
this.creds.password
) {
responses.push(this.creds.password)
} else {
shouldSendToClient = true
break
}
}
if (shouldSendToClient) {
this.sendPromptsToClient(name, instructions, prompts, finish)
} else {
finish(responses)
}
}
/**
* Sends prompts to the client for keyboard-interactive authentication.
*
* @param {string} name - The name of the authentication method.
* @param {string} instructions - The instructions for the authentication.
* @param {Array<{ prompt: string, echo: boolean }>} prompts - The prompts to be sent to the client.
* @param {Function} finish - The callback function to be called when the client responds.
*/
sendPromptsToClient(name, instructions, prompts, finish) {
this.emit("keyboard-interactive", {
name: name,
instructions: instructions,
prompts: prompts.map(p => ({ prompt: p.prompt, echo: p.echo }))
})
this.once("keyboard-interactive-response", responses => {
finish(responses)
})
}
/**
* Generates the SSH configuration object based on credentials.
* @param {Object} creds - The credentials object containing host, port, username, and password.
* @returns {Object} - The SSH configuration object.
*/
getSSHConfig(creds) {
return {
host: creds.host,
port: creds.port,
username: creds.username,
password: creds.password,
tryKeyboard: true,
algorithms: this.config.ssh.algorithms,
readyTimeout: this.config.ssh.readyTimeout,
keepaliveInterval: this.config.ssh.keepaliveInterval,
keepaliveCountMax: this.config.ssh.keepaliveCountMax,
debug: createNamespacedDebug("ssh2")
}
}
/**
* Opens an interactive shell session over the SSH connection.
* @param {Object} [options] - Optional parameters for the shell.
* @returns {Promise<Object>} - A promise that resolves with the SSH shell stream.
*/
shell(options) {
return new Promise((resolve, reject) => {
this.conn.shell(options, (err, stream) => {
if (err) {
reject(err)
} else {
this.stream = stream
resolve(stream)
}
})
})
}
/**
* Resizes the terminal window for the current SSH session.
* @param {number} rows - The number of rows for the terminal.
* @param {number} cols - The number of columns for the terminal.
*/
resizeTerminal(rows, cols) {
if (this.stream) {
this.stream.setWindow(rows, cols)
}
}
/**
* Ends the SSH connection and stream.
*/
end() {
if (this.stream) {
this.stream.end()
this.stream = null
}
if (this.conn) {
this.conn.end()
this.conn = null
}
}
}
module.exports = SSHConnection

