Skip to content

feat: Add SSH key authentication support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add SSH key authentication support #1

wants to merge 1 commit into from

Conversation

@RXWatcher
Copy link
Owner

@RXWatcher RXWatcher commented Oct 4, 2025

Summary

  • Adds SSH key authentication as an alternative to password authentication for Proxmox servers
  • Resolves issues with servers that have password SSH authentication disabled
  • Maintains full backward compatibility with existing password authentication

Changes Made

Backend Infrastructure

  • Database Schema: Added ssh_key and auth_method fields to servers table with proper constraints
  • SSH Services: Updated all SSH-related services to support both authentication methods
  • Security: Implemented secure temporary SSH key file handling with proper permissions (0600) and automatic cleanup
  • Type Safety: Added comprehensive TypeScript type definitions and validation

Frontend Enhancements

  • Dynamic UI: Added authentication method selector with conditional form fields
  • Validation: Implemented SSH key format validation and comprehensive error handling
  • User Experience: Clear instructions and helpful error messages for both auth methods

API Updates

  • Endpoints: Updated all server CRUD operations to handle new authentication fields
  • Validation: Added proper server-side validation for authentication methods and credentials
  • Compatibility: Maintains backward compatibility with existing password-based configurations

Technical Details

Authentication Flow

  1. Password Authentication: Uses sshpass for password-based connections (existing behavior)
  2. SSH Key Authentication: Creates temporary key files with secure permissions, authenticates, then cleans up
  3. Validation: Both connection testing and script execution support both methods seamlessly

Security Features

  • SSH private keys are stored temporarily with 0600 permissions
  • Automatic cleanup of temporary key files on completion or error
  • Path validation and access controls maintained
  • Input sanitization and validation for both auth methods

Database Migration

The changes include automatic database schema updates that add the new fields while preserving existing data. No manual migration required.

Test Plan

  • Build verification: TypeScript compilation and linting passes
  • Form validation: Both password and SSH key validation working
  • API validation: Server-side validation for all auth method combinations
  • Backward compatibility: Existing password-based servers continue to work
  • Security: Temporary key files created with proper permissions and cleaned up

Breaking Changes

None - this is a fully backward-compatible enhancement.

🤖 Generated with Claude Code

@claude
feat: Add SSH key authentication support
be65cee 
- Add SSH key authentication as alternative to password auth
- Update database schema to support auth_method and ssh_key fields
- Implement secure SSH key handling with temporary files and cleanup
- Add dual authentication UI with method selector in server form
- Update all SSH services to support both password and key auth
- Add comprehensive validation for SSH key format and auth methods
- Maintain backward compatibility with existing password auth
- Add proper TypeScript types and error handling

Resolves issues with servers that have password SSH authentication disabled.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RXWatcher