mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Added SSH Key support.
This commit is contained in:
parent
b07a682044
commit
6798415c92
84
apprelays.js
84
apprelays.js
@ -338,7 +338,18 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
|
||||
var connectionOptions = { sock: obj.ser }
|
||||
if (typeof obj.username == 'string') { connectionOptions.username = obj.username; delete obj.username; }
|
||||
if (typeof obj.password == 'string') { connectionOptions.password = obj.password; delete obj.password; }
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
if (typeof obj.privateKey == 'string') { connectionOptions.privateKey = obj.privateKey; delete obj.privateKey; }
|
||||
if (typeof obj.privateKeyPass == 'string') { connectionOptions.passphrase = obj.privateKeyPass; delete obj.privateKeyPass; }
|
||||
try {
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
} catch (ex) {
|
||||
// Exception, this is generally because we did not provide proper credentials. Ask again.
|
||||
obj.relayActive = false;
|
||||
delete obj.sshClient;
|
||||
delete obj.ser.forwardwrite;
|
||||
obj.close();
|
||||
return;
|
||||
}
|
||||
|
||||
// We are all set, start receiving data
|
||||
ws._socket.resume();
|
||||
@ -372,6 +383,8 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
|
||||
obj.termSize = msg;
|
||||
obj.username = msg.username;
|
||||
obj.password = msg.password;
|
||||
obj.privateKey = msg.key;
|
||||
obj.privateKeyPass = msg.keypass;
|
||||
startRelayConnection();
|
||||
break;
|
||||
}
|
||||
@ -472,10 +485,14 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
|
||||
const changed = (node.ssh == null);
|
||||
|
||||
// Check if credentials are the same
|
||||
if ((typeof node.ssh == 'object') && (node.ssh.u == obj.username) && (node.ssh.p == obj.password)) return;
|
||||
//if ((typeof node.ssh == 'object') && (node.ssh.u == obj.username) && (node.ssh.p == obj.password)) return; // TODO
|
||||
|
||||
// Save the credentials
|
||||
node.ssh = { u: obj.username, p: obj.password };
|
||||
if (obj.password != null) {
|
||||
node.ssh = { u: obj.username, p: obj.password };
|
||||
} else if (obj.privateKey != null) {
|
||||
node.ssh = { u: obj.username, k: obj.privateKey, kp: obj.privateKeyPass };
|
||||
}
|
||||
parent.parent.db.Set(node);
|
||||
|
||||
// Event node change if needed
|
||||
@ -538,7 +555,17 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
|
||||
var connectionOptions = { sock: obj.ser }
|
||||
if (typeof obj.username == 'string') { connectionOptions.username = obj.username; }
|
||||
if (typeof obj.password == 'string') { connectionOptions.password = obj.password; }
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
if (typeof obj.privateKey == 'string') { connectionOptions.privateKey = obj.privateKey; }
|
||||
if (typeof obj.privateKeyPass == 'string') { connectionOptions.passphrase = obj.privateKeyPass; }
|
||||
try {
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
} catch (ex) {
|
||||
// Exception, this is generally because we did not provide proper credentials. Ask again.
|
||||
obj.relayActive = false;
|
||||
delete obj.sshClient;
|
||||
delete obj.ser.forwardwrite;
|
||||
try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
|
||||
}
|
||||
|
||||
// We are all set, start receiving data
|
||||
ws._socket.resume();
|
||||
@ -569,13 +596,15 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
|
||||
switch (msg.action) {
|
||||
case 'sshauth': {
|
||||
// Verify inputs
|
||||
if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
|
||||
if ((typeof msg.username != 'string') || ((typeof msg.password != 'string') && (typeof msg.key != 'string'))) break;
|
||||
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
|
||||
|
||||
obj.keep = msg.keep; // If true, keep store credentials on the server if the SSH tunnel connected succesfully.
