Fix lockdown

Author: phrocker

.local.env

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.264
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.84
+SSHPROXY_VERSION=1.0.87

.local.env.bak

@@ -6,4 +6,4 @@ SENTRIUS_AI_AGENT_VERSION=1.1.264
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
 AGENTPROXY_VERSION=1.0.85
-SSHPROXY_VERSION=1.0.84
+SSHPROXY_VERSION=1.0.87

ssh-proxy/src/main/java/io/sentrius/sso/sshproxy/handler/ShellHandlerRunnable.java

@@ -63,7 +63,6 @@ public void run() {
 
                 int bytesRead = in.read(buffer);
                 if (bytesRead == -1) {
-                    log.info("End of stream");
                     // EOF reached
                     break;
                 }
@@ -79,19 +78,16 @@ public void run() {
 
                     // Process input character and send audit log
                     if (c >= 32 && c <= 126) {
-                        log.info("Processing printable character: {}", c);
+                        log.trace("Processing printable character: {}", c);
                         // Printable characters
                         auditLog.setCommand(String.valueOf(c));
                         commandBuffer.get().append(c);
-                        log.info("85");
                         auditLog.setType(Session.MessageType.USER_DATA);
                         auditLog.setKeycode(-1);
-                        log.info("87");
                         getSshListenerService().processTerminalMessage(
                             sessionRoute.getCurrent().get(),
                             auditLog.build()
                         );
-                        log.info("94");
                         log.info("Appending printable character to command buffer: {}", c);
                         auditLog = Session.TerminalMessage.newBuilder();
                     } else {
@@ -133,7 +129,7 @@ public void run() {
                                 sessionRoute.getCurrent().get().getTerminalAuditor().setSessionTrigger(noActionTrigger);
                             }
 
-                            log.info("Sending terminal keycode to session");
+                            log.debug("Sending terminal keycode to session");
 
                             getSshListenerService().processTerminalMessage(
                                 sessionRoute.getCurrent().get(),

ssh-proxy/src/main/java/io/sentrius/sso/sshproxy/handler/SshProxyShell.java

@@ -5,6 +5,7 @@
 import java.io.OutputStream;
 import java.security.GeneralSecurityException;
 import java.util.concurrent.Future;
+import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.model.ConnectedSystem;
 import io.sentrius.sso.core.model.HostSystem;
 import io.sentrius.sso.core.services.SshListenerService;
@@ -57,6 +58,7 @@ public class SshProxyShell implements Command {
     private ShellHandlerRunnable shellHandler;
 
 
+
     private final ThreadPoolTaskExecutor taskExecutor;  // inject this
     private Future<?> shellFuture = null;
 
@@ -93,7 +95,6 @@ public void setInputStream(InputStream in) {
     @Override
     public void setOutputStream(OutputStream out) {
         this.out = out;
-        log.info("Setting output stream");
         sessionRoute.setOutputStream(out);
     }
 

ssh-proxy/src/main/java/io/sentrius/sso/sshproxy/handler/SshProxyShellHandler.java

@@ -1,5 +1,7 @@
 package io.sentrius.sso.sshproxy.handler;
 
+import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.config.ThreadSafeDynamicPropertiesService;
 import io.sentrius.sso.core.model.ConnectedSystem;
 import io.sentrius.sso.core.services.ChatService;
 import io.sentrius.sso.core.services.HostGroupService;
@@ -53,6 +55,7 @@ public class SshProxyShellHandler implements Factory<Command> {
     final TerminalService terminalService;
     final UserService userService;
 
+    final ThreadSafeDynamicPropertiesService systemOptions;
 
 
     @Qualifier("taskExecutor") // Specify the custom task executor to use
@@ -61,6 +64,9 @@ public class SshProxyShellHandler implements Factory<Command> {
 
     @Override
     public Command create() {
+        if (Boolean.valueOf( systemOptions.getProperty("lockdownEnabled", "false"))) {
+            throw new RuntimeException("SSH access is disabled by system lockdown");
+        }
         var sessionRoute =
             SessionRoute.builder().sshListenerService(sshListenerService).terminalSessionMetadataService(terminalSessionMetadataService).cryptoService(cryptoService).hostGroupService(hostGroupService).terminalService(terminalService).sessionService(sessionService).build();
         return new SshProxyShell(