193
app/utils.js
View file

@ -1,193 +0,0 @@
// server
// /app/utils.js
const validator = require("validator")
const Ajv = require("ajv")
const maskObject = require("jsmasker")
const { createNamespacedDebug } = require("./logger")
const { DEFAULTS, MESSAGES } = require("./constants")
const configSchema = require("./configSchema")
const debug = createNamespacedDebug("utils")
/**
* Deep merges two objects
* @param {Object} target - The target object to merge into
* @param {Object} source - The source object to merge from
* @returns {Object} The merged object
*/
function deepMerge(target, source) {
const output = Object.assign({}, target) // Avoid mutating target directly
Object.keys(source).forEach(key => {
if (Object.hasOwnProperty.call(source, key)) {
if (
source[key] instanceof Object &&
!Array.isArray(source[key]) &&
source[key] !== null
) {
output[key] = deepMerge(output[key] || {}, source[key])
} else {
output[key] = source[key]
}
}
})
return output
}
/**
* Determines if a given host is an IP address or a hostname.
* If it's a hostname, it escapes it for safety.
*
* @param {string} host - The host string to validate and escape.
* @returns {string} - The original IP or escaped hostname.
*/
function getValidatedHost(host) {
let validatedHost
if (validator.isIP(host)) {
validatedHost = host
} else {
validatedHost = validator.escape(host)
}
return validatedHost
}
/**
* Validates and sanitizes a port value.
* If no port is provided, defaults to port 22.
* If a port is provided, checks if it is a valid port number (1-65535).
* If the port is invalid, defaults to port 22.
*
* @param {string} [portInput] - The port string to validate and parse.
* @returns {number} - The validated port number.
*/
function getValidatedPort(portInput) {
const defaultPort = DEFAULTS.SSH_PORT
const port = defaultPort
debug("getValidatedPort: input: %O", portInput)
if (portInput) {
if (validator.isInt(portInput, { min: 1, max: 65535 })) {
return parseInt(portInput, 10)
}
}
debug(
"getValidatedPort: port not specified or is invalid, setting port to: %O",
port
)
return port
}
/**
* Checks if the provided credentials object is valid.
*
* @param {Object} creds - The credentials object.
* @param {string} creds.username - The username.
* @param {string} creds.password - The password.
* @param {string} creds.host - The host.
* @param {number} creds.port - The port.
* @returns {boolean} - Returns true if the credentials are valid, otherwise false.
*/
function isValidCredentials(creds) {
return !!(
creds &&
typeof creds.username === "string" &&
typeof creds.password === "string" &&
typeof creds.host === "string" &&
typeof creds.port === "number"
)
}
/**
* Validates and sanitizes the SSH terminal name using validator functions.
* Allows alphanumeric characters, hyphens, and periods.
* Returns null if the terminal name is invalid or not provided.
*
* @param {string} [term] - The terminal name to validate.
* @returns {string|null} - The sanitized terminal name if valid, null otherwise.
*/
function validateSshTerm(term) {
debug(`validateSshTerm: %O`, term)
if (!term) {
return null
}
const validatedSshTerm =
validator.isLength(term, { min: 1, max: 30 }) &&
validator.matches(term, /^[a-zA-Z0-9.-]+$/)
return validatedSshTerm ? term : null
}
/**
* Validates the given configuration object.
*
* @param {Object} config - The configuration object to validate.
* @throws {Error} If the configuration object fails validation.
* @returns {Object} The validated configuration object.
*/
function validateConfig(config) {
const ajv = new Ajv()
const validate = ajv.compile(configSchema)
const valid = validate(config)
if (!valid) {
throw new Error(
`${MESSAGES.CONFIG_VALIDATION_ERROR}: ${ajv.errorsText(validate.errors)}`
)
}
return config
}
/**
* Modify the HTML content by replacing certain placeholders with dynamic values.
* @param {string} html - The original HTML content.
* @param {Object} config - The configuration object to inject into the HTML.
* @returns {string} - The modified HTML content.
*/
function modifyHtml(html, config) {
debug("modifyHtml")
const modifiedHtml = html.replace(
/(src|href)="(?!http|\/\/)/g,
'$1="/ssh/assets/'
)
return modifiedHtml.replace(
"window.webssh2Config = null;",
`window.webssh2Config = ${JSON.stringify(config)};`
)
}
/**
* Masks sensitive information in an object
* @param {Object} obj - The object to mask
* @param {Object} [options] - Optional configuration for masking
* @param {string[]} [options.properties=['password', 'key', 'secret', 'token']] - The properties to be masked
* @param {number} [options.maskLength=8] - The length of the generated mask
* @param {number} [options.minLength=5] - The minimum length of the generated mask
* @param {number} [options.maxLength=15] - The maximum length of the generated mask
* @param {string} [options.maskChar='*'] - The character used for masking
* @param {boolean} [options.fullMask=false] - Whether to use a full mask for all properties
* @returns {Object} The masked object
*/
function maskSensitiveData(obj, options) {
const defaultOptions = {}
debug("maskSensitiveData")
const maskingOptions = Object.assign({}, defaultOptions, options || {})
const maskedObject = maskObject(obj, maskingOptions)
return maskedObject
}
module.exports = {
deepMerge,
getValidatedHost,
getValidatedPort,
isValidCredentials,
maskSensitiveData,
modifyHtml,
validateConfig,
validateSshTerm
}

BIN
bin/BIG-IP-ILX-WebSSH2-current.tgz
View file

Binary file not shown.

1
bin/BIG-IP-ILX-WebSSH2-current.tgz.sha256
View file

@ -1 +0,0 @@
b512ae8f04eba0eab29e026542fab1063b1bb4ae6db04e3613a8939260fe031c Build/Release/BIG-IP-ILX-WebSSH2-0.2.9.tgz

BIN
bun.lockb Executable file
View file

Binary file not shown.

