sudo credential reuse doesn't work with Cockpit Client #18927
Labels
Comments
|
Affects both C and Python bridge. |
allisonkarlitskaya
added a commit
to allisonkarlitskaya/cockpit
that referenced
this issue
Jun 13, 2023
This doesn't currently work in Cockpit Client — cockpit-ws always returns the empty string as the password. Don't even attempt it. That prevents us from having to deal with the resulting transport control messages and also prevents the delayed appearance of the "Limited access" as described in cockpit-project#18927.
allisonkarlitskaya
added a commit
to allisonkarlitskaya/cockpit
that referenced
this issue
Jun 14, 2023
This doesn't currently work in Cockpit Client — cockpit-ws always returns the empty string as the password. Don't even attempt it. That prevents us from having to deal with the resulting transport control messages and also prevents the delayed appearance of the "Limited access" as described in cockpit-project#18927.
martinpitt
pushed a commit
that referenced
this issue
Jun 14, 2023
This doesn't currently work in Cockpit Client — cockpit-ws always returns the empty string as the password. Don't even attempt it. That prevents us from having to deal with the resulting transport control messages and also prevents the delayed appearance of the "Limited access" as described in #18927.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 24, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
|
In beiboot mode this works fine now, I implemented it in #19441. That doesn't apply to Client mode though, as we don't use the "nice" UI for handling user/password. So this continues to be relevant. |
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 24, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 24, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 25, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 25, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 25, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
|
@martinpitt glad you found this old issue after our conversation about it. I don't even remember having filed it. :) |
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 27, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 27, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this issue
Sep 27, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
martinpitt
added a commit
that referenced
this issue
Sep 30, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve #18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
garrett
pushed a commit
to martinpitt/cockpit
that referenced
this issue
Oct 8, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
mvollmer
pushed a commit
to mvollmer/cockpit
that referenced
this issue
Oct 9, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
SludgeGirl
pushed a commit
to Nykseli/cockpit
that referenced
this issue
Nov 12, 2024
Now that beiboot explicitly handles Basic authentication, remember the password for the superuser authorization. Split `SshPeer.transport_control_received()` into the more fine-grained `do_*` handlers. This results in cleaner, more separated, and more robust (no string comparisons any more) code. Note that this doesn't solve cockpit-project#18927 -- the Client still doesn't have a proper UI for handling passwords, and thus doesn't remember it for superuser authentication. This only works in beiboot mode.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is difficult to fix. The core issue is that ssh passwords are not provided via the usual password prompt on the login screen but rather as part of a separate dialog which comes later. This dialog might have been asking for your passphrase to unlock your local ssh key which we definitely don't want to send to the remote, and we don't have a way to tell the two cases apart.
The text was updated successfully, but these errors were encountered: