Update
This commit is contained in:
+27
-63
@@ -238,9 +238,8 @@ const DEFAULT_PORTAINER_SSH_CONFIG = {
|
||||
host: '',
|
||||
port: 22,
|
||||
username: '',
|
||||
extraSshArgs: [],
|
||||
privateKey: '',
|
||||
privateKeyPassphrase: ''
|
||||
password: '',
|
||||
extraSshArgs: []
|
||||
};
|
||||
|
||||
const normalizeString = (value, fallback = '') => {
|
||||
@@ -283,14 +282,7 @@ const normalizeExtraArgs = (value, fallback = []) => {
|
||||
return Array.isArray(fallback) ? [...fallback] : [];
|
||||
};
|
||||
|
||||
const normalizePrivateKey = (value, fallback = DEFAULT_PORTAINER_SSH_CONFIG.privateKey) => {
|
||||
if (value === undefined) return fallback;
|
||||
if (value === null) return '';
|
||||
if (typeof value !== 'string') return String(value);
|
||||
return value.replace(/\r\n/g, '\n').replace(/\r/g, '\n').trim();
|
||||
};
|
||||
|
||||
const normalizePrivateKeyPassphrase = (value, fallback = DEFAULT_PORTAINER_SSH_CONFIG.privateKeyPassphrase) => {
|
||||
const normalizePassword = (value, fallback = DEFAULT_PORTAINER_SSH_CONFIG.password) => {
|
||||
if (value === undefined) return fallback;
|
||||
if (value === null) return '';
|
||||
return String(value);
|
||||
@@ -303,14 +295,14 @@ const getPortainerSshConfig = () => {
|
||||
}
|
||||
try {
|
||||
const parsed = stored.value ? JSON.parse(stored.value) : {};
|
||||
const decryptedKey = parsed.privateKeyEncrypted ? decryptSensitive(parsed.privateKeyEncrypted) : '';
|
||||
const decryptedPassword = parsed.passwordEncrypted ? decryptSensitive(parsed.passwordEncrypted) : null;
|
||||
const fallbackPassword = parsed.password !== undefined ? parsed.password : null;
|
||||
return {
|
||||
host: normalizeString(parsed.host),
|
||||
port: normalizePort(parsed.port),
|
||||
username: normalizeString(parsed.username),
|
||||
extraSshArgs: normalizeExtraArgs(parsed.extraSshArgs),
|
||||
privateKey: decryptedKey,
|
||||
privateKeyPassphrase: parsed.privateKeyPassphraseEncrypted ? decryptSensitive(parsed.privateKeyPassphraseEncrypted) : ''
|
||||
password: normalizePassword(decryptedPassword ?? fallbackPassword),
|
||||
extraSshArgs: normalizeExtraArgs(parsed.extraSshArgs)
|
||||
};
|
||||
} catch (err) {
|
||||
console.warn('⚠️ [Maintenance] Konnte Portainer SSH Konfiguration nicht parsen:', err.message);
|
||||
@@ -324,8 +316,7 @@ const persistPortainerSshConfig = (config) => {
|
||||
port: config.port,
|
||||
username: config.username,
|
||||
extraSshArgs: config.extraSshArgs,
|
||||
privateKeyEncrypted: config.privateKey ? encryptSensitive(config.privateKey) : null,
|
||||
privateKeyPassphraseEncrypted: config.privateKeyPassphrase ? encryptSensitive(config.privateKeyPassphrase) : null
|
||||
passwordEncrypted: config.password ? encryptSensitive(config.password) : null
|
||||
};
|
||||
setSetting(PORTAINER_SSH_CONFIG_KEY, JSON.stringify(payload));
|
||||
};
|
||||
@@ -334,9 +325,8 @@ const mergeSshConfig = (base, overrides = {}) => ({
|
||||
host: normalizeString(overrides.host, base.host),
|
||||
port: normalizePort(overrides.port, base.port),
|
||||
username: normalizeString(overrides.username, base.username),
|
||||
extraSshArgs: normalizeExtraArgs(overrides.extraSshArgs, base.extraSshArgs),
|
||||
privateKey: normalizePrivateKey(overrides.privateKey, base.privateKey),