BIN
images/Screenshot.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1,019 KiB

BIN
images/orthrus.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 103 KiB

BIN
images/orthrus.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 150 KiB

BIN
images/orthrus2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 118 KiB

43
images/orthrus2.txt
View file

@ -1,43 +0,0 @@
                                                                                  
                       .     ..                                                   
    .:rsXXr;,.       .sAsrirsA2:        .,;irri;,.                                
  .i5352XA535X;......,525555225r.......;rsrri;irss:                               
 .s3Ar;,,,isX23333552;A22AAAA2A;;rsXA235Xr;,.,,::is:                              
 ;2sii,:r2MS&BH3X2355irAAAAAAXs:;iii;iXM@BS3X;.,::;r,                             
.isr;..rAAS9#352rrisAA:sXXXXsr;:i;:::;ii39#3si,..:;i:        .,:;ii;,.            
.,,.  ,rr.X9H55rs..:sXX:isiri::;;r..i;iiX#H,;i:. ..,.      ,s3G##3s;,.            
      ,r2.s9H5Ar2..iMr5X;,.,,:i;A3:.XA;i2#h.rX,.      ., .rG9#Shi.                
  ..,:iXh5G9#h2sh2AH5X22Asi;iii;sGM3HX;XS993h2r;:,.   r3,XBSGG3X.                 
 .;iiiiirMB9##H5255AX2222Ariiiii;isXss5S##9Msrrrii;,. XSrGSGG522;                 
 ::.....,3#SSSSSGMM32222AAsiiiiiis23MS#SS##5,.....,r. ;SMGGGM2222s:.  .           
 :MX;;s2HSGGGGGSMX3GM2AAAA2ri;;i5G3XhSSGGGGSM2si;s3X. .XGGGGH5AAA22X;.;r.         
 .ih3s2hMHHHHMh2A3Mhh5AA25h5XXXA33h3A2hHGGGHMh5s5h2,   .i5hMHM2AAAA22Arhr.        
   :riAXXXXXXXA222XsrsA25MGH522XssXA2AXXAAXXXXAXii.     .;rX2552XXXXXAA55,..      
     ,;sXXXssr;:,,,:rA25hGGGH522X;,.,:;irsXXXsr:.       .;rrsXXAAXrssssA2;s;      
       ......,:,;rX2525hGGGGGH5222Asi,,i......             .....:XsrsrrsAr2;      
            .X5AA52225hHHHHHHGH52225AXAhr.                      .rsrrrrXAAA.      
            ih2522225MHHHHHHHHGH322222225,                     ,isrriirAAA:       
           ,52222253MHHHHHHHHHHHH352225iX;,....,,::;;;;;:,..:;rsriiiirAAX:.       
           :r55255hHHHHHHHGHHHHHHM3222s;iXAA22255555555MSH5AriiiiiirXAXrsr.       
            ;rA53MHHHHMMHG55HHMhhhAXXssXXXssXAA222AAA2hGSSS#G2isXAAAAXsi:.        
            .,i235HHMMhM3ssH32X2hhAsXA2AXXXssssXXXXXAhGGh2AA5HMrsAXXXr,           
            .X5ssr5MMM5AAXsXX2hHH5223hhh2XsssssssssX3HH2rrisXAhH;,.....           
            :SGM332A3hhhMM3hHGGGh22hM2A5hXssssssssX3HHMrrrAhriiA5,                
            i#HHHMMh3hMMMMh3HHHG322M3AX53XrssssssX23HHMsri2MsiiiXr.               
            iSHH55MMM33MMM2XGHHHhAA5h333AXisssXXA2AAMMH2iir232XrrA.               
            :GMMAX2335X5552i3HHHH32AAAAXXArAAA222AAshMMM2riirrirX5,               
            .AHM3sir222AAA2XihMMMHM355552ssXA2222AArsHMMMh2AXX2355:               
             ,hMh5XrisA2AA22Xi3MMMMMMMM3AsXrr2Xr;:,,,2MMMMMMMMMh55i               
              sHMh22s:,:::irsrihMMMMMhh32Asi:,....:;.,Ahhhhhhhh35A2,              
              :MMMh2AXi;:;,....XMMMMMhh3AAXi...,,:r;  .r23333335AAAAi,..          
              .5Mhh3AAAAXr,    ;MMMMMMh52X;;;;iirrXX,. .,iX2222AAAAA222:          
              .XMhhh5AA2i;.    ,hMMMMMh52s,isXXXXXXAAX:  ..,;rAAAAAAAA2,          
              .XMhhh5AA2:      .5Mhhhhh22r..,:sXXXXXX2;      .sAAAAAAAX.          
              .XMhhh5AA2,      .5hhhhh322i    ;XXXXXXA,      .s2AAAAAAr.          
              .Ahhhh2AAX.      .5hhhhh5A2:   .iXXXXXAs.      .A5552AA2;           
              :hhh332A2r.      :hhhhh32A2,   ,XXXXXXA;       :333332A2:           
         .,;:,s55335AA2:  .,,;;rA253h5AAA,,,,iXXXXXXA,  ..,;:r22535AAX.           
       .iXG55HM3225AAAX. :5XM#25Mh525AAArrrsssssXXXAi. ,sXHhAhh5A22XAi.           
       :sA5i22222AAAAX: .r5i55i55222AAAX;siXXXXAAAAr.  ;Xs5rs522AAAAr.            
       .,,;::;;;;;;;:.  ..:::;,:;;;;;;:,::::;;;;;;,.   .:,;:,;;;;;;:.             
                                                                                  

