[PR #16] [CLOSED] feat: Add SSH key authentication support #118

New Issue

Closed

opened 2025-11-20 04:12:55 -05:00 by saavagebueno · 0 comments

saavagebueno commented 2025-11-20 04:12:55 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/16
Author: @RXWatcher
Created: 10/3/2025
Status: ❌ Closed

Base: development ← Head: feat/ssh-key-authentication

---

📝 Commits (3)

• 5823e54 Add GitHub templates and configuration (#8)
• 5582d28 Update note from 'beat' to 'beta' in README
• be65cee feat: Add SSH key authentication support

📊 Changes

12 files changed (+740 additions, -150 deletions)

View changed files

➕ .github/CODEOWNERS (+15 -0)
➕ .github/ISSUE_TEMPLATE/bug_report.yml (+50 -0)
➕ .github/ISSUE_TEMPLATE/feature_request.yml (+33 -0)
➕ .github/pull_request_template.md (+24 -0)
📝 README.md (+1 -1)
📝 src/app/_components/ServerForm.tsx (+80 -4)
📝 src/app/api/servers/[id]/route.ts (+19 -4)
📝 src/app/api/servers/route.ts (+19 -4)
📝 src/server/database.js (+11 -9)
📝 src/server/ssh-execution-service.js (+294 -106)
📝 src/server/ssh-service.js (+188 -20)
📝 src/types/server.ts (+6 -2)

📄 Description

Summary

• Adds SSH key authentication as an alternative to password authentication for Proxmox servers
• Resolves issues with servers that have password SSH authentication disabled
• Maintains full backward compatibility with existing password authentication

Changes Made

Backend Infrastructure

• Database Schema: Added ssh_key and auth_method fields to servers table with proper constraints
• SSH Services: Updated all SSH-related services to support both authentication methods
• Security: Implemented secure temporary SSH key file handling with proper permissions (0600) and automatic cleanup
• Type Safety: Added comprehensive TypeScript type definitions and validation

Frontend Enhancements

• Dynamic UI: Added authentication method selector with conditional form fields
• Validation: Implemented SSH key format validation and comprehensive error handling
• User Experience: Clear instructions and helpful error messages for both auth methods

API Updates

• Endpoints: Updated all server CRUD operations to handle new authentication fields
• Validation: Added proper server-side validation for authentication methods and credentials
• Compatibility: Maintains backward compatibility with existing password-based configurations

Technical Details

Authentication Flow

1. Password Authentication: Uses sshpass for password-based connections (existing behavior)
2. SSH Key Authentication: Creates temporary key files with secure permissions, authenticates, then cleans up
3. Validation: Both connection testing and script execution support both methods seamlessly

Security Features

• SSH private keys are stored temporarily with 0600 permissions
• Automatic cleanup of temporary key files on completion or error
• Path validation and access controls maintained
• Input sanitization and validation for both auth methods

Database Migration

The changes include automatic database schema updates that add the new fields while preserving existing data. No manual migration required.

Test Plan

• Build verification: TypeScript compilation and linting passes
• Form validation: Both password and SSH key validation working
• API validation: Server-side validation for all auth method combinations
• Backward compatibility: Existing password-based servers continue to work
• Security: Temporary key files created with proper permissions and cleaned up

Breaking Changes

None - this is a fully backward-compatible enhancement.

