non-app specific terminal
-
I ran into an issue with my server today and had to access SSH. I haven't used SSH in a while so it wasn't apparent to me off-hand but figured it out soon after. Is it possible to have a terminal in the dashboard for faster access?
It just occurred to me that having such a terminal might open up the server for abuse. In any case, a penny for your thoughts.
-
I ran into an issue with my server today and had to access SSH. I haven't used SSH in a while so it wasn't apparent to me off-hand but figured it out soon after. Is it possible to have a terminal in the dashboard for faster access?
It just occurred to me that having such a terminal might open up the server for abuse. In any case, a penny for your thoughts.
@humptydumpty said in non-app specific terminal:
It just occurred to me that having such a terminal might open up the server for abuse. In any case, a penny for your thoughts.
Right, this is the reason it's not implemented. Providing SSH access through web interface is risky. In most cases, the VPS providers provide this though. Atleast, this is there on linode/vultr/DO/AWS etc.
-
@humptydumpty said in non-app specific terminal:
It just occurred to me that having such a terminal might open up the server for abuse. In any case, a penny for your thoughts.
Right, this is the reason it's not implemented. Providing SSH access through web interface is risky. In most cases, the VPS providers provide this though. Atleast, this is there on linode/vultr/DO/AWS etc.
@girish I haven’t come across this feature with Contabo but like you said, DO has it. I have the server info saved in Putty and found the password in my vault. This is on my desktop at home that’s why I found it. I would have been out of luck if I were using my laptop or work computers. Any multi device solution other than manually saving the server info on all devices?
-
@girish I haven’t come across this feature with Contabo but like you said, DO has it. I have the server info saved in Putty and found the password in my vault. This is on my desktop at home that’s why I found it. I would have been out of luck if I were using my laptop or work computers. Any multi device solution other than manually saving the server info on all devices?
@humptydumpty said in non-app specific terminal:
Any multi device solution other than manually saving the server info on all devices?
Store everything you need in Vaultwarden?
-
@humptydumpty said in non-app specific terminal:
Any multi device solution other than manually saving the server info on all devices?
Store everything you need in Vaultwarden?
@jdaviescoates the whole process of using SSH isn’t drilled in my head and to make things worse, I use SSH once a year at most. I wouldn’t have remembered if i didn’t see the putty icon pinned in the start menu in windows. A web gui of some sort would be better if it’s in my CR dashboard.
-
@jdaviescoates the whole process of using SSH isn’t drilled in my head and to make things worse, I use SSH once a year at most. I wouldn’t have remembered if i didn’t see the putty icon pinned in the start menu in windows. A web gui of some sort would be better if it’s in my CR dashboard.
@humptydumpty said in non-app specific terminal:
A web gui of some sort would be better if it’s in my CR dashboard.
Not when someone nefarious gains access to your dashboard.
I vote to keep things as they are. Like you say, needing SSH access is pretty rare when running Cloudron so methinks it's not worth reducing security for such rare occurrences
-
@humptydumpty said in non-app specific terminal:
A web gui of some sort would be better if it’s in my CR dashboard.
Not when someone nefarious gains access to your dashboard.
I vote to keep things as they are. Like you say, needing SSH access is pretty rare when running Cloudron so methinks it's not worth reducing security for such rare occurrences
@jdaviescoates it shouldn’t be any less secure if we still had to log in. If the dashboard is compromised then we’re screwed anyway. Also, the app terminals aren’t pass protected. They’re logged in and ready to go (for me at least).
-
Basically what I’m advocating for is a terminal to log into from the dashboard, something to replace Putty. When a crisis hits, you’re not thinking straight and having one less issue to solve would be nice. While we’re at it, maybe secure the app terminals with a login. Like ask for the admin password again, perhaps?
-
@jdaviescoates it shouldn’t be any less secure if we still had to log in. If the dashboard is compromised then we’re screwed anyway. Also, the app terminals aren’t pass protected. They’re logged in and ready to go (for me at least).
@humptydumpty said in non-app specific terminal:
If the dashboard is compromised then we’re screwed anyway.
@humptydumpty said in non-app specific terminal:
When a crisis hits, you’re not thinking straight and having one less issue to solve would be nice.
Fair points, I guess.
But presumably there are good reasons @girish has thought of that mean adding this would still potentially be a security issue?
-
@humptydumpty said in non-app specific terminal:
If the dashboard is compromised then we’re screwed anyway.
@humptydumpty said in non-app specific terminal:
When a crisis hits, you’re not thinking straight and having one less issue to solve would be nice.
Fair points, I guess.
But presumably there are good reasons @girish has thought of that mean adding this would still potentially be a security issue?
@jdaviescoates i agree and realized that after writing my initial request. However, your post made me remember that terminal apps aren’t protected so how much more harm can a root terminal do with an already compromised dashboard. Food for thought