BIN
images/orthrus2.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 219 KiB

BIN
images/orthrus2a.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 81 KiB

27
index.js
View file

@ -1,27 +0,0 @@
#!/usr/bin/env node
// server
// index.js
/**
* index.js
*
* WebSSH2 - Web to SSH2 gateway
* Bill Church - https://github.com/billchurch/WebSSH2 - May 2017
*/
const { initializeServer } = require("./app/app")
/**
* Main function to start the application
*/
function main() {
initializeServer()
}
// Run the application
main()
// For testing purposes, export the functions
module.exports = {
initializeServer
}

7
jsconfig.json
View file

@ -1,7 +0,0 @@
{
"compilerOptions": {
"module": "CommonJS",
"target": "ES6"
},
"exclude": ["node_modules"]
}

9724
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

97
package.json
View file

@ -1,95 +1,6 @@
{
"name": "webssh2-server",
"version": "0.2.20",
"ignore": [
".gitignore"
],
"bin": {
"webssh2-server": "./index.js"
},
"description": "A Websocket to SSH2 gateway using xterm.js, socket.io, ssh2",
"homepage": "https://github.com/billchurch/WebSSH2",
"keywords": [
"ssh",
"webssh",
"terminal",
"webterminal"
],
"license": "SEE LICENSE IN FILE - LICENSE",
"private": false,
"repository": {
"type": "git",
"url": "git+https://github.com/billchurch/WebSSH2.git"
},
"contributors": [
"Bill Church <wmchurch@gmail.com>"
],
"engines": {
"node": ">= 6"
},
"bugs": {
"url": "https://github.com/billchurch/WebSSH2/issues"
},
"dependencies": {
"ajv": "^8.17.1",
"basic-auth": "^2.0.1",
"body-parser": "^1.20.3",
"debug": "^4.3.7",
"express": "^4.21.1",
"express-session": "^1.18.1",
"express-socket.io-session": "^1.3.5",
"jsmasker": "^1.2.0",
"read-config-ng": "~3.0.7",
"socket.io": "~4.8.0",
"ssh2": "~1.16.0",
"validator": "^13.12.0",
"webssh2_client": "^1.0.0"
},
"scripts": {
"start": "node index.js",
"lint": "eslint app",
"lint:fix": "eslint app --fix",
"watch": "NODE_ENV=development DEBUG=webssh* nodemon index.js -w app/ -w index.js -w config.json -w package.json",
"test": "jest",
"release": "standard-version -a -s --release-as patch --commit-all",
"release:dry-run": "standard-version -a -s --release-as patch --dry-run",
"publish:dry-run": "npm publish --dry-run",
"publish:npm": "npm publish",
"pretest": "npm run lint",
"ci": "npm run test",
"release:major": "npm run release -- --release-as major",
"release:minor": "npm run release -- --release-as minor",
"release:patch": "npm run release -- --release-as patch"
},
"jest": {
"testEnvironment": "node",
"testMatch": [
"**/tests/**/*.test.js"
]
},
"standard": {
"ignore": [
"bin/*",
"build/*"
]
},
"dependencies": {},
"devDependencies": {
"eslint": "^8.57.1",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-jest": "^28.8.3",
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-prettier": "^5.2.1",
"jest": "^29.7.0",
"nodemon": "^3.1.7",
"prettier": "^3.3.3",
"prettier-eslint": "^16.3.0",
"standard-version": "^9.5.0"
},
"main": "index.js",
"directories": {
"test": "tests"
},
"author": ""
}
"bun-types": "^1.0.1"
}
}