|
||||
privateKeyPassphrase: normalizePrivateKeyPassphrase(overrides.privateKeyPassphrase, base.privateKeyPassphrase)
|
||||
password: normalizePassword(overrides.password, base.password),
|
||||
extraSshArgs: normalizeExtraArgs(overrides.extraSshArgs, base.extraSshArgs)
|
||||
});
|
||||
|
||||
const savePortainerSshConfig = (payload = {}) => {
|
||||
@@ -351,36 +341,17 @@ const deletePortainerSshConfig = () => {
|
||||
return { ...DEFAULT_PORTAINER_SSH_CONFIG };
|
||||
};
|
||||
|
||||
const createTempPrivateKeyFile = (privateKey) => {
|
||||
const normalized = normalizePrivateKey(privateKey, '');
|
||||
const content = normalized.endsWith('\n') ? normalized : `${normalized}\n`;
|
||||
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'stackpulse-ssh-'));
|
||||
const filePath = path.join(tmpDir, 'id_rsa');
|
||||
fs.writeFileSync(filePath, content, { mode: 0o600 });
|
||||
return {
|
||||
filePath,
|
||||
cleanup: () => {
|
||||
try {
|
||||
fs.unlinkSync(filePath);
|
||||
} catch (err) { }
|
||||
try {
|
||||
fs.rmdirSync(tmpDir);
|
||||
} catch (err) { }
|
||||
}
|
||||
};
|
||||
};
|
||||
|
||||
const createTempAskPassScript = (passphrase) => {
|
||||
const createTempAskPassScript = (secret) => {
|
||||
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'stackpulse-askpass-'));
|
||||
const scriptPath = path.join(tmpDir, 'askpass.sh');
|
||||
const scriptContent = "#!/bin/sh\nprintf '%s\\n' \"$STACKPULSE_SSH_PASS\"\n";
|
||||
const scriptContent = "#!/bin/sh\nprintf '%s\n' \"$STACKPULSE_SSH_PASS\"\n";
|
||||
fs.writeFileSync(scriptPath, scriptContent, { mode: 0o700 });
|
||||
return {
|
||||
env: {
|
||||
SSH_ASKPASS: scriptPath,
|
||||
SSH_ASKPASS_REQUIRE: 'force',
|
||||
DISPLAY: process.env.DISPLAY || ':9999',
|
||||
STACKPULSE_SSH_PASS: passphrase
|
||||
STACKPULSE_SSH_PASS: secret
|
||||
},
|
||||
cleanup: () => {
|
||||
try {
|
||||
@@ -404,7 +375,10 @@ const buildSshCommandArgs = (config) => {
|
||||
|
||||
const args = [
|
||||
'-p', String(sshConfig.port),
|
||||
'-o', 'StrictHostKeyChecking=no'
|
||||
'-o', 'StrictHostKeyChecking=no',
|
||||
'-o', 'PreferredAuthentications=password',
|
||||
'-o', 'PubkeyAuthentication=no',
|
||||
'-o', 'NumberOfPasswordPrompts=1'
|
||||
];
|
||||
|
||||
const cleanupTasks = [];
|
||||
@@ -414,14 +388,14 @@ const buildSshCommandArgs = (config) => {
|
||||
}
|
||||
};
|
||||
|
||||
if (!sshConfig.privateKeyPassphrase) {
|
||||
args.push('-o', 'BatchMode=yes');
|
||||
}
|
||||
|
||||
if (sshConfig.privateKey) {
|
||||
const { filePath, cleanup: dispose } = createTempPrivateKeyFile(sshConfig.privateKey);
|
||||
let envOverrides = {};
|
||||
if (sshConfig.password) {
|
||||
const { env, cleanup: dispose } = createTempAskPassScript(sshConfig.password);
|
||||
envOverrides = { ...envOverrides, ...env };
|
||||
registerCleanup(dispose);
|
||||
args.push('-i', filePath);
|
||||
args.push('-o', 'BatchMode=no');
|
||||
} else {
|
||||
args.push('-o', 'BatchMode=yes');
|
||||
}
|
||||
|
||||
if (sshConfig.extraSshArgs.length) {
|
||||
@@ -431,13 +405,6 @@ const buildSshCommandArgs = (config) => {
|
||||
}
|
||||
}
|
||||
|
||||
let envOverrides = {};
|
||||
if (sshConfig.privateKeyPassphrase) {
|
||||
const { env, cleanup: dispose } = createTempAskPassScript(sshConfig.privateKeyPassphrase);
