🎉 Release of add-on SSH & Web Terminal 10.0.0

2025-05-05 03:21:28 +00:00 · 2021-12-15 16:48:39 +00:00 · 2021-12-15 16:48:39 +00:00 · 3c133bd28f
commit 3c133bd28f
parent 47829da1d6
5 changed files with 52 additions and 47 deletions
--- a/README.md
+++ b/README.md
@ -880,10 +880,10 @@ SOFTWARE.
 [sqlite-web-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
 [sqlite-web-armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
 [sqlite-web-i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
-[addon-ssh]: https://github.com/hassio-addons/addon-ssh/tree/v9.1.1
+[addon-ssh]: https://github.com/hassio-addons/addon-ssh/tree/v10.0.0
-[addon-doc-ssh]: https://github.com/hassio-addons/addon-ssh/blob/v9.1.1/README.md
+[addon-doc-ssh]: https://github.com/hassio-addons/addon-ssh/blob/v10.0.0/README.md
 [ssh-issue]: https://github.com/hassio-addons/addon-ssh/issues
-[ssh-version-shield]: https://img.shields.io/badge/version-v9.1.1-blue.svg
+[ssh-version-shield]: https://img.shields.io/badge/version-v10.0.0-blue.svg
 [ssh-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
 [ssh-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
 [ssh-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
--- a/ssh/CHANGELOG.md
+++ b/ssh/CHANGELOG.md
@ -1,6 +1,50 @@
 ## What’s changed
 👋  Hi there! Time for a big update, **v10.0.0**
 ⚠️ Please read this carefully, as this release comes with a bunch of breaking changes.
 The add-on has upgraded to Alpine 3.15, which means all tools are now running the latest versions.
 The `homeassistant_cli` has been removed. This (third-party) CLI has some upstream updates, which broke add-on compatibility.
 It, therefore, has now been removed. One can still install it using the `command_init` option if wanted, however, is no longer part of the default distribution.
 The Have I Been Pwned checks have been removed from the add-on, as this is a built-in feature of the Supervisor nowadays. This means the `i_like_to_be_pwned` option has been removed from the add-on configuration. If you have this option set, you will need to remove this from your add-on options.
 Lastly, the `addon.stdin` service has been removed. And I want to explain a little about the reasoning behind it.
 The `addon.stdin` service allowed to run commands on this add-on, which could be helpful. However, I got contacted about this service as it has the potential to be used as an attack surface in combination with social engineering. Quite a lot of social engineering, as this is not a one-click accept kinda attack. It requires a lot of steps.
 For this matter, me (@frenck) and the reporting person didn't agree on the type of issue this imposes. A CVE has been requested at MITRE by the reporter, however, I do not recognize it and do not agree on the vulnerability. For that reason, this person and the CVE are also not listed in these release notes.
 The service has not been removed because I think it is a vulnerability (as a matter of fact, I don't agree it is), but the service is removed as I think we should protect users, even against possible complex social engineering; if this helps, I think we should do that. 
 The above all said... You can use the plain `ssh` command as a replacement for this service; which is generally already done and has been around for ages 👍  And always check any third-party code and configuration you get from others of course! 🙏 
 If these changes impacted your automations or scripts, please accept my sincere apologies.
 Kind regards,
 ../Frenck
 PS: I hope the Firefox rendering issues is finally resolved! Please let me know :)
 ## 🚨 Breaking changes
 - 🔥 Remove STDIN service @frenck (#349)
 - 🔥 Remove hibp checks @frenck (#350)
 - 🔥 Remove homeassistant_cli @frenck (#352)
 ## 🧰 Maintenance
 - Update CI Workflows @frenck (#347)
 - 🔥 Remove left over hass-cli auto completion @frenck (#353)
 ## 📚 Documentation
 - Fix privileged mode instructions for HASS 2021.12 @tigattack (#346)
 ## ⬆️ Dependency updates
- ⬆️ Upgrades mariadb-client to 10.5.13-r0 @frenck (#343)
+- ⬆️ Upgrades add-on base image to 11.0.0 @frenck (#348)
- ⬆️ Upgrades add-on base image to 10.2.3 @frenck (#344)
+- ⬆️ Upgrades ttyd to 3e37e33 @frenck (#351)
--- a/ssh/DOCS.md
+++ b/ssh/DOCS.md
@ -30,7 +30,6 @@ well. Additionally, it comes out of the box with the following:
  - Limits login attempts to hold off brute-force attacks better.
