Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable local storage (Known hosts) - security problem, private key stored in clear in local storage on browser #183

Open
jerome-karabenli opened this issue Dec 14, 2024 · 1 comment
Open

Disable local storage (Known hosts) - security problem, private key stored in clear in local storage on browser #183

jerome-karabenli opened this issue Dec 14, 2024 · 1 comment

Comments

@jerome-karabenli
Copy link

It is possible to disable local storage usage with env vars ?
The sshwifty-knowns key in local storage on browser store also private key. Anyone can access to sshwifty web even if not logged in, can view all private keys.
@nirui
Copy link
Owner

nirui commented Dec 14, 2024

Greetings,

Sshwifty should not save private keys or password to sshwifty-knowns unless they were delivered through Presets. If you find it don't work like that, then probably it's a bug.

Can you share the exact steps that lead to the password being saved?

Also while we at it, it is not recommended to add things you want to kept secret in Presets as all Presets are send to client in clear-text out the open (as described under: https://github.com/nirui/sshwifty/blob/01e3e595aef1251084646ccec9805a6450d7d48e/README.md#configuration-file-option-and-descriptions)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nirui @jerome-karabenli