|
||||
obj.termSize = msg;
|
||||
obj.username = msg.username;
|
||||
obj.password = msg.password;
|
||||
obj.privateKey = msg.key;
|
||||
obj.privateKeyPass = msg.keypass;
|
||||
|
||||
// Create a mesh relay authentication cookie
|
||||
var cookieContent = { userid: user._id, domainid: user.domain, nodeid: obj.nodeid, tcpport: obj.tcpport };
|
||||
@ -588,7 +617,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
|
||||
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
|
||||
obj.termSize = msg;
|
||||
|
||||
if ((obj.username == null) || (obj.password == null)) return;
|
||||
if ((obj.username == null) || ((obj.password == null) && (obj.privateKey == null))) return;
|
||||
|
||||
// Create a mesh relay authentication cookie
|
||||
var cookieContent = { userid: user._id, domainid: user.domain, nodeid: obj.nodeid, tcpport: obj.tcpport };
|
||||
@ -639,13 +668,18 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
|
||||
if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
|
||||
const node = nodes[0];
|
||||
|
||||
if ((node.ssh == null) || (typeof node.ssh != 'object') || (typeof node.ssh.u != 'string') || (typeof node.ssh.p != 'string')) {
|
||||
if ((node.ssh == null) || (typeof node.ssh != 'object') || (typeof node.ssh.u != 'string') || ((typeof node.ssh.p != 'string') && (typeof node.ssh.k != 'string'))) {
|
||||
// Send a request for SSH authentication
|
||||
try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
|
||||
} else {
|
||||
// Use our existing credentials
|
||||
obj.username = node.ssh.u;
|
||||
obj.password = node.ssh.p;
|
||||
if (typeof node.ssh.p == 'string') {
|
||||
obj.password = node.ssh.p;
|
||||
} else if (typeof node.ssh.k == 'string') {
|
||||
obj.privateKey = node.ssh.k;
|
||||
obj.privateKeyPass = node.ssh.kp;
|
||||
}
|
||||
try { ws.send(JSON.stringify({ action: 'sshautoauth' })) } catch (ex) { }
|
||||
}
|
||||
});
|
||||
@ -722,8 +756,15 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
|
||||
const node = nodes[0];
|
||||
const changed = (node.ssh == null);
|
||||
|
||||
// Check if credentials are the same
|
||||
//if ((typeof node.ssh == 'object') && (node.ssh.u == obj.username) && (node.ssh.p == obj.password)) return; // TODO
|
||||
|
||||
// Save the credentials
|
||||
node.ssh = { u: obj.username, p: obj.password };
|
||||
if (obj.password != null) {
|
||||
node.ssh = { u: obj.username, p: obj.password };
|
||||
} else if (obj.privateKey != null) {
|
||||
node.ssh = { u: obj.username, k: obj.privateKey, kp: obj.privateKeyPass };
|
||||
}
|
||||
parent.parent.db.Set(node);
|
||||
|
||||
// Event node change if needed
|
||||
@ -781,7 +822,17 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
|
||||
var connectionOptions = { sock: obj.ser }
|
||||
if (typeof obj.username == 'string') { connectionOptions.username = obj.username; }
|
||||
if (typeof obj.password == 'string') { connectionOptions.password = obj.password; }
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
if (typeof obj.privateKey == 'string') { connectionOptions.privateKey = obj.privateKey; }
|
||||
if (typeof obj.privateKeyPass == 'string') { connectionOptions.passphrase = obj.privateKeyPass; }
|
||||
try {
|
||||
obj.sshClient.connect(connectionOptions);
|
||||
} catch (ex) {
|
||||
// Exception, this is generally because we did not provide proper credentials. Ask again.
|
||||
obj.relayActive = false;
|
||||
delete obj.sshClient;
|
||||
delete obj.ser.forwardwrite;
|
||||
try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
|
||||
}
|
||||
|
||||
// We are all set, start receiving data
|
||||
ws._socket.resume();
|
||||
@ -995,11 +1046,13 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
|
||||
if (obj.sshClient != null) return;
|
||||
|
||||
// Verify inputs
|
||||
if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
|
||||
if ((typeof msg.username != 'string') || ((typeof msg.password != 'string') && (typeof msg.key != 'string'))) break;
|
||||
|
||||
obj.keep = (msg.keep === true); // If true, keep store credentials on the server if the SSH tunnel connected succesfully.