|
||||
envOverrides = { ...envOverrides, ...env };
|
||||
registerCleanup(dispose);
|
||||
}
|
||||
|
||||
args.push(`${sshConfig.username}@${sshConfig.host}`);
|
||||
|
||||
const cleanup = () => {
|
||||
@@ -1237,8 +1204,7 @@ app.get('/api/maintenance/config', (req, res) => {
|
||||
port: ssh.port,
|
||||
username: ssh.username,
|
||||
extraSshArgs: ssh.extraSshArgs,
|
||||
privateKeyStored: Boolean(ssh.privateKey),
|
||||
privateKeyPassphraseStored: Boolean(ssh.privateKeyPassphrase)
|
||||
passwordStored: Boolean(ssh.password)
|
||||
}
|
||||
});
|
||||
});
|
||||
@@ -1253,8 +1219,7 @@ app.put('/api/maintenance/ssh-config', (req, res) => {
|
||||
port: config.port,
|
||||
username: config.username,
|
||||
extraSshArgs: config.extraSshArgs,
|
||||
privateKeyStored: Boolean(config.privateKey),
|
||||
privateKeyPassphraseStored: Boolean(config.privateKeyPassphrase)
|
||||
passwordStored: Boolean(config.password)
|
||||
}
|
||||
});
|
||||
} catch (err) {
|
||||
@@ -1272,8 +1237,7 @@ app.delete('/api/maintenance/ssh-config', (req, res) => {
|
||||
port: config.port,
|
||||
username: config.username,
|
||||
extraSshArgs: config.extraSshArgs,
|
||||
privateKeyStored: false,
|
||||
privateKeyPassphraseStored: false
|
||||
passwordStored: false
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
@@ -95,8 +95,7 @@ const createEmptySshDraft = () => ({
|
||||
host: '',
|
||||
port: '22',
|
||||
username: '',
|
||||
privateKey: '',
|
||||
privateKeyPassphrase: '',
|
||||
password: '',
|
||||
extraSshArgs: ''
|
||||
});
|
||||
|
||||
@@ -127,10 +126,8 @@ export default function Maintenance() {
|
||||
const [updateActionError, setUpdateActionError] = useState("");
|
||||
|
||||
const [sshDraft, setSshDraft] = useState(() => createEmptySshDraft());
|
||||
const [sshKeyStored, setSshKeyStored] = useState(false);
|
||||
const [sshPassphraseStored, setSshPassphraseStored] = useState(false);
|
||||
const [showPrivateKey, setShowPrivateKey] = useState(false);
|
||||
const [showPassphrase, setShowPassphrase] = useState(false);
|
||||
const [sshPasswordStored, setSshPasswordStored] = useState(false);
|
||||
const [showPassword, setShowPassword] = useState(false);
|
||||
const [sshSaving, setSshSaving] = useState(false);
|
||||
const [sshTesting, setSshTesting] = useState(false);
|
||||
const [sshDeleting, setSshDeleting] = useState(false);
|
||||
@@ -145,10 +142,8 @@ export default function Maintenance() {
|
||||
useEffect(() => {
|
||||
if (!sshConfig) {
|
||||
setSshDraft(createEmptySshDraft());
|
||||
setSshKeyStored(false);
|
||||
setSshPassphraseStored(false);
|
||||
setShowPrivateKey(false);
|
||||
setShowPassphrase(false);
|
||||
setSshPasswordStored(false);
|
||||
setShowPassword(false);
|
||||
setSshTestResult(null);
|
||||
return;
|
||||
}
|
||||
@@ -156,14 +151,11 @@ export default function Maintenance() {
|
||||
host: sshConfig.host ?? '',
|
||||
port: String(sshConfig.port ?? '22'),
|
||||
username: sshConfig.username ?? '',
|
||||
privateKey: '',
|
||||
privateKeyPassphrase: '',
|
||||
password: '',
|
||||
extraSshArgs: Array.isArray(sshConfig.extraSshArgs) ? sshConfig.extraSshArgs.join('\n') : ''
|
||||
});
|
||||
setSshKeyStored(Boolean(sshConfig.privateKeyStored));
|
||||
setSshPassphraseStored(Boolean(sshConfig.privateKeyPassphraseStored));
