Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to connect sshportal #435

Open
LeoChbiao opened this issue Jan 10, 2023 · 4 comments
Open

How to connect sshportal #435

LeoChbiao opened this issue Jan 10, 2023 · 4 comments

Comments

@LeoChbiao
Copy link

Actual Result / Problem

Hi everyone,

I am newer about the SSH protocol。After I received the connect link from my IT engineer,I used the following command:
ssh -l invite:xxxxxxxx -p 2222 172.16.0.5,Then I am required to input the password,It is very strange.
I queried in the repository,there is a reminder:
If the association fails and you are promted for a password, verify that the host you're connecting from has a SSH key set up or generate one with ssh-keygen -t rsa
At last,I created a SSH key in my own PC and executed the command again, it works.

Expected Result / Suggestion

Does anyone who can help to explain the sshportal principles?Why I need to create SSH key in my own PC for the first time
@slawdan
Copy link

slawdan commented Jan 20, 2023
edited

@LeoChbiao
It will remember your public key when you first connect your portal using -l invite:xxxxxx , of course you can specify one key using ssh -i path_to_your_key other than the default one (.ssh/id_rsa or .ssh/id_ec25519 or something else). If you do not have a key, you should set up one.

I guess, the reason why can not use password to connect portal, is password should be paired with a login name but sshportal take login name to identify your target as ssh -l your_target.

@systemmonkey42
Copy link

I guess, the reason why can not use password to connect portal, is password should be paired with a login name but sshportal take login name to identify your target as ssh -l your_target.

There is no technical reason why it can't scan the database for a user with that password, and select that user, exactly how it does for keys.. That being said, just no...

SSHPortal's "password" support is a stub which accepts a password, check if you are logging in as "healthcheck" and if so, accepts a healthcheck query. If your username is not "healthcheck", the password request is denied.

I didn't like this, because it meant anytime anyone used ssh without a key, they would get a password prompt. This has a tendency to encourage bots and hackers, so I permanently disabled it in the source.

@scarzehd
Copy link

Sorry to comment on this after so long, but I'm having the same issue. I already have an ssh key generated and creating a new one doesn't help.

@libvoid
Copy link

libvoid commented Apr 4, 2024

@scarzehd

I can't help on this specific issue but know that this project is no longer maintained. You may take a look at our fork which is up to date and includes multiple security improvements / fixes but keep in mind that our fork is on MAINTENANCE mode and only security issues and major bugs will be fixed. We don't plan to add and accept new features.

Honestly, you should consider choosing another SSH bastion :

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@slawdan @systemmonkey42 @scarzehd @LeoChbiao @libvoid