|
||||
obj.username = msg.username;
|
||||
obj.password = msg.password;
|
||||
obj.privateKey = msg.key;
|
||||
obj.privateKeyPass = msg.keypass;
|
||||
|
||||
// Create a mesh relay authentication cookie
|
||||
var cookieContent = { userid: user._id, domainid: user.domain, nodeid: obj.nodeid, tcpport: obj.tcpport };
|
||||
@ -1068,13 +1121,18 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
|
||||
if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
|
||||
const node = nodes[0];
|
||||
|
||||
if ((node.ssh == null) || (typeof node.ssh != 'object') || (typeof node.ssh.u != 'string') || (typeof node.ssh.p != 'string')) {
|
||||
if ((node.ssh == null) || (typeof node.ssh != 'object') || (typeof node.ssh.u != 'string') || ((typeof node.ssh.p != 'string') && (typeof node.ssh.k != 'string'))) {
|
||||
// Send a request for SSH authentication
|
||||
try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
|
||||
} else {
|
||||
// Use our existing credentials
|
||||
obj.username = node.ssh.u;
|
||||
obj.password = node.ssh.p;
|
||||
if (typeof node.ssh.p == 'string') {
|
||||
obj.password = node.ssh.p;
|
||||
} else if (typeof node.ssh.k == 'string') {
|
||||
obj.privateKey = node.ssh.k;
|
||||
obj.privateKeyPass = node.ssh.kp;
|
||||
}
|
||||
|
||||
// Create a mesh relay authentication cookie
|
||||
var cookieContent = { userid: user._id, domainid: user.domain, nodeid: obj.nodeid, tcpport: obj.tcpport };
|
||||
|
@ -717,7 +717,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (docs[i].pmt != null) { docs[i].pmt = 1; }
|
||||
|
||||
// Remove SSH credentials if present
|
||||
if (docs[i].ssh != null) { docs[i].ssh = 1; }
|
||||
if (docs[i].ssh != null) { docs[i].ssh = (docs[i].ssh.k) ? 2 : 1; }
|
||||
|
||||
// Remove RDP credentials if present
|
||||
if (docs[i].rdp != null) { docs[i].rdp = 1; }
|
||||
|
@ -3439,10 +3439,10 @@
|
||||
if ((node.ssh != null) || (node.rdp != null)) {
|
||||
var y = [];
|
||||
if ((meshrights & 4) != 0) {
|
||||
if (node.ssh != null) { y.push('<span onclick=showClearSshDialog(3) style=cursor:pointer>' + "SSH" + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
if (node.ssh != null) { y.push('<span onclick=showClearSshDialog(3) style=cursor:pointer>' + ((node.ssh == 2) ? "SSH-Key" : "SSH") + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
if (node.rdp != null) { y.push('<span onclick=showClearRdpDialog(3) style=cursor:pointer>' + "RDP" + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
} else {
|
||||
if (node.ssh != null) { y.push("SSH"); }
|
||||
if (node.ssh != null) { y.push(((node.ssh == 2) ? "SSH-Key" : "SSH")); }
|
||||
if (node.rdp != null) { y.push("RDP"); }
|
||||
}
|
||||
x += addDeviceAttribute("Credentials", y.join(', '));
|
||||
|
@ -6624,10 +6624,10 @@
|
||||
if ((node.ssh != null) || (node.rdp != null)) {
|
||||
var y = [];
|
||||
if ((meshrights & 4) != 0) {
|
||||
if (node.ssh != null) { y.push('<span onclick=showClearSshDialog(3) style=cursor:pointer>' + "SSH" + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
if (node.ssh != null) { y.push('<span onclick=showClearSshDialog(3) style=cursor:pointer>' + ((node.ssh == 2)?"SSH-Key":"SSH") + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
if (node.rdp != null) { y.push('<span onclick=showClearRdpDialog(3) style=cursor:pointer>' + "RDP" + ' <img class=hoverButton src="images/link5.png" width=10 height=10 /></span>'); }
|
||||
} else {
|
||||
if (node.ssh != null) { y.push("SSH"); }
|
||||
if (node.ssh != null) { y.push(((node.ssh == 2)?"SSH-Key":"SSH")); }
|
||||
if (node.rdp != null) { y.push("RDP"); }
|
||||
}
|
||||
x += addDeviceAttribute("Credentials", y.join(', '));