|
||||
setShowPrivateKey(false);
|
||||
setShowPassphrase(false);
|
||||
setSshPasswordStored(Boolean(sshConfig.passwordStored));
|
||||
setShowPassword(false);
|
||||
setSshTestResult(null);
|
||||
}, [sshConfig]);
|
||||
|
||||
@@ -273,11 +265,8 @@ export default function Maintenance() {
|
||||
|
||||
const handleSshDraftChange = useCallback((field, value) => {
|
||||
setSshDraft((prev) => ({ ...prev, [field]: value }));
|
||||
if (field === 'privateKey') {
|
||||
setSshKeyStored(false);
|
||||
}
|
||||
if (field === 'privateKeyPassphrase') {
|
||||
setSshPassphraseStored(false);
|
||||
if (field === 'password') {
|
||||
setSshPasswordStored(false);
|
||||
}
|
||||
}, []);
|
||||
|
||||
@@ -286,29 +275,21 @@ export default function Maintenance() {
|
||||
host: sshDraft.host.trim(),
|
||||
port: Number.parseInt(sshDraft.port, 10) || 22,
|
||||
username: sshDraft.username.trim(),
|
||||
extraSshArgs: sshDraft.extraSshArgs
|
||||
extraSshArgs: (sshDraft.extraSshArgs || '')
|
||||
.split(/\r?\n/)
|
||||
.map((entry) => entry.trim())
|
||||
.filter(Boolean)
|
||||
};
|
||||
|
||||
const rawKey = (sshDraft.privateKey ?? '');
|
||||
const sanitizedKey = rawKey.replace(/\r\n/g, '\n').replace(/\r/g, '\n').trim();
|
||||
if (sanitizedKey) {
|
||||
normalized.privateKey = sanitizedKey;
|
||||
} else if (!sshKeyStored) {
|
||||
normalized.privateKey = '';
|
||||
}
|
||||
|
||||
const rawPassphrase = sshDraft.privateKeyPassphrase ?? '';
|
||||
if (rawPassphrase) {
|
||||
normalized.privateKeyPassphrase = rawPassphrase;
|
||||
} else if (!sshPassphraseStored) {
|
||||
normalized.privateKeyPassphrase = '';
|
||||
const rawPassword = sshDraft.password ?? '';
|
||||
if (rawPassword) {
|
||||
normalized.password = rawPassword;
|
||||
} else if (!sshPasswordStored) {
|
||||
normalized.password = '';
|
||||
}
|
||||
|
||||
return normalized;
|
||||
}, [sshDraft, sshKeyStored, sshPassphraseStored]);
|
||||
}, [sshDraft, sshPasswordStored]);
|
||||
|
||||
const handleScriptSave = useCallback(async () => {
|
||||
if (!scriptConfig) return;
|
||||
@@ -350,8 +331,7 @@ export default function Maintenance() {
|
||||
setSshSaving(true);
|
||||
await saveSshConfig(normalizedSshDraft);
|
||||
setSshTestResult(null);
|
||||
setShowPrivateKey(false);
|
||||
setShowPassphrase(false);
|
||||
setShowPassword(false);
|
||||
showToast({
|
||||
variant: "success",
|
||||
title: "SSH-Konfiguration gespeichert",
|
||||
@@ -389,10 +369,8 @@ export default function Maintenance() {
|
||||
setSshDeleting(true);
|
||||
await deleteSshConfig();
|
||||
setSshDraft(createEmptySshDraft());
|
||||
setSshKeyStored(false);
|
||||
setSshPassphraseStored(false);
|
||||
setShowPrivateKey(false);
|
||||
setShowPassphrase(false);
|
||||
setSshPasswordStored(false);
|
||||
setShowPassword(false);
|
||||
setSshTestResult(null);
|
||||
showToast({
|
||||
variant: "info",
|
||||
@@ -766,60 +744,30 @@ export default function Maintenance() {
|
||||
</div>
|
||||
<div className="grid gap-1">
|
||||
<div className="flex items-center justify-between text-xs uppercase tracking-wide text-gray-400">
|
||||
<label htmlFor="maintenance-ssh-private-key" className="cursor-pointer">Privater SSH-Key</label>
|
||||
<label htmlFor="maintenance-ssh-password" className="cursor-pointer">Passwort</label>
