hassio-addons/repository-beta
1
0
Fork 0
mirror of https://github.com/hassio-addons/repository-beta.git synced 2025-05-04 19:11:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

🎉 Release of add-on SSH & Web Terminal 10.0.0

Browse source
This commit is contained in:
Community Hass.io Add-ons Bot 2021-12-15 16:48:39 +00:00
parent 47829da1d6
commit 3c133bd28f
5 changed files with 52 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -880,10 +880,10 @@ SOFTWARE.
[sqlite-web-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
[sqlite-web-armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
[sqlite-web-i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
[addon-ssh]: https://github.com/hassio-addons/addon-ssh/tree/v9.1.1
[addon-doc-ssh]: https://github.com/hassio-addons/addon-ssh/blob/v9.1.1/README.md
[addon-ssh]: https://github.com/hassio-addons/addon-ssh/tree/v10.0.0
[addon-doc-ssh]: https://github.com/hassio-addons/addon-ssh/blob/v10.0.0/README.md
[ssh-issue]: https://github.com/hassio-addons/addon-ssh/issues
[ssh-version-shield]: https://img.shields.io/badge/version-v9.1.1-blue.svg
[ssh-version-shield]: https://img.shields.io/badge/version-v10.0.0-blue.svg
[ssh-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
[ssh-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
[ssh-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg

48
ssh/CHANGELOG.md
View file

@ -1,6 +1,50 @@
## Whats changed
👋 Hi there! Time for a big update, **v10.0.0**
⚠️ Please read this carefully, as this release comes with a bunch of breaking changes.
The add-on has upgraded to Alpine 3.15, which means all tools are now running the latest versions.
The `homeassistant_cli` has been removed. This (third-party) CLI has some upstream updates, which broke add-on compatibility.
It, therefore, has now been removed. One can still install it using the `command_init` option if wanted, however, is no longer part of the default distribution.
The Have I Been Pwned checks have been removed from the add-on, as this is a built-in feature of the Supervisor nowadays. This means the `i_like_to_be_pwned` option has been removed from the add-on configuration. If you have this option set, you will need to remove this from your add-on options.
Lastly, the `addon.stdin` service has been removed. And I want to explain a little about the reasoning behind it.
The `addon.stdin` service allowed to run commands on this add-on, which could be helpful. However, I got contacted about this service as it has the potential to be used as an attack surface in combination with social engineering. Quite a lot of social engineering, as this is not a one-click accept kinda attack. It requires a lot of steps.
For this matter, me (@frenck) and the reporting person didn't agree on the type of issue this imposes. A CVE has been requested at MITRE by the reporter, however, I do not recognize it and do not agree on the vulnerability. For that reason, this person and the CVE are also not listed in these release notes.
The service has not been removed because I think it is a vulnerability (as a matter of fact, I don't agree it is), but the service is removed as I think we should protect users, even against possible complex social engineering; if this helps, I think we should do that.
The above all said... You can use the plain `ssh` command as a replacement for this service; which is generally already done and has been around for ages 👍 And always check any third-party code and configuration you get from others of course! 🙏
If these changes impacted your automations or scripts, please accept my sincere apologies.
Kind regards,
../Frenck
PS: I hope the Firefox rendering issues is finally resolved! Please let me know :)
## 🚨 Breaking changes
- 🔥 Remove STDIN service @frenck (#349)
- 🔥 Remove hibp checks @frenck (#350)
- 🔥 Remove homeassistant_cli @frenck (#352)
## 🧰 Maintenance
- Update CI Workflows @frenck (#347)
- 🔥 Remove left over hass-cli auto completion @frenck (#353)
## 📚 Documentation
- Fix privileged mode instructions for HASS 2021.12 @tigattack (#346)
## ⬆️ Dependency updates
- ⬆️ Upgrades mariadb-client to 10.5.13-r0 @frenck (#343)
- ⬆️ Upgrades add-on base image to 10.2.3 @frenck (#344)
- ⬆️ Upgrades add-on base image to 11.0.0 @frenck (#348)
- ⬆️ Upgrades ttyd to 3e37e33 @frenck (#351)

