From 92e0a106f1a8af2a989624a75725e8154aa2fc79 Mon Sep 17 00:00:00 2001 From: Nathan Byrd Date: Thu, 9 Jun 2022 13:32:55 -0500 Subject: [PATCH 1/5] Updated ssh documentation --- docs/_docs/servers/loginservers/ssh.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/_docs/servers/loginservers/ssh.md b/docs/_docs/servers/loginservers/ssh.md index 45a6a3ea..38aa9022 100644 --- a/docs/_docs/servers/loginservers/ssh.md +++ b/docs/_docs/servers/loginservers/ssh.md @@ -11,15 +11,19 @@ Entries available under `config.loginServers.ssh`: | Item | Required | Description | |------|----------|-------------| | `privateKeyPem` | :-1: | Path to private key file. If not set, defaults to `./config/ssh_private_key.pem` | -| `privateKeyPass` | :+1: | Password to private key file. +| `privateKeyPass` | :+1: | Password to private key file. * | `firstMenu` | :-1: | First menu an SSH connected user is presented with. Defaults to `sshConnected`. | -| `firstMenuNewUser` | :-1: | Menu presented to user when logging in with one of the usernames found within `users.newUserNames` in your `config.hjson`. Examples include `new` and `apply`. | +| `firstMenuNewUser` | :-1: | Menu presented to user when logging in with one of the usernames found within `users.newUserNames` in your `config.hjson`. Examples include `new` and `apply`.| | `enabled` | :+1: | Set to `true` to enable the SSH server. | | `port` | :-1: | Override the default port of `8443`. | | `address` | :-1: | Sets an explicit bind address. | | `algorithms` | :-1: | Configuration block for SSH algorithms. Includes keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config_default.js`. | `traceConnections` | :-1: | Set to `true` to enable full trace-level information on SSH connections. + +* *IMPORTANT* With the `privateKeyPass` option set, make sure that you verify that the config file is not readable by other users! + + ### Example Configuration ```hjson @@ -36,17 +40,13 @@ Entries available under `config.loginServers.ssh`: ``` ## Generate a SSH Private Key -To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSL can be used for this task: +To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSH can be used for this task: -### Modern OpenSSL +### OpenSSH ```bash -openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128 +ssh-keygen -m PEM -h -f config/ssh_private_key.pem ``` -### Legacy OpenSSL -```bash -openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 -``` - -Note that you may need `-3des` for every old implementations or SSH clients! +## Prompt +The keyboard interactive prompt can be customized using a `SSHPMPT.ASC` art file. See [art](../../art/general.md) for more information on configuring. This prompt includes a `newUserNames` variable to show the list of allowed new user names (see `firstMenuNewUser` above.) See [mci](../../art/mci.md) for information about formatting this string. Note: Regardless of the content of the `SSHPMPT.ASC` file, the prompt is surrounded by "Access denied", a newline, the prompt, another newline, and then the string "\[username]'s password: ". This normally occurs after the first password prompt (no art is shown before the first password attempt is made.) From 05ab7b31ca871e775e7413f00945c2b03e1e154a Mon Sep 17 00:00:00 2001 From: Nathan Byrd Date: Sat, 11 Jun 2022 13:20:14 -0500 Subject: [PATCH 2/5] Additional description for options --- docs/_docs/servers/loginservers/ssh.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/_docs/servers/loginservers/ssh.md b/docs/_docs/servers/loginservers/ssh.md index 38aa9022..ea3f444a 100644 --- a/docs/_docs/servers/loginservers/ssh.md +++ b/docs/_docs/servers/loginservers/ssh.md @@ -47,6 +47,17 @@ To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSH ssh-keygen -m PEM -h -f config/ssh_private_key.pem ``` +Option descriptions: + +| Option | Description | +|------|-------------| +| `-m PEM` | Set the output format to `PEM`, compatible with the `ssh2` library | +| `-h` | Generate a host key | +| `-f config/ssh_private_key.pem` | Filename for the private key. Used in the `privateKeyPem` option in the configuration | + +When you execute the `ssh-keygen` command it will ask for a passphrase (and a confirmation.) This should then be used as the value for `privateKeyPass` in the configuration. + + ## Prompt The keyboard interactive prompt can be customized using a `SSHPMPT.ASC` art file. See [art](../../art/general.md) for more information on configuring. This prompt includes a `newUserNames` variable to show the list of allowed new user names (see `firstMenuNewUser` above.) See [mci](../../art/mci.md) for information about formatting this string. Note: Regardless of the content of the `SSHPMPT.ASC` file, the prompt is surrounded by "Access denied", a newline, the prompt, another newline, and then the string "\[username]'s password: ". This normally occurs after the first password prompt (no art is shown before the first password attempt is made.) From f4f47a377783a2d6c23df7859e3c541743393f28 Mon Sep 17 00:00:00 2001 From: Nathan Byrd Date: Sun, 12 Jun 2022 11:29:28 -0500 Subject: [PATCH 3/5] Added back in OpenSSL as an additional option --- docs/_docs/servers/loginservers/ssh.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/_docs/servers/loginservers/ssh.md b/docs/_docs/servers/loginservers/ssh.md index ea3f444a..a6972e0e 100644 --- a/docs/_docs/servers/loginservers/ssh.md +++ b/docs/_docs/servers/loginservers/ssh.md @@ -40,9 +40,10 @@ Entries available under `config.loginServers.ssh`: ``` ## Generate a SSH Private Key -To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSH can be used for this task: +To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSH or (with some versions) OpenSSL can be used for this task: ### OpenSSH + ```bash ssh-keygen -m PEM -h -f config/ssh_private_key.pem ``` @@ -58,6 +59,24 @@ Option descriptions: When you execute the `ssh-keygen` command it will ask for a passphrase (and a confirmation.) This should then be used as the value for `privateKeyPass` in the configuration. +### OpenSSL + +If you do not have OpenSSH installed or if you have trouble with the above OpenSSH commands, using some versions for OpenSSL (before version 3) the following commands may work as well: + + +```bash +openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128 +``` + +Or for even older OpenSSL versions: + +```bash +openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 +``` + +Note that you may need `-3des` for every old implementations or SSH clients! + + ## Prompt The keyboard interactive prompt can be customized using a `SSHPMPT.ASC` art file. See [art](../../art/general.md) for more information on configuring. This prompt includes a `newUserNames` variable to show the list of allowed new user names (see `firstMenuNewUser` above.) See [mci](../../art/mci.md) for information about formatting this string. Note: Regardless of the content of the `SSHPMPT.ASC` file, the prompt is surrounded by "Access denied", a newline, the prompt, another newline, and then the string "\[username]'s password: ". This normally occurs after the first password prompt (no art is shown before the first password attempt is made.) From 0c3240a388e78498f3a7c6fc8ce834dba15651f0 Mon Sep 17 00:00:00 2001 From: Nathan Byrd Date: Sun, 12 Jun 2022 11:31:40 -0500 Subject: [PATCH 4/5] Small wording change --- docs/_docs/servers/loginservers/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/_docs/servers/loginservers/ssh.md b/docs/_docs/servers/loginservers/ssh.md index a6972e0e..1d55299d 100644 --- a/docs/_docs/servers/loginservers/ssh.md +++ b/docs/_docs/servers/loginservers/ssh.md @@ -74,7 +74,7 @@ Or for even older OpenSSL versions: openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 ``` -Note that you may need `-3des` for every old implementations or SSH clients! +Note that you may need `-3des` for very old implementations or SSH clients! ## Prompt From fc064605ab135ac400d1e86c37763f034bba4158 Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Mon, 11 Jul 2022 23:14:48 -0600 Subject: [PATCH 5/5] Default to CP437 unless we explicitly detect a 'nix' terminal --- core/client_term.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/core/client_term.js b/core/client_term.js index fa7f8ba2..b65690e0 100644 --- a/core/client_term.js +++ b/core/client_term.js @@ -56,11 +56,10 @@ function ClientTerminal(output) { set: function (ttype) { termType = ttype.toLowerCase(); - if (this.isANSI()) { - this.outputEncoding = 'cp437'; - } else { - // :TODO: See how x84 does this -- only set if local/remote are binary + if (this.isNixTerm()) { this.outputEncoding = 'utf8'; + } else { + this.outputEncoding = 'cp437'; } // :TODO: according to this: http://mud-dev.wikidot.com/article:telnet-client-identification