warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
640 commits 47 branches 34 tags 6.5 MiB
Commit graph

128 commits

Author SHA1 Message Date
Eugene 53b0a9095b
Bump version: 0.10.1 → 0.10.2 2024-08-14 22:59:52 +02:00
Eugene fe924f31ce
fixed GHSA-vgvv-x7xg-6cqg - SSH OOM DoS through malicious packet length 2024-08-14 22:59:23 +02:00
Eugene c328127493
fixed #941 - unnecessary port in external URLs 2024-07-26 19:33:28 +02:00
Eugene a0465174a7
Bump version: 0.10.0 → 0.10.1 2024-07-26 18:18:39 +02:00
Eugene daacd55d25
fixed #972 - ssh: only offer available auth methods after a rejected public key offer 2024-07-25 12:11:25 +02:00
Eugene c83a70c730
Bump version: 0.9.1 → 0.10.0 2024-07-18 09:55:42 +02:00
Eugene 0ed2104974
bumped russh to 0.44 2024-07-18 09:49:04 +02:00
Eugene ebb6956b82
re-save ed25519 keys to fix the encoding error 2024-07-16 22:01:07 +02:00
Eugene 571abb1cb1
bumped russh to 0.44.0-beta.4 2024-07-16 21:14:28 +02:00
Eugene f07b9246a8
switch to rustls 2024-07-16 12:56:42 +02:00
Eugene 4afa979de2
bump rust some more 2024-07-16 10:40:27 +02:00
Eugene 841bbe85da
bumped rust 2024-07-10 10:55:18 +02:00
Eugene 9bfaa3a7fd
typo 2024-07-09 22:43:35 +02:00
Eugene 7df98f73e0
bumped russh 2024-07-09 22:43:14 +02:00
Néfix Estrada 9582a6e0ae
feat(ssh): make inactivity timeout configurable (#990) 
With this change, the SSH inactivity timeout is now configurable. By
default, is set at 5 minutes (300 seconds), which was the already
existing value.

Solves #943
 2024-05-31 12:52:27 +02:00
Eugene 8896bb361e
fixed #961 - added option to allow insecure ssh kex (#971) 2024-03-24 14:09:20 +01:00
Eugene 21e0008695
updated russh to 0.43 (#970) 2024-03-24 11:04:21 +01:00
Shea Smith 5551c33259
Switch OOB SSO authentication for SSH to use the instructions instead of the name (#964) 
Some SFTP clients (specifically WinSCP) truncate the name parameter for
keyboard interactive login (WinSCP specifically puts it in the
titlebar):

![image](https://github.com/warp-tech/warpgate/assets/51303984/dc90ad67-e383-4cba-8326-79f08405fde6)

This PR changes the Warpgate authentication flow to use the keyboard
interactive parameter for instructions for the primary instructions for
SSO web-based auth, instead of the name. This results in the following
UI for WinSCP:

![image](https://github.com/warp-tech/warpgate/assets/51303984/0893f9c3-8724-4a4e-8c62-3e1d1484f2f0)

Filezilla:

![image](https://github.com/warp-tech/warpgate/assets/51303984/089f7f72-73e2-4d0e-bb45-4d470b8fb39b)

and OpenSSH:

![image](https://github.com/warp-tech/warpgate/assets/51303984/02ff7fbd-4bc6-47a0-aadc-b8d32c42fb59)

