partial authentication in ctl websocket

2025-03-13 09:43:17 +09:00
parent 8105545e98
commit 4d3fb7db65
3 changed files with 39 additions and 4 deletions
--- a/server-pxy.go
+++ b/server-pxy.go
@ -595,6 +595,10 @@ func (pxy *server_pxy_ssh_ws) connect_ssh (ctx context.Context, username string,
 	var out io.Reader // ooutput from target
 	var err error

+	// [NOTE]
+	// There is no authentication implemented for this websocket endpoint
+	// I suppose authentication should be done at the ssh layer.
+	// However, this can open doors to DoS attacks.
 	cc = &ssh.ClientConfig{
 		User: username,
 		Auth: []ssh.AuthMethod{ ssh.Password(password) },