14
release-please-config.json Normal file
View file

@ -0,0 +1,14 @@
{
"changelogPath": "CHANGELOG.md",
"include-v-in-tags": false,
"prerelease": true,
"packages": {
"app": {
"releaseType": "node",
"draft": false,
"bumpMinorPreMajor": false,
"bumpPatchForMinorPreMajor": false,
"versioning": "default"
}
}
}

11
tests/crypto-utils.test.js
View file

@ -1,11 +0,0 @@
// server
// tests/crypto-utils.test.js
const { generateSecureSecret } = require("../app/crypto-utils")
describe("generateSecureSecret", () => {
it("should generate a 64-character hex string", () => {
const secret = generateSecureSecret()
expect(secret).toMatch(/^[0-9a-f]{64}$/)
})
})

88
tests/errors.test.js
View file

@ -1,88 +0,0 @@
const {
WebSSH2Error,
ConfigError,
SSHConnectionError,
handleError
} = require("../app/errors")
const { logError } = require("../app/logger")
const { HTTP, MESSAGES } = require("../app/constants")
jest.mock("../app/logger", () => ({
logError: jest.fn(),
createNamespacedDebug: jest.fn(() => jest.fn())
}))
describe("errors", () => {
afterEach(() => {
jest.clearAllMocks()
})
describe("WebSSH2Error", () => {
it("should create a WebSSH2Error with correct properties", () => {
const error = new WebSSH2Error("Test error", "TEST_CODE")
expect(error).toBeInstanceOf(Error)
expect(error.name).toBe("WebSSH2Error")
expect(error.message).toBe("Test error")
expect(error.code).toBe("TEST_CODE")
})
})
describe("ConfigError", () => {
it("should create a ConfigError with correct properties", () => {
const error = new ConfigError("Config error")
expect(error).toBeInstanceOf(WebSSH2Error)
expect(error.name).toBe("ConfigError")
expect(error.message).toBe("Config error")
expect(error.code).toBe(MESSAGES.CONFIG_ERROR)
})
})
describe("SSHConnectionError", () => {
it("should create a SSHConnectionError with correct properties", () => {
const error = new SSHConnectionError("SSH connection error")
expect(error).toBeInstanceOf(WebSSH2Error)
expect(error.name).toBe("SSHConnectionError")
expect(error.message).toBe("SSH connection error")
expect(error.code).toBe(MESSAGES.SSH_CONNECTION_ERROR)
})
})
describe("handleError", () => {
const mockRes = {
status: jest.fn(() => mockRes),
json: jest.fn()
}
it("should handle WebSSH2Error correctly", () => {
const error = new WebSSH2Error("Test error", "TEST_CODE")
handleError(error, mockRes)
expect(logError).toHaveBeenCalledWith("Test error", error)
expect(mockRes.status).toHaveBeenCalledWith(HTTP.INTERNAL_SERVER_ERROR)
expect(mockRes.json).toHaveBeenCalledWith({
error: "Test error",
code: "TEST_CODE"
})
})
it("should handle generic Error correctly", () => {
const error = new Error("Generic error")
handleError(error, mockRes)
expect(logError).toHaveBeenCalledWith(MESSAGES.UNEXPECTED_ERROR, error)
expect(mockRes.status).toHaveBeenCalledWith(HTTP.INTERNAL_SERVER_ERROR)
expect(mockRes.json).toHaveBeenCalledWith({
error: MESSAGES.UNEXPECTED_ERROR
})
})
it("should not send response if res is not provided", () => {
const error = new Error("No response error")
handleError(error)
expect(logError).toHaveBeenCalledWith(MESSAGES.UNEXPECTED_ERROR, error)
expect(mockRes.status).not.toHaveBeenCalled()
expect(mockRes.json).not.toHaveBeenCalled()
})
})
})