|
||||
@ -8957,11 +8957,17 @@
|
||||
switch (j.action) {
|
||||
case 'sshauth': {
|
||||
var x = '';
|
||||
x += addHtmlValue("Username", '<input id=dp2user style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthKeyUp(event) />');
|
||||
x += addHtmlValue("Password", '<input type=password id=dp2pass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthKeyUp(event) />');
|
||||
x += addHtmlValue("Authentication", '<select id=dp2authmethod style=width:230px onchange=sshAuthUpdate(event)><option value=1 selected>' + "Username & Password" + '</option><option value=2>' + "Username and Key" + '</option></select>')
|
||||
x += addHtmlValue("Username", '<input id=dp2user style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '<div id=d2passauth>';
|
||||
x += addHtmlValue("Password", '<input type=password id=dp2pass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '</div><div id=d2keyauth style=display:none>';
|
||||
x += addHtmlValue("Key File", '<input type=file id=dp2key style=width:230px maxlength=64 autocomplete=off onchange=sshAuthUpdate(event) />');
|
||||
x += addHtmlValue("Key Password", '<input type=password id=dp2keypass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '</div>';
|
||||
x += addHtmlValue('', '<label><input id=dp2keep type=checkbox>' + "Remember credentials" + '</label>');
|
||||
setDialogMode(2, "Authentication", 11, sshConnectEx, x, 'ssh');
|
||||
setTimeout(sshAuthKeyUp, 50);
|
||||
setTimeout(sshAuthUpdate, 50);
|
||||
break;
|
||||
}
|
||||
case 'sshautoauth': {
|
||||
@ -8977,12 +8983,35 @@
|
||||
}
|
||||
}
|
||||
|
||||
function sshAuthKeyUp(e) { QE('idx_dlgOkButton', (Q('dp2user').value.length > 0) && (Q('dp2pass').value.length > 0)); }
|
||||
function sshAuthUpdate(e) {
|
||||
QV('d2passauth', Q('dp2authmethod').value == 1);
|
||||
QV('d2keyauth', Q('dp2authmethod').value == 2);
|
||||
if (Q('dp2authmethod').value == 1) {
|
||||
QE('idx_dlgOkButton', (Q('dp2user').value.length > 0) && (Q('dp2pass').value.length > 0));
|
||||
} else {
|
||||
QE('idx_dlgOkButton', false);
|
||||
var ok = (Q('dp2user').value.length > 0) && (Q('dp2key').files != null) && (Q('dp2key').files.length == 1) && (Q('dp2key').files[0].size < 8000);
|
||||
if (ok == true) {
|
||||
var reader = new FileReader();
|
||||
reader.onload = function (e) {
|
||||
var validkey = ((e.target.result.indexOf('-----BEGIN OPENSSH PRIVATE KEY-----') >= 0) && (e.target.result.indexOf('-----END OPENSSH PRIVATE KEY-----') >= 0));
|
||||
QE('idx_dlgOkButton', validkey);
|
||||
}
|
||||
reader.readAsText(Q('dp2key').files[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
function sshConnectEx(b) {
|
||||
if (b == 0) {
|
||||
if (terminal != null) { connectTerminal(); } // Disconnect
|
||||
} else {
|
||||
terminal.socket.send(JSON.stringify({ action: 'sshauth', username: Q('dp2user').value, password: Q('dp2pass').value, keep: Q('dp2keep').checked, cols: xterm.cols, rows: xterm.rows, width: Q('termarea3xdiv').offsetWidth, height: Q('termarea3xdiv').offsetHeight }));
|
||||
if (Q('dp2authmethod').value == 1) {
|
||||
terminal.socket.send(JSON.stringify({ action: 'sshauth', username: Q('dp2user').value, password: Q('dp2pass').value, keep: Q('dp2keep').checked, cols: xterm.cols, rows: xterm.rows, width: Q('termarea3xdiv').offsetWidth, height: Q('termarea3xdiv').offsetHeight }));
|
||||
} else {
|
||||
var reader = new FileReader(), username = Q('dp2user').value, keypass = Q('dp2keypass').value, keep = Q('dp2keep').checked;
|
||||
reader.onload = function (e) { terminal.socket.send(JSON.stringify({ action: 'sshauth', username: username, keypass: keypass, key: e.target.result, keep: keep, cols: xterm.cols, rows: xterm.rows, width: Q('termarea3xdiv').offsetWidth, height: Q('termarea3xdiv').offsetHeight })); }
|
||||
reader.readAsText(Q('dp2key').files[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -9312,11 +9341,17 @@
|
||||
switch (data.action) {
|
||||
case 'sshauth': {
|
||||
var x = '';
|
||||
x += addHtmlValue("Username", '<input id=dp2user style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthKeyUp(event) />');
|
||||
x += addHtmlValue("Password", '<input type=password id=dp2pass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthKeyUp(event) />');
|
||||
x += addHtmlValue("Authentication", '<select id=dp2authmethod style=width:230px onchange=sshAuthUpdate(event)><option value=1 selected>' + "Username & Password" + '</option><option value=2>' + "Username and Key" + '</option></select>')
|
||||
x += addHtmlValue("Username", '<input id=dp2user style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '<div id=d2passauth>';
|
||||
x += addHtmlValue("Password", '<input type=password id=dp2pass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '</div><div id=d2keyauth style=display:none>';
|
||||
x += addHtmlValue("Key File", '<input type=file id=dp2key style=width:230px maxlength=64 autocomplete=off onchange=sshAuthUpdate(event) />');
|
||||
x += addHtmlValue("Key Password", '<input type=password id=dp2keypass style=width:230px maxlength=64 autocomplete=off onkeyup=sshAuthUpdate(event) />');
|
||||
x += '</div>';
|
||||
x += addHtmlValue('', '<label><input id=dp2keep type=checkbox>' + "Remember credentials" + '</label>');
|
||||
setDialogMode(2, "Authentication", 11, p13sshConnectEx, x, 'ssh');
|
||||
setTimeout(sshAuthKeyUp, 50);
|
||||
setTimeout(sshAuthUpdate, 50);
|
||||
return;
|
||||
}
|
||||
case 'autherror': { p13setConsoleMsg("Authentication Error", 5000); return; }
|
||||
@ -9367,7 +9402,13 @@
|
||||
if (b == 0) {
|
||||
if (files != null) { connectFiles(); } // Disconnect
|
||||
} else {
|
||||
files.socket.send(JSON.stringify({ action: 'sshauth', username: Q('dp2user').value, password: Q('dp2pass').value, keep: Q('dp2keep').checked }));
|
||||
if (Q('dp2authmethod').value == 1) {
|
||||
files.socket.send(JSON.stringify({ action: 'sshauth', username: Q('dp2user').value, password: Q('dp2pass').value, keep: Q('dp2keep').checked }));
|
||||
} else {
|
||||
var reader = new FileReader(), username = Q('dp2user').value, keypass = Q('dp2keypass').value, keep = Q('dp2keep').checked;
|
||||
reader.onload = function (e) { files.socket.send(JSON.stringify({ action: 'sshauth', username: username, keypass: keypass, key: e.target.result, keep: keep })); }
|
||||
reader.readAsText(Q('dp2key').files[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -7072,10 +7072,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
obj.CloneSafeNode = function (node) {
|
||||
if (typeof node != 'object') { return node; }
|
||||
var r = node;
|
||||
if ((r.pmt != null) || ((r.intelamt != null) && ((r.intelamt.pass != null) || (r.intelamt.mpspass != null)))) {
|
||||
if ((r.pmt != null) || (r.ssh != null) || (r.rdp != null) || ((r.intelamt != null) && ((r.intelamt.pass != null) || (r.intelamt.mpspass != null)))) {
|
||||
r = Object.assign({}, r); // Shallow clone
|
||||
if (r.pmt != null) { r.pmt = 1; }
|
||||
if (r.ssh != null) { r.ssh = 1; }
|
||||
if (r.ssh != null) { r.ssh = (r.ssh.k != null) ? 2 : 1; }
|
||||
if (r.rdp != null) { r.rdp = 1; }
|
||||
if ((r.intelamt != null) && ((r.intelamt.pass != null) || (r.intelamt.mpspass != null))) {
|
||||
r.intelamt = Object.assign({}, r.intelamt); // Shallow clone
|
||||
|
Loading…
Reference in New Issue
Block a user