mirror of
https://github.com/Termix-SSH/Termix.git
synced 2026-07-15 21:03:47 +00:00
feat: add CA-signed certificate authentication for SSH credentials
Support OpenSSH certificate-based authentication (-cert.pub files) in the Credentials manager. When a CA-signed certificate is stored alongside a private key, Termix uses it during SSH connection establishment so that servers relying on certificate-based authorization work out of the box. Changes: - db/schema.ts: add cert_public_key column to ssh_credentials table - db/index.ts: auto-migration via addColumnIfNotExists - routes/credentials.ts: expose certPublicKey in create/update/get endpoints - ssh/auth-manager.ts: include certPublicKey in ResolvedCredentials - ssh/host-resolver.ts: propagate certPublicKey when resolving credentials - ssh/opkssh-cert-auth.ts: refactor shared logic into _applyCertToConnection; export new setupCACertAuth() with optional passphrase support - ssh/terminal.ts: call setupCACertAuth() when a certificate is present - utils/ssh-key-utils.ts: detect all OpenSSH cert types in public key parser - types/index.ts: add certPublicKey to Credential, CredentialBackend, CredentialData interfaces - CredentialAuthenticationTab.tsx: new CA Certificate section with file upload, paste editor and automatic cert-type badge - CredentialEditor.tsx: certPublicKey wired into form schema and submit - CredentialViewer.tsx: show certificate status in security tab - locales/en.json: add i18n strings for new UI elements
This commit is contained in:
@@ -103,6 +103,27 @@ function detectKeyTypeFromContent(keyContent: string): string {
|
||||
function detectPublicKeyTypeFromContent(publicKeyContent: string): string {
|
||||
const content = publicKeyContent.trim();
|
||||
|
||||
// OpenSSH certificate types (must be checked before plain key types)
|
||||
if (content.startsWith("ssh-ed25519-cert-v01@openssh.com ")) {
|
||||
return "ssh-ed25519-cert-v01@openssh.com";
|
||||
}
|
||||
if (content.startsWith("ssh-rsa-cert-v01@openssh.com ")) {
|
||||
return "ssh-rsa-cert-v01@openssh.com";
|
||||
}
|
||||
if (content.startsWith("ecdsa-sha2-nistp256-cert-v01@openssh.com ")) {
|
||||
return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
|
||||
}
|
||||
if (content.startsWith("ecdsa-sha2-nistp384-cert-v01@openssh.com ")) {
|
||||
return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
|
||||
}
|
||||
if (content.startsWith("ecdsa-sha2-nistp521-cert-v01@openssh.com ")) {
|
||||
return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
|
||||
}
|
||||
if (content.startsWith("sk-ssh-ed25519-cert-v01@openssh.com ")) {
|
||||
return "sk-ssh-ed25519-cert-v01@openssh.com";
|
||||
}
|
||||
|
||||
// Plain public keys
|
||||
if (content.startsWith("ssh-rsa ")) {
|
||||
return "ssh-rsa";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user