|
||||
<button
|
||||
type="button"
|
||||
onClick={() => setShowPrivateKey((prev) => !prev)}
|
||||
onClick={() => setShowPassword((prev) => !prev)}
|
||||
disabled={sshSaving || sshTesting || sshDeleting || updateRunning}
|
||||
className="text-[11px] font-medium text-purple-300 transition hover:text-purple-200 disabled:opacity-50"
|
||||
>
|
||||
{showPrivateKey ? 'Verbergen' : 'Anzeigen'}
|
||||
</button>
|
||||
</div>
|
||||
<textarea
|
||||
id="maintenance-ssh-private-key"
|
||||
rows={6}
|
||||
value={sshDraft.privateKey}
|
||||
onChange={(event) => handleSshDraftChange('privateKey', event.target.value)}
|
||||
disabled={sshSaving || sshTesting || sshDeleting || updateRunning}
|
||||
className="w-full rounded-md border border-gray-700 bg-gray-950/70 px-3 py-2 font-mono text-xs text-gray-100 focus:border-purple-500 focus:outline-none"
|
||||
placeholder="-----BEGIN OPENSSH PRIVATE KEY-----"
|
||||
autoComplete="off"
|
||||
spellCheck={false}
|
||||
style={showPrivateKey ? undefined : { WebkitTextSecurity: 'disc', MozTextSecurity: 'disc' }}
|
||||
/>
|
||||
{sshKeyStored && !sshDraft.privateKey && (
|
||||
<span className="text-[11px] text-gray-400">
|
||||
Ein privater Schlüssel ist gespeichert. Neuer Inhalt ersetzt ihn oder lösche die Konfiguration unten.
|
||||
</span>
|
||||
)}
|
||||
</div>
|
||||
<div className="grid gap-1">
|
||||
<div className="flex items-center justify-between text-xs uppercase tracking-wide text-gray-400">
|
||||
<label htmlFor="maintenance-ssh-passphrase" className="cursor-pointer">Passphrase</label>
|
||||
<button
|
||||
type="button"
|
||||
onClick={() => setShowPassphrase((prev) => !prev)}
|
||||
disabled={sshSaving || sshTesting || sshDeleting || updateRunning}
|
||||
className="text-[11px] font-medium text-purple-300 transition hover:text-purple-200 disabled:opacity-50"
|
||||
>
|
||||
{showPassphrase ? 'Verbergen' : 'Anzeigen'}
|
||||
{showPassword ? 'Verbergen' : 'Anzeigen'}
|
||||
</button>
|
||||
</div>
|
||||
<input
|
||||
id="maintenance-ssh-passphrase"
|
||||
type={showPassphrase ? 'text' : 'password'}
|
||||
value={sshDraft.privateKeyPassphrase}
|
||||
onChange={(event) => handleSshDraftChange('privateKeyPassphrase', event.target.value)}
|
||||
id="maintenance-ssh-password"
|
||||
type={showPassword ? 'text' : 'password'}
|
||||
value={sshDraft.password}
|
||||
onChange={(event) => handleSshDraftChange('password', event.target.value)}
|
||||
disabled={sshSaving || sshTesting || sshDeleting || updateRunning}
|
||||
className="w-full rounded-md border border-gray-700 bg-gray-950/70 px-3 py-2 text-sm text-gray-100 focus:border-purple-500 focus:outline-none"
|
||||
placeholder="optional"
|
||||
placeholder="Passwort für den SSH-Benutzer"
|
||||
autoComplete="off"
|
||||
spellCheck={false}
|
||||
/>
|
||||
{sshPassphraseStored && !sshDraft.privateKeyPassphrase && (
|
||||
{sshPasswordStored && !sshDraft.password && (
|
||||
<span className="text-[11px] text-gray-400">
|
||||
Eine Passphrase ist gespeichert. Neuer Wert ersetzt sie oder lösche die Konfiguration unten.
|
||||
Ein Passwort ist gespeichert. Neuer Inhalt ersetzt es oder lösche die Konfiguration unten.
|
||||
</span>
|
||||
)}
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user