Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sshx in CI/CD of public projects can have public logs #23

Closed
NikolayS opened this issue Nov 6, 2023 · 2 comments · Fixed by #47
Closed

sshx in CI/CD of public projects can have public logs #23

NikolayS opened this issue Nov 6, 2023 · 2 comments · Fixed by #47

Comments

@NikolayS
Copy link

NikolayS commented Nov 6, 2023
edited
Loading

Great project!

But speaking of CI/CD, consider scenario:

  • to debug, someone puts sshx to CI/CD of their open-source project
  • the URL is printed in the CI/CD output and anyone can read it
  • anyone can connect
  • printenv shows all environment variables, including secrets (if any, of course)

I'd add at least a warning about this in the README.
@NikolayS
Copy link
Author

NikolayS commented Nov 6, 2023

BTW, in this context:

  • if machine is destroyed, does the browser link keep working?
  • if yes, can it be deleted manually or automatically deleted later?

@ekzhang
Copy link
Owner

ekzhang commented Nov 6, 2023

Yes this is true, good catch. You need to disable public access to the logs of CI builds if you want to use sshx in a context like that.

In practice the risk is quite low because it's an ephemeral app run, but it doesn't hurt to be safe with the usage recommendation.

sshx disconnects if the machine disconnects. The session is garbage collected after a few minutes if the same client does not reconnect.

@ekzhang ekzhang changed the title Placing sshx in CI/CD of open projects is insecure sshx in CI/CD of public projects can have public logs Nov 6, 2023
ekzhang added a commit that referenced this issue Nov 12, 2023
@ekzhang
Add warning about CI log visibility
77a82b0 
Resolves #23.
@ekzhang ekzhang mentioned this issue Nov 12, 2023
Merged
ekzhang added a commit that referenced this issue Nov 12, 2023
@ekzhang
Add warning about CI log visibility (#47)
34ff2e1 
* Add warning about CI log visibility

Resolves #23.

* Update README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add warning about CI log visibility ekzhang/sshx
2 participants
@NikolayS @ekzhang