authenticating password for commands

[anthonygwil]

Hey,

I'm building out a custom page in cockpit that runs a script on the system. The problem is I'm using scp in that script to pull custom files stored on a remote server and I cant figure out how to have our system prompt the user for their password or be able to use the cockpit bridge to pass a few files.

What is the best way to accomplish this?

[martinpitt]

That is indeed a bit tricky -- the cockpit.file() API (like the general cockpit.channel() one does support a host option. This works great if you already have a trust relation to the target, i.e. SSH knows the target's host key and can use an established public/private key pair. In other words, if ssh user@host works, then you can use cockpit.file's { host: "user@host" } option.

But you mentioned that you need to prompt for a password, so supposedly you don't have an SSH key setup. Is it an option for you to use that instead of passwords? If not, then we could look into extending the API to pass a password to the channel options, but this is always a dangerous proposition: The password would be stored in clear in JavaScript's memory, and also go over the wire to cockpit-bridge and cockpit-ssh, so there is plenty of opportunity to leak it somewhere.

Or perhaps you have the option to use something else than scp, e.g. HTTP with basic auth, or without any auth and firewalling to restrict your server to the internal network?

[mvollmer]

If not, then we could look into extending the API to pass a password to the channel options [...]

This is already possible, afaik. This is how Cockpit opens a SSH connection from the Shell: opening a 'echo' channel with options like { host: "foo@bar", password: "blah" }. Once this first channel is open and there is a SSH connection for "foo@bar", subsequent channels with host: "foo@bar" will be routed over that SSH connection. (When that SSH connection is closed is maybe not so well defined, we need to look into that.)

However, it is likely that we want to move away from this (slowly). My half baked ideas right now are to give the bridge a new D-Bus API for explicitly managing SSH connections. Also, we might want to put restrictions into the router so that a page (iframe) that is loaded from a remote machine can not have its channels routed over SSH connections opened by some other page or the Shell.

[anthonygwil]

I will use an ssh key setup. I wasnt aware that we could use it in our environment and it seems like it is the easier path to take.

[mvollmer]

The problem is I'm using scp in that script to pull custom files stored on a remote server and I cant figure out how to have our system prompt the user for their password

It's reasonable to just have a normal dialog that asks for the password and to pass it to your script in some way, preferrably over stdin.
You'll have to trust the browser to not leak the password from its JavaScript heap, but that's ok imo.