Merge branch 'master' of https://github.com/krishnasrinivas/wetty

Dockerfile

@@ -2,8 +2,9 @@ FROM node:8-alpine
 MAINTAINER butlerx@notthe.cloud
 WORKDIR /app
 RUN adduser -D -h /home/term -s /bin/sh term && \
-  echo "term:term" | chpasswd
+    ( echo "term:term" | chpasswd ) && \
+    apk add --update build-base python openssh-client
 EXPOSE 3000
 COPY . /app
-RUN apk add --update build-base python openssh && yarn
-CMD yarn start
+RUN yarn
+CMD node bin 

cli.mjs

@@ -29,6 +29,10 @@ const opts = optimist
       demand     : false,
       description: 'defaults to "password", you can use "publickey,password" instead',
     },
+    sshkey: {
+      demand     : false,
+      description: 'path to an optional client private key (connection will be password-less and insecure!)',
+    },
     port: {
       demand     : false,
       alias      : 'p',
@@ -51,6 +55,7 @@ const sshuser = opts.sshuser || process.env.SSHUSER || '';
 const sshhost = opts.sshhost || process.env.SSHHOST || 'localhost';
 const sshauth = opts.sshauth || process.env.SSHAUTH || 'password,keyboard-interactive';
 const sshport = opts.sshport || process.env.SSHPORT || 22;
+const sshkey  = opts.sshkey  || process.env.SSHKEY  || '';
 const port = opts.port || process.env.PORT || 3000;
 
 loadSSL(opts)
@@ -62,11 +67,21 @@ loadSSL(opts)
     process.exit(1);
   });
 
+const sshkeyWarning =
+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+! Password-less auth enabled using private key from \'%s\'.
+! This is dangerous, anything that reaches the wetty server
+! will be able to run remote operations without authentication.
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!`;
+if(sshkey) {
+  console.warn(sshkeyWarning);
+}
+
 process.on('uncaughtException', err => {
   console.error(`Error: ${err}`);
 });
 
-const tty = wetty(port, sshuser, sshhost, sshport, sshauth, opts.ssl);
+const tty = wetty(port, sshuser, sshhost, sshport, sshauth, sshkey, opts.ssl);
 tty.on('exit', code => {
   console.log(`exit with code: ${code}`);
 });

wetty.mjs

@@ -36,33 +36,37 @@ function createServer(port, sslopts) {
     });
 }
 
-function getCommand(socket, sshuser, sshhost, sshport, sshauth) {
+function getCommand(socket, sshuser, sshhost, sshport, sshauth, sshkey) {
   const { request } = socket;
   const match = request.headers.referer.match('.+/ssh/.+$');
   const sshAddress = sshuser ? `${sshuser}@${sshhost}` : sshhost;
   const ssh = match ? `${match[0].split('/ssh/').pop()}@${sshhost}` : sshAddress;
+  const sshRemoteOptsBase = [
+                            path.join(__dirname, 'bin/ssh'),
+                            ssh,
+                            '-p',
+                            sshport,
+                            '-o',
+                            `PreferredAuthentications=${sshauth}`,
+                            ]
+  const sshRemoteOpts = sshkey ? sshRemoteOptsBase.concat(['-i', sshkey])
+                               : sshRemoteOptsBase
 
   return [
     process.getuid() === 0 && sshhost === 'localhost'
       ? ['login', '-h', socket.client.conn.remoteAddress.split(':')[3]]
-      : [
-        path.join(__dirname, 'bin/ssh'),
-        ssh,
-        '-p',
-        sshport,
-        '-o',
-        `PreferredAuthentications=${sshauth}`,
-      ],
+      : sshRemoteOpts
+      ,
     ssh,
   ];
 }
 
-export default function start(port, sshuser, sshhost, sshport, sshauth, sslopts) {
+export default function start(port, sshuser, sshhost, sshport, sshauth, sshkey, sslopts) {
   const events = new EventEmitter();
   const io = server(createServer(port, sslopts), { path: '/wetty/socket.io' });
   io.on('connection', socket => {
     console.log(`${new Date()} Connection accepted.`);
-    const [args, ssh] = getCommand(socket, sshuser, sshhost, sshport, sshauth);
+    const [args, ssh] = getCommand(socket, sshuser, sshhost, sshport, sshauth, sshkey);
     const term = spawn('/usr/bin/env', args, {
       name: 'xterm-256color',
       cols: 80,