Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with Session PublicKey Availability and Client Access in Wish #225

Closed
tartavull opened this issue Jan 16, 2024 · 2 comments
Closed

Issue with Session PublicKey Availability and Client Access in Wish #225

tartavull opened this issue Jan 16, 2024 · 2 comments
Labels
documentation Improvements or additions to documentation

Comments

@tartavull
Copy link

Hello charmbracelet/wish team,

I've been working on a project where I initially developed a login form that validates username and password against a single-sign-on server. To enhance the user experience by reducing the need for frequent logins, I stored the session.PublicKey() for automatic authentication post a successful login, as per the example in your documentation.

However, I encountered an issue where session.PublicKey() was returning empty. To resolve this, I added the following:

wish.WithPublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
    return true
}),

This change successfully allowed me to access the public key, but it introduced a new problem. Now, clients without a public key cannot connect, receiving a Permission denied (publickey) error.

Is there a way to configure the system so that I can both access the public key for users who have it, and still allow clients who don't support public keys to connect? Ideally, I want to support both types of clients without compromising the convenience of automatic authentication for those who can use public keys.

Any guidance or suggestions you can provide would be greatly appreciated!
@caarlos0
Copy link
Member

you can provide both the public key auth and the password auth handlers, e.g.:

	s, err := wish.NewServer(
		wish.WithAddress(fmt.Sprintf("%s:%d", host, port)),
		wish.WithHostKeyPath(".ssh/term_info_ed25519"),
		wish.WithPublicKeyAuth(func(ssh.Context, ssh.PublicKey) bool {
			log.Info("pubkey")
			return false
		}),
		wish.WithPasswordAuth(func(ssh.Context, string) bool {
			log.Info("password")
			return true
		}),
		wish.WithMiddleware(
			logging.Middleware(),
			func(h ssh.Handler) ssh.Handler {
				return func(s ssh.Session) {
					wish.Println(s, "Hello!")
					h(s)
				}
			},
		),
	)

in this case, pubkey auth will always fail, and then it'll fallback to password auth.

hope this helps 🙏

@caarlos0 caarlos0 added the documentation Improvements or additions to documentation label Jan 16, 2024
@caarlos0
Copy link
Member

pushed a full example: https://github.com/charmbracelet/wish/blob/main/examples/multi-auth/main.go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caarlos0 @tartavull