deal with ssh key expiry
Not a perfect solution, but good enough, few users will wait 10 minutes in the middle and see it expire, I hope.
This commit is contained in:
parent
f651cbd572
commit
dc72ea4ab5
3 changed files with 41 additions and 13 deletions
|
@ -21,8 +21,8 @@ can be pretty sure noone is sniffing the (localhost) connection.
|
|||
cause the webapp to read the password and forward it on. Also, set
|
||||
DISPLAY to ensure that ssh runs the program. **done**
|
||||
|
||||
Looking at ssh.exe, I think this will even work on windows; it contains the
|
||||
code to run ssh-askpass.
|
||||
Looking at ssh.exe, I think this will even work on Windows; it contains the
|
||||
code to run ssh-askpass. (It does work on Windows!)
|
||||
|
||||
### securely handling the password
|
||||
|
||||
|
@ -31,7 +31,10 @@ code to run ssh-askpass.
|
|||
is being accessed remotely, absolutely: require https.
|
||||
* Use hs-securemem to store password.
|
||||
* Avoid storing password for long. Erase it after webapp setup of remote
|
||||
is complete. Time out after 10 minutes and erase it.
|
||||
is complete. Time out after 10 minutes and erase it. **done**
|
||||
* If the user is slow, the cached ssh key can exire before they finish.
|
||||
This results in ssh being given no password, and failing. The UI
|
||||
now detects this and suggests the user retry. **done**
|
||||
* Prompt using a html field name that does not trigger web browser password
|
||||
saving if possible.
|
||||
|
||||
|
@ -58,7 +61,3 @@ if the shim cannot requst an arbitrary password prompt.
|
|||
|
||||
* test on OSX
|
||||
* test on Android
|
||||
* If the user is slow, the cached ssh key can exire before they finish.
|
||||
Currently this results in ssh being given no password, and failing.
|
||||
Either avoid time-based expiry (manually expiring when done, and how
|
||||
to detect if they gave up?) or notice this and give a sensible error.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue