crichardson/enigma-bbs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92e0a106f1a8af2a989624a75725e8154aa2fc79
enigma-bbs/docs/_docs/servers/loginservers/ssh.md
Nathan Byrd 92e0a106f1 Updated ssh documentation
2022-06-09 13:32:55 -05:00

2.5 KiB
Raw Blame History

layout, title
layout title
page SSH Server

SSH Login Server

The ENiGMA½ SSH login server allows secure user logins over SSH (ssh://).

Configuration

Entries available under config.loginServers.ssh:

Item Required Description
privateKeyPem 👎 Path to private key file. If not set, defaults to ./config/ssh_private_key.pem
privateKeyPass 👍 Password to private key file. *
firstMenu 👎 First menu an SSH connected user is presented with. Defaults to sshConnected.
firstMenuNewUser 👎 Menu presented to user when logging in with one of the usernames found within users.newUserNames in your config.hjson. Examples include new and apply.
enabled 👍 Set to true to enable the SSH server.
port 👎 Override the default port of 8443.
address 👎 Sets an explicit bind address.
algorithms 👎 Configuration block for SSH algorithms. Includes keys of kex, cipher, hmac, and compress. See the algorithms section in the ssh2-streams documentation for details. For defaults set by ENiGMA½, see core/config_default.js.
traceConnections 👎 Set to true to enable full trace-level information on SSH connections.
  • IMPORTANT With the privateKeyPass option set, make sure that you verify that the config file is not readable by other users!

Example Configuration

{
    loginServers: {
        ssh: {
            enabled: true
            port: 8889
            privateKeyPem: /path/to/ssh_private_key.pem
            privateKeyPass: sup3rs3kr3tpa55
        }
    }
}

Generate a SSH Private Key

To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSH can be used for this task:

OpenSSH

ssh-keygen -m PEM -h -f config/ssh_private_key.pem

Prompt

The keyboard interactive prompt can be customized using a SSHPMPT.ASC art file. See art for more information on configuring. This prompt includes a newUserNames variable to show the list of allowed new user names (see firstMenuNewUser above.) See mci for information about formatting this string. Note: Regardless of the content of the SSHPMPT.ASC file, the prompt is surrounded by "Access denied", a newline, the prompt, another newline, and then the string "[username]'s password: ". This normally occurs after the first password prompt (no art is shown before the first password attempt is made.)

Reference in New Issue View Git Blame Copy Permalink