[PR #97] [MERGED] feat: Add SSH key authentication and custom port support #181

New Issue

Closed

opened 2025-11-20 04:13:23 -05:00 by saavagebueno · 0 comments

saavagebueno commented 2025-11-20 04:13:23 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/97
Author: @michelroegl-brunner
Created: 10/10/2025
Status: ✅ Merged
Merged: 10/10/2025
Merged by: @michelroegl-brunner

Base: main ← Head: feat/ssh-key-authentication

---

📝 Commits (2)

• 1285cda feat: Add SSH key authentication and custom port support
• d19bfb7 fix: Resolve TypeScript build errors and improve type safety

📊 Changes

9 files changed (+984 additions, -141 deletions)

View changed files

➕ src/app/_components/SSHKeyInput.tsx (+191 -0)
📝 src/app/_components/ServerForm.tsx (+130 -11)
📝 src/app/api/servers/[id]/route.ts (+52 -4)
📝 src/app/api/servers/route.ts (+52 -4)
📝 src/server/database.js (+55 -8)
📝 src/server/ssh-execution-service.js (+313 -84)
📝 src/server/ssh-service.js (+180 -27)
📝 src/types/server.ts (+10 -2)
📝 update.sh (+1 -1)

📄 Description

Overview

This PR adds comprehensive SSH key authentication support and custom SSH port configuration to the PVE Scripts Local application.

Features Added

🔐 SSH Key Authentication

• Multiple authentication methods: Password-only, SSH key-only, or both
• Flexible key input: Upload private key files or paste key content directly
• Passphrase support: Handle encrypted SSH keys with optional passphrases
• Secure key handling: Temporary files with proper permissions (0600) and automatic cleanup

🔌 Custom SSH Port Support

• Configurable ports: Default to port 22, but allow any valid port (1-65535)
• Database integration: Store custom ports in server configuration
• Full compatibility: Works with all SSH operations (testing, execution, file transfer)

Technical Implementation

Database Schema Updates

• Added auth_type column: password | key | both
• Added ssh_key column: Stores private key content
• Added ssh_key_passphrase column: Optional encrypted passphrase
• Added ssh_port column: Custom SSH port (default: 22)
• Backward-compatible migrations for existing servers

Backend Services

• SSH Service: Enhanced connection testing with key authentication
• SSH Execution Service: Script execution and file transfer with key auth
• Security: Proper temporary file management and cleanup
• Error Handling: Clear distinction between password and key auth failures

Frontend Components

• SSHKeyInput Component: Reusable component for key upload/paste
• ServerForm Updates: Dynamic form fields based on auth type
• Validation: SSH key format validation and port range validation
• UX: Clear authentication method selection and field visibility

API Routes

• Server Creation: Handle new authentication fields and validation
• Server Updates: Support changing authentication methods
• Connection Testing: Test both password and key authentication

Security Considerations

✅ Implemented Security Measures:

• Temporary key files created with 0600 permissions
• Automatic cleanup of temporary files after operations
• No logging or exposure of private keys in error messages
• SSH key format validation before storage
• Proper null checks and type safety

Testing

• ✅ Build process passes with no TypeScript errors
• ✅ All authentication methods tested (password, key, both)
• ✅ Custom port support verified across all SSH operations
• ✅ Backward compatibility maintained for existing servers

Breaking Changes

None - this is fully backward compatible. Existing servers will continue to work with password authentication.

Migration

Existing servers automatically migrate to use auth_type=password and ssh_port=22 with no user intervention required.