🤖 Generated with Claude Code

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/16 **Author:** [@RXWatcher](https://github.com/RXWatcher) **Created:** 10/3/2025 **Status:** ❌ Closed **Base:** `development` ← **Head:** `feat/ssh-key-authentication` --- ### 📝 Commits (3) - [`5823e54`](https://github.com/community-scripts/ProxmoxVE-Local/commit/5823e544641c3fcbbbdacf0f945e0cb60d674162) Add GitHub templates and configuration (#8) - [`5582d28`](https://github.com/community-scripts/ProxmoxVE-Local/commit/5582d288d708dac7557b0e89935c923c02cb69af) Update note from 'beat' to 'beta' in README - [`be65cee`](https://github.com/community-scripts/ProxmoxVE-Local/commit/be65cee6adfa19d922bb42b4dc3654262fdb4fd3) feat: Add SSH key authentication support ### 📊 Changes **12 files changed** (+740 additions, -150 deletions) <details> <summary>View changed files</summary> ➕ `.github/CODEOWNERS` (+15 -0) ➕ `.github/ISSUE_TEMPLATE/bug_report.yml` (+50 -0) ➕ `.github/ISSUE_TEMPLATE/feature_request.yml` (+33 -0) ➕ `.github/pull_request_template.md` (+24 -0) 📝 `README.md` (+1 -1) 📝 `src/app/_components/ServerForm.tsx` (+80 -4) 📝 `src/app/api/servers/[id]/route.ts` (+19 -4) 📝 `src/app/api/servers/route.ts` (+19 -4) 📝 `src/server/database.js` (+11 -9) 📝 `src/server/ssh-execution-service.js` (+294 -106) 📝 `src/server/ssh-service.js` (+188 -20) 📝 `src/types/server.ts` (+6 -2) </details> ### 📄 Description ## Summary - Adds SSH key authentication as an alternative to password authentication for Proxmox servers - Resolves issues with servers that have password SSH authentication disabled - Maintains full backward compatibility with existing password authentication ## Changes Made ### Backend Infrastructure - **Database Schema**: Added `ssh_key` and `auth_method` fields to servers table with proper constraints - **SSH Services**: Updated all SSH-related services to support both authentication methods - **Security**: Implemented secure temporary SSH key file handling with proper permissions (0600) and automatic cleanup - **Type Safety**: Added comprehensive TypeScript type definitions and validation ### Frontend Enhancements - **Dynamic UI**: Added authentication method selector with conditional form fields - **Validation**: Implemented SSH key format validation and comprehensive error handling - **User Experience**: Clear instructions and helpful error messages for both auth methods ### API Updates - **Endpoints**: Updated all server CRUD operations to handle new authentication fields - **Validation**: Added proper server-side validation for authentication methods and credentials - **Compatibility**: Maintains backward compatibility with existing password-based configurations ## Technical Details ### Authentication Flow 1. **Password Authentication**: Uses `sshpass` for password-based connections (existing behavior) 2. **SSH Key Authentication**: Creates temporary key files with secure permissions, authenticates, then cleans up 3. **Validation**: Both connection testing and script execution support both methods seamlessly ### Security Features - SSH private keys are stored temporarily with 0600 permissions - Automatic cleanup of temporary key files on completion or error - Path validation and access controls maintained - Input sanitization and validation for both auth methods ### Database Migration The changes include automatic database schema updates that add the new fields while preserving existing data. No manual migration required. ## Test Plan - [x] Build verification: TypeScript compilation and linting passes - [x] Form validation: Both password and SSH key validation working - [x] API validation: Server-side validation for all auth method combinations - [x] Backward compatibility: Existing password-based servers continue to work - [x] Security: Temporary key files created with proper permissions and cleaned up ## Breaking Changes None - this is a fully backward-compatible enhancement. 🤖 Generated with [Claude Code](https://claude.ai/code) --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

saavagebueno added the pull-request label 2025-11-20 04:12:55 -05:00

saavagebueno closed this issue 2025-11-20 04:12:55 -05:00

saavagebueno referenced this issue 2025-11-20 04:13:27 -05:00

[PR #118] [MERGED] feat: Add backup and restore functionality for scripts directories #197

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/eslint-10.1.0

dependabot/npm_and_yarn/baseline-browser-mapping-2.10.12

dependabot/npm_and_yarn/prisma/client-7.6.0

dependabot/npm_and_yarn/vitest-4.1.2

dependabot/npm_and_yarn/trpc/server-11.16.0

update-version-v0.5.7

preserve_images

feature/pocketbase-migration

update-version-v0.5.6

fix/466

fix/405

fix/464

fix/312

fix/362

fix/438

fix/404

fix/365

feat/406

feat/419

feat/447

update_january_core

fix/465

fix/398

update-version-v0.5.5

MickLesk-patch-2

get_update_script

update-version-v0.5.4

fixes_update

update-version-v0.5.3

fix_db_initialization

update_footer

update_core

alert-autofix-4

update-version-v0.5.2

feat/use_new_core_features

feat/core_bump

fix/source-calls-path-resolution

update-version-v0.5.1

feat/clone_lxc_vm

fix/352

fix/357_356

update-version-v0.5.0

bugfixing_bumps

fix/vm_detection

fix/some_small_thnigs

fix/update_script

node24_securityfix

update-version-v0.4.13

MickLesk-patch-1

update-version-v0.4.12

bump_pve91

feat/lxc_backups

fix/320

localization

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.13

v0.4.12

v0.4.11

v0.4.10.3

v0.4.10.2

v0.4.10.1

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

enhancement

enhancement

feature

in progress

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE-Local#118