upterm host should reject any unauthenticated users when --authorized-key, --github-user or --gitlab-user option is present #119
Description
Problem:
I ran into an issue where I had a passed an empty file to --authorized-key option for the upterm host command.
Steps to reproduce
- Start a new
upterm hostsession in a docker container:
# start a new ubuntu docker container
docker run --rm -it ubuntu:20.04 bash# in the container run these commands to start upterm
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends curl openssh-client ca-certificates
curl -sL https://github.com/owenthereal/upterm/releases/download/v0.7.6/upterm_linux_amd64.tar.gz | \
tar zxvf - -C /tmp upterm && \
install /tmp/upterm /usr/local/bin/ && rm -rf /tmp/upterm
mkdir -p ~/.ssh && chmod 0700 ~/.ssh
ssh-keygen -q -t ed25519 -N "" -f ~/.ssh/id_ed25519
# Auto-generate ~/.ssh/known_hosts by attempting connection to uptermd.upterm.dev
ssh -i ~/.ssh/id_ed25519 -o 'StrictHostKeyChecking no' uptermd.upterm.dev
cat <(cat ~/.ssh/known_hosts | awk '{ print "@cert-authority * " $2 " " $3 }' | sort | uniq) >> ~/.ssh/known_hosts
touch ~/.ssh/authorized_keys
upterm host -a $HOME/.ssh/authorized_keys -- bash- Use the SSH session string in another terminal. The client connects to the upterm session. This is unexpected since
-a $HOME/.ssh/authorized_keysis passed toupterm host.
Expected behavior
upterm host should reject any unauthenticated users when --authorized-key, --github-user or --gitlab-user option is present.
An empty authorized keys file shouldn't be an exception.