SSH Access confirmation

Rating: 
5
Your rating: None Average: 5 (10 votes)

Simple application for controlling incoming ssh cconnections. Every connection will be prompted for user confirmation or notified to user.

Settings applet in System -> Security -> SSH

Pam remote host value may contain hostname or ip depends on your network/ssh/dns configuration, so it's allowed to write anything to whitelist config and user responsible to control this himself.

Sources: https://github.com/CODeRUS/ssh-pam-access-control

Donations are welcome =)

 

 

Screenshots: 
Application versions: 
AttachmentSizeDate
ssh-pam-access-control-0.1.0-1.armv7hl.rpm100.31 KB07/02/2015 - 21:02
ssh-pam-access-control-0.2.0-1.armv7hl.rpm105.3 KB08/02/2015 - 03:22
ssh-pam-access-control-0.3.0-1.armv7hl.rpm105.72 KB11/02/2015 - 11:26
ssh-pam-access-control-0.3.6-1.armv7hl.rpm106.23 KB11/02/2015 - 13:48
Changelog: 

Updated UI to be dialog

Allowed to write anuthing to whitelist config (read application description)

Comments

Spezifish's picture

This app works good on Sailfish 2.1.2.3. Is there a bug: If I Added a IP-Adress to the whitelist, i receive no more connection warning from my mobilephone. And If i Delete this ip again, it will also shown into the whitelist again at next time. Reinstalling tages no effekt. Pleas help me.

objectifnul's picture

With SailfishX (2.1.3.5 Kymijoki) on Xperia X, settings are not saved, except "Don't ask for confirmation, only notify". The white list does not survive after the setup page is closed.

armorica's picture

App stopped working after upgrade to SailfishOS 2.1.0.11. Got it working again by unistall - install. I did uninstall the openSSH from openrepos as well, but that may not have been necessary.

I'm happy to have it working again, as I use it for a kind of 2-factor authentication. I store my (passkey secured) ssh keys on my Jolla and will scp them over (temporarily) for loading them into ssh-agent every boot of my laptop. With a locked phone, this requires the PIN to unlock it all.

In the future I will block the phone itself from making the ssh on the server. Thus you need the 2 devices together + PIN to get the connection.

SaimenSays's picture

Is there a known problem on 1.1.7? I've installed this tool first time nuw, but ssh login is possible without any notification. Also whitelist to some ip does not change anything.

groxxorg's picture

THX for this! As @meemorph said before: Very nice feature, and the sound helps to find the phone ;-)

inte's picture

App used to work but stopped working for me.

I can ssh into the phone w/o any notification nor confirmation...

 

jolla_jo's picture

I suppose it is not supposed to work when using ssh over the usb cable? At least for me it doesn't work in that case.

EDIT: Doesn't work with Wifi either. Any idea what I'm doing wrong? Am I supposed to do anything at all?

EDIT2: By "does not work" I mean it does not do anything at all. No notification, no dialog. Only thing which came to my mind was some iptables rules I added, but I suppose they shouldn't stop this thingy?

EDIT3: Yes, I double-checked the daemon is running... Is it working for everybody else?

inte's picture

I didnt work for me as long as I head a newer ssh release from openrepos installed. Works fine with the original jolla release now!

Louis's picture

What a great app. Thanks a lot :)

Sugguestions:

Enable/disable ssh service widget that can be used from settings or eventview

More options to get notified when a client wants to connect whatever it's whitelisted, needs confirmations or automatically accepted, like viberation or notifications like "your-whitelisted-ip has logged in"..

Whitelist support managed by MAC addresses

coderus's picture

no mac support, sorry. if you want to contribute - you welcome :D

will think about other suggestions some day.

bocki's picture

Thank you so much. I love it.

lkdhf's picture

Great idea, thanks!

meemorph's picture

Very nice feature, and the sound helps to find the phone ;-)