Perhaps some changes to the wording may be in order (e.g. to prevent the
duplication of 'Warpgate authentication' in OpenSSH and FileZilla, but I
thought I would leave this PR as being as minimal as possible for the
meantime.
 2024-03-23 21:50:11 +01:00
Eugene 47c943d201
lint 2024-03-23 12:24:52 +01:00
Eugene 65f0056490
bumped russh (#958) 2024-03-04 10:19:41 +01:00
Eugene bcba6763ae
cargo fmt 2024-03-04 10:15:27 +01:00
Eugene 2d6621f5c8
bumped rust 2024-01-23 12:05:59 +01:00
Eugene 7e260e84e6
Bump version: 0.9.0 → 0.9.1 2023-12-18 16:24:44 +01:00
Eugene 12fdf628a5
bumped russh to fix CVE-2023-48795 2023-12-18 16:18:05 +01:00
Eugene 2bdb69e8d1
bumped russh 2023-12-12 21:47:05 +01:00
Eugene 0baf2e3b97
Bump version: 0.8.1 → 0.9.0 2023-11-23 19:41:07 +01:00
Eugene b346ca3d0b
don't suggest public key auth in the web auth API 2023-11-23 19:36:05 +01:00
Eugene 8b91e4a328
Bump version: 0.8.0 → 0.8.1 2023-09-27 22:09:03 +02:00
Eugene a4df7f7a21
fixed GHSA-3cjp-w4cp-m9c8 - interpreting SSH public key offers as a successful authentication 2023-09-27 22:08:49 +02:00
Eugene Pankov 4ecc6b653f
Bump version: 0.7.4 → 0.8.0 2023-08-20 19:06:49 +02:00
Eugene Pankov 983d0ad49b
bumped russh 2023-08-17 22:02:14 +02:00
Eugene Pankov aca8d3d515 fixed #857 - fixed default ticket expiry on MySQL, bumped sea-orm 2023-08-08 21:06:01 +02:00
Eugene Pankov d9385ca44b lint 2023-08-08 21:06:01 +02:00
Eugene Pankov 49b92cde7a fixed #855 - log client IPs and credentials used 2023-08-08 09:56:41 +02:00
Eugene Pankov 0bc9ae1b1a fixed #854 - show session details during OOB auth 2023-08-07 22:28:15 +02:00
Eugene Pankov 4eb791f189
Bump version: 0.7.3 → 0.7.4 2023-08-02 09:05:59 +02:00
Eugene Pankov dca24110f9
Bump version: 0.7.1 → 0.7.3 2023-07-10 10:23:00 +02:00
Eugene Pankov c2f1b3e1c0
lint 2023-04-20 05:01:54 -07:00
Cléo REBERT 86daf9f38e
Fix build after cargo update 
* Fix project not building after `cargo update`

* Bump totp-rs from 3.x to 5.x

* Bump sea-orm to 0.10 to 0.11

* Remove `chrono` unused features to get rid of warning during `cargo audit`
 2023-04-19 10:59:19 +02:00
Eugene Pankov 9a0d818b82
Bump version: 0.7.0 → 0.7.1 2023-03-17 09:59:11 +01:00
Eugene Pankov 6b3b49a83a
bumped russh to fix CVE-2023-28113 2023-03-17 09:58:50 +01:00
Eugene Pankov eb13e71fb3
bumped rust 2023-01-11 12:59:27 +01:00
dependabot[bot] e4c7069a94 Bump sea-orm from 0.10.5 to 0.10.6 
Bumps [sea-orm](https://github.com/SeaQL/sea-orm) from 0.10.5 to 0.10.6.
- [Release notes](https://github.com/SeaQL/sea-orm/releases)
- [Changelog](https://github.com/SeaQL/sea-orm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SeaQL/sea-orm/compare/0.10.5...0.10.6)

---
updated-dependencies:
- dependency-name: sea-orm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-09 21:33:37 +01:00
Eugene Pankov a4e3931675
cleanup 2023-01-09 09:22:25 +01:00
Eugene Pankov 399f811283
fixed RSA auth with signature algorithm mismatch 2023-01-08 21:24:50 +01:00
Eugene Pankov f4aeaf63a4
bumped russh 2023-01-08 20:37:15 +01:00
Eugene Pankov 56ffb22fca
Merge branch 'main' of https://github.com/warp-tech/warpgate 2022-12-14 22:22:34 +01:00
dependabot[bot] fb0223679b Bump bytes from 1.2.1 to 1.3.0 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/commits)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-14 22:15:13 +01:00
dependabot[bot] 8354643e3f Bump sea-orm from 0.10.3 to 0.10.5 
Bumps [sea-orm](https://github.com/SeaQL/sea-orm) from 0.10.3 to 0.10.5.
- [Release notes](https://github.com/SeaQL/sea-orm/releases)
- [Changelog](https://github.com/SeaQL/sea-orm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SeaQL/sea-orm/compare/0.10.3...0.10.5)

---
updated-dependencies:
- dependency-name: sea-orm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-14 22:14:15 +01:00
Eugene Pankov 94c5faf493
bumped russh 2022-12-14 22:05:15 +01:00