---

Ready for review and testing! 🚀

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/97 **Author:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Created:** 10/10/2025 **Status:** ✅ Merged **Merged:** 10/10/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `feat/ssh-key-authentication` --- ### 📝 Commits (2) - [`1285cda`](https://github.com/community-scripts/ProxmoxVE-Local/commit/1285cda3a56e2b2122e879024866daef1f74f323) feat: Add SSH key authentication and custom port support - [`d19bfb7`](https://github.com/community-scripts/ProxmoxVE-Local/commit/d19bfb78f51a364401daa2fdff6b56ef040647b1) fix: Resolve TypeScript build errors and improve type safety ### 📊 Changes **9 files changed** (+984 additions, -141 deletions) <details> <summary>View changed files</summary> ➕ `src/app/_components/SSHKeyInput.tsx` (+191 -0) 📝 `src/app/_components/ServerForm.tsx` (+130 -11) 📝 `src/app/api/servers/[id]/route.ts` (+52 -4) 📝 `src/app/api/servers/route.ts` (+52 -4) 📝 `src/server/database.js` (+55 -8) 📝 `src/server/ssh-execution-service.js` (+313 -84) 📝 `src/server/ssh-service.js` (+180 -27) 📝 `src/types/server.ts` (+10 -2) 📝 `update.sh` (+1 -1) </details> ### 📄 Description ## Overview This PR adds comprehensive SSH key authentication support and custom SSH port configuration to the PVE Scripts Local application. ## Features Added ### 🔐 SSH Key Authentication - **Multiple authentication methods**: Password-only, SSH key-only, or both - **Flexible key input**: Upload private key files or paste key content directly - **Passphrase support**: Handle encrypted SSH keys with optional passphrases - **Secure key handling**: Temporary files with proper permissions (0600) and automatic cleanup ### 🔌 Custom SSH Port Support - **Configurable ports**: Default to port 22, but allow any valid port (1-65535) - **Database integration**: Store custom ports in server configuration - **Full compatibility**: Works with all SSH operations (testing, execution, file transfer) ## Technical Implementation ### Database Schema Updates - Added `auth_type` column: `password` | `key` | `both` - Added `ssh_key` column: Stores private key content - Added `ssh_key_passphrase` column: Optional encrypted passphrase - Added `ssh_port` column: Custom SSH port (default: 22) - Backward-compatible migrations for existing servers ### Backend Services - **SSH Service**: Enhanced connection testing with key authentication - **SSH Execution Service**: Script execution and file transfer with key auth - **Security**: Proper temporary file management and cleanup - **Error Handling**: Clear distinction between password and key auth failures ### Frontend Components - **SSHKeyInput Component**: Reusable component for key upload/paste - **ServerForm Updates**: Dynamic form fields based on auth type - **Validation**: SSH key format validation and port range validation - **UX**: Clear authentication method selection and field visibility ### API Routes - **Server Creation**: Handle new authentication fields and validation - **Server Updates**: Support changing authentication methods - **Connection Testing**: Test both password and key authentication ## Security Considerations ✅ **Implemented Security Measures:** - Temporary key files created with 0600 permissions - Automatic cleanup of temporary files after operations - No logging or exposure of private keys in error messages - SSH key format validation before storage - Proper null checks and type safety ## Testing - ✅ Build process passes with no TypeScript errors - ✅ All authentication methods tested (password, key, both) - ✅ Custom port support verified across all SSH operations - ✅ Backward compatibility maintained for existing servers ## Breaking Changes None - this is fully backward compatible. Existing servers will continue to work with password authentication. ## Migration Existing servers automatically migrate to use `auth_type=password` and `ssh_port=22` with no user intervention required. --- **Ready for review and testing!** 🚀 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

saavagebueno added the pull-request label 2025-11-20 04:13:23 -05:00

saavagebueno closed this issue 2025-11-20 04:13:23 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/eslint-10.1.0

dependabot/npm_and_yarn/baseline-browser-mapping-2.10.12

dependabot/npm_and_yarn/prisma/client-7.6.0

dependabot/npm_and_yarn/vitest-4.1.2

dependabot/npm_and_yarn/trpc/server-11.16.0

update-version-v0.5.7

preserve_images

feature/pocketbase-migration

update-version-v0.5.6

fix/466

fix/405

fix/464

fix/312

fix/362

fix/438

fix/404

fix/365

feat/406

feat/419

feat/447

update_january_core

fix/465

fix/398

update-version-v0.5.5

MickLesk-patch-2

get_update_script

update-version-v0.5.4

fixes_update

update-version-v0.5.3

fix_db_initialization

update_footer

update_core

alert-autofix-4

update-version-v0.5.2

feat/use_new_core_features

feat/core_bump

fix/source-calls-path-resolution

update-version-v0.5.1

feat/clone_lxc_vm

fix/352

fix/357_356

update-version-v0.5.0

bugfixing_bumps

fix/vm_detection

fix/some_small_thnigs

fix/update_script

node24_securityfix

update-version-v0.4.13

MickLesk-patch-1

update-version-v0.4.12

bump_pve91

feat/lxc_backups

fix/320

localization

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.13

v0.4.12

v0.4.11

v0.4.10.3

v0.4.10.2

v0.4.10.1

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

enhancement

enhancement

feature

in progress

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE-Local#181