48
tests/logger.test.js
View file

@ -1,48 +0,0 @@
// server
// tests/logger.test.js
const createDebug = require("debug")
const { createNamespacedDebug, logError } = require("../app/logger")
jest.mock("debug")
describe("logger", () => {
beforeEach(() => {
jest.clearAllMocks()
console.error = jest.fn()
})
describe("createNamespacedDebug", () => {
it("should create a debug function with the correct namespace", () => {
const mockDebug = jest.fn()
createDebug.mockReturnValue(mockDebug)
const result = createNamespacedDebug("test")
expect(createDebug).toHaveBeenCalledWith("webssh2:test")
expect(result).toBe(mockDebug)
})
})
describe("logError", () => {
it("should log an error message without an error object", () => {
const message = "Test error message"
logError(message)
expect(console.error).toHaveBeenCalledWith(message)
expect(console.error).toHaveBeenCalledTimes(1)
})
it("should log an error message with an error object", () => {
const message = "Test error message"
const error = new Error("Test error")
logError(message, error)
expect(console.error).toHaveBeenCalledWith(message)
expect(console.error).toHaveBeenCalledWith("ERROR: Error: Test error")
expect(console.error).toHaveBeenCalledTimes(2)
})
})
})

31
tests/servers/keyboard-interactive/Dockerfile
View file

@ -1,31 +0,0 @@
# Use the Debian Bullseye Slim image as the base
FROM debian:bullseye-slim
# Install the necessary packages
RUN apt-get update && \
apt-get install -y --no-install-recommends \
openssh-server htop mc sudo bash bash-completion readline-common && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Configure SSH server
RUN mkdir /var/run/sshd && \
sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config && \
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config && \
echo 'Port 4444' >> /etc/ssh/sshd_config && \
echo 'UsePAM yes' >> /etc/ssh/sshd_config && \
echo 'AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config
COPY --chmod=755 orthrus2.sh /etc/profile.d/ascii-art.sh
# Add a test user with a password
RUN useradd -m -s /bin/bash testuser && \
echo "testuser:testpassword" | chpasswd
COPY --chown=testuser:testuser --chmod=755 color-test.sh /home/testuser/color-test.sh
# Expose port 4444
EXPOSE 4444
# Start the SSH server
CMD ["/usr/sbin/sshd", "-D", "-e"]

58
tests/servers/keyboard-interactive/README.md
View file

@ -1,58 +0,0 @@
# Keyboard Interactive SSH Server
A test SSH server that uses keyboard-interactive authentication and listens on port 4444:
```Dockerfile
# Use the Debian Bullseye Slim image as the base
FROM debian:bullseye-slim
# Install the necessary packages
# Use the Debian Bullseye Slim image as the base
FROM debian:bullseye-slim
# Install the necessary packages
RUN apt-get update && \
apt-get install htop -y --no-install-recommends \
openssh-server && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Configure SSH server
RUN mkdir /var/run/sshd && \
sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config && \
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config && \
echo 'Port 4444' >> /etc/ssh/sshd_config && \
echo 'UsePAM yes' >> /etc/ssh/sshd_config && \
echo 'AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config
# Add a test user with a password
RUN useradd -m testuser && \
echo "testuser:testpassword" | chpasswd
# Expose port 4444
EXPOSE 4444
# Start the SSH server
CMD ["/usr/sbin/sshd", "-D", "-e"]
```
### Instructions:
1. **Build the Docker image**:
```bash
docker build -t keyboard-ssh-server .
```
2. **Run the container**:
```bash
docker run --rm -p 4444:4444 --name keyboard-ssh-server keyboard-ssh-server
```
This Dockerfile sets up an SSH server that listens on port 4444 and uses keyboard-interactive authentication. The `testuser` has been created with the password `testpassword`.
You can connect to this SSH server using the following command:
```bash
ssh -p 4444 testuser@localhost
```
You'll be prompted for a password as part of the keyboard-interactive authentication process.

Some files were not shown because too many files have changed in this diff Show more