Skip to content

/ssh endpoint should be disabled by default #1502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Merith-TK opened this issue Apr 8, 2020 · 5 comments · Fixed by #1563
Closed

/ssh endpoint should be disabled by default #1502

Merith-TK opened this issue Apr 8, 2020 · 5 comments · Fixed by #1563
Assignees
@nhooyr
Labels
enhancement Some improvement that isn't a feature

Comments

@Merith-TK
Copy link
Contributor

image

also, the changelogs on the release page do not state there is an ssh server, to begin with, and I think it is a decent security issue, because there may be people who don't use ssh for reasons or people who hold a STRICT ssh policy and this is just an ssh server without any user configurability by the looks of it, and it is enabled by default.
@Merith-TK Merith-TK changed the title [v3.0.2] SSH server does not properly retain host environment [v3.0.2] SSH server not documented nor does it properly work Apr 8, 2020
@kylecarbs
Copy link
Member

We might remove the SSH endpoint. Initially, it was added to do port-forwarding and a buncha other things, but isn't really needed anymore.

@Merith-TK
Copy link
Contributor Author

a better idea, dont remove it, leave it there, but make it so it is disabled by default.

because i can see a use. Like you have a server in which a few people need to access and you dont trust them with the user password (in fear they may attempt to sudo or su), you can provide the code-server password to them.

and add documentation on the things existence.

@kylecarbs kylecarbs changed the title [v3.0.2] SSH server not documented nor does it properly work /ssh endpoint should be disabled by default Apr 14, 2020
@nhooyr nhooyr self-assigned this Apr 16, 2020
@nhooyr nhooyr added the enhancement Some improvement that isn't a feature label Apr 17, 2020
@jrebey
Copy link

jrebey commented Apr 23, 2020

@Merith-TK There are plenty of ways to accomplish this without building in an SSH server. For example, you can load up a docker container and mount the workspace volume in it and give SSH access to that container. Maintaining an SSH server inside another application is a security nightmare especially given better alternatives exist.

@Merith-TK

This comment has been minimized.

Sign in to view
@nhooyr
Copy link
Contributor

nhooyr commented Apr 23, 2020

@jrebey We're going to just remove it. A docker container dependency isn't something we want users to think about.

nhooyr added a commit that referenced this issue Apr 27, 2020
@nhooyr
Remove SSH server
d0d5461 
Closes #1502
@nhooyr nhooyr mentioned this issue Apr 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nhooyr nhooyr

Labels
enhancement Some improvement that isn't a feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove SSH server coder/code-server
4 participants
@kylecarbs @nhooyr @Merith-TK @jrebey