36
ssh/DOCS.md
View file

@ -30,7 +30,6 @@ well. Additionally, it comes out of the box with the following:
- Limits login attempts to hold off brute-force attacks better.
- Many more security tweaks, _this addon passes all [ssh-audit] checks
without warnings!_
- Passwords are checked with HaveIBeenPwned using K-anonymity.
- Comes with an SSH compatibility mode option to allow older clients to connect.
- Support for Mosh allowing roaming and supports intermittent connectivity.
- SFTP support is disabled by default but is user configurable.
@ -54,8 +53,6 @@ well. Additionally, it comes out of the box with the following:
- Contains a sensible set of tools right out of the box: curl, Wget, RSync, GIT,
Nmap, Mosquitto client, MariaDB/MySQL client, Awake (“wake on LAN”), Nano,
Vim, tmux, and a bunch commonly used networking tools.
- Has the Home Assistant CLI (`hass-cli`) command line tool pre-installed and
pre-configured.
- Support executing commands inside using a Home Assistant service call, e.g.,
for use with automations.
@ -231,39 +228,6 @@ Customize your shell environment even more with the `init_commands` option.
Add one or more shell commands to the list, and they will be executed every
single time this add-on starts.
#### Option: `i_like_to_be_pwned`
Adding this option to the add-on configuration allows to you bypass the
HaveIBeenPwned password requirement by setting it to `true`.
**Note**: _We STRONGLY suggest picking a stronger/safer password instead of
using this option! USE AT YOUR OWN RISK!_
## Executing commands in this add-on using a Home Assistant service call
This add-on uses the `hassio.addon_stdin` service to expose a shell interface
to Home Assistant. This allows you to execute commands and scripts within
the SSH & Web Terminal add-on, straight from Home Assistant.
This is particularly helpful when you want to execute custom scripts or
commands from automations.
Example automation running `my_command`:
```yaml
automation:
- alias: "Example my script"
trigger:
platform: state
entity_id: binary_sensor.motion_sensor
to: "ON"
action:
service: hassio.addon_stdin
data:
addon: a0d7b954_ssh
input: "/config/scripts/my_command"
```
## Known issues and limitations
- The add-on fails to start when a password that is listed by HaveIBeenPwned

5
ssh/README.md
View file

@ -46,7 +46,6 @@ well. Additionally, it comes out of the box with the following:
- Many more security tweaks, *this addon passes all [ssh-audit] checks
without warnings!*
![Result of SSH-Audit][ssh-audit-image]
- Passwords are checked with HaveIBeenPwned using K-anonymity.
- Comes with an SSH compatibility mode option to allow older clients to connect.
- Support for Mosh allowing roaming and supports intermittent connectivity.
- SFTP support is disabled by default but is user configurable.
@ -99,8 +98,8 @@ If you are more interested in stable releases of our add-ons:
[patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png
[patreon]: https://www.patreon.com/frenck
[project-stage-shield]: https://img.shields.io/badge/project%20stage-production%20ready-brightgreen.svg
[release-shield]: https://img.shields.io/badge/version-v9.1.1-blue.svg
[release]: https://github.com/hassio-addons/addon-ssh/tree/v9.1.1
[release-shield]: https://img.shields.io/badge/version-v10.0.0-blue.svg
[release]: https://github.com/hassio-addons/addon-ssh/tree/v10.0.0
[screenshot]: https://github.com/hassio-addons/addon-ssh/raw/main/images/screenshot.png
[ssh-audit-image]: https://github.com/hassio-addons/addon-ssh/raw/main/images/ssh-audit.png
[ssh-audit]: https://github.com/arthepsy/ssh-audit

4
ssh/config.yaml
View file

@ -58,7 +58,6 @@ privileged:
- SYS_TIME
- SYS_NICE
schema:
i_like_to_be_pwned: bool?
init_commands:
- str
log_level: list(trace|debug|info|notice|warning|error|fatal)?
@ -81,8 +80,7 @@ services:
- mqtt:want
slug: ssh
startup: services
stdin: true
uart: true
url: https://github.com/hassio-addons/addon-ssh
usb: true
version: 9.1.1
version: 10.0.0