  - Many more security tweaks, _this addon passes all [ssh-audit] checks
    without warnings!_
 - Passwords are checked with HaveIBeenPwned using K-anonymity.
 - Comes with an SSH compatibility mode option to allow older clients to connect.
 - Support for Mosh allowing roaming and supports intermittent connectivity.
 - SFTP support is disabled by default but is user configurable.
@ -54,8 +53,6 @@ well. Additionally, it comes out of the box with the following:
 - Contains a sensible set of tools right out of the box: curl, Wget, RSync, GIT,
  Nmap, Mosquitto client, MariaDB/MySQL client, Awake (“wake on LAN”), Nano,
  Vim, tmux, and a bunch commonly used networking tools.
 - Has the Home Assistant CLI (`hass-cli`) command line tool pre-installed and
  pre-configured.
 - Support executing commands inside using a Home Assistant service call, e.g.,
  for use with automations.
@ -231,39 +228,6 @@ Customize your shell environment even more with the `init_commands` option.
 Add one or more shell commands to the list, and they will be executed every
 single time this add-on starts.
 #### Option: `i_like_to_be_pwned`
 Adding this option to the add-on configuration allows to you bypass the
 HaveIBeenPwned password requirement by setting it to `true`.
 **Note**: _We STRONGLY suggest picking a stronger/safer password instead of
 using this option! USE AT YOUR OWN RISK!_
 ## Executing commands in this add-on using a Home Assistant service call
 This add-on uses the `hassio.addon_stdin` service to expose a shell interface
 to Home Assistant. This allows you to execute commands and scripts within
 the SSH & Web Terminal add-on, straight from Home Assistant.
 This is particularly helpful when you want to execute custom scripts or
 commands from automations.
 Example automation running `my_command`:
 ```yaml
 automation:
  - alias: "Example my script"
    trigger:
      platform: state
      entity_id: binary_sensor.motion_sensor
      to: "ON"
    action:
      service: hassio.addon_stdin
      data:
        addon: a0d7b954_ssh
        input: "/config/scripts/my_command"
 ```
 ## Known issues and limitations
 - The add-on fails to start when a password that is listed by HaveIBeenPwned
--- a/ssh/README.md
+++ b/ssh/README.md
@ -46,7 +46,6 @@ well. Additionally, it comes out of the box with the following:
  - Many more security tweaks, *this addon passes all [ssh-audit] checks
    without warnings!*
    ![Result of SSH-Audit][ssh-audit-image]
 - Passwords are checked with HaveIBeenPwned using K-anonymity.
 - Comes with an SSH compatibility mode option to allow older clients to connect.
 - Support for Mosh allowing roaming and supports intermittent connectivity.
 - SFTP support is disabled by default but is user configurable.
@ -99,8 +98,8 @@ If you are more interested in stable releases of our add-ons:
 [patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png
 [patreon]: https://www.patreon.com/frenck
 [project-stage-shield]: https://img.shields.io/badge/project%20stage-production%20ready-brightgreen.svg
-[release-shield]: https://img.shields.io/badge/version-v9.1.1-blue.svg
+[release-shield]: https://img.shields.io/badge/version-v10.0.0-blue.svg
-[release]: https://github.com/hassio-addons/addon-ssh/tree/v9.1.1
+[release]: https://github.com/hassio-addons/addon-ssh/tree/v10.0.0
 [screenshot]: https://github.com/hassio-addons/addon-ssh/raw/main/images/screenshot.png
 [ssh-audit-image]: https://github.com/hassio-addons/addon-ssh/raw/main/images/ssh-audit.png
 [ssh-audit]: https://github.com/arthepsy/ssh-audit
--- a/ssh/config.yaml
+++ b/ssh/config.yaml
@ -58,7 +58,6 @@ privileged:
 - SYS_TIME
 - SYS_NICE
 schema:
  i_like_to_be_pwned: bool?
  init_commands:
  - str
  log_level: list(trace|debug|info|notice|warning|error|fatal)?
@ -81,8 +80,7 @@ services:
 - mqtt:want
 slug: ssh
 startup: services
 stdin: true
 uart: true
 url: https://github.com/hassio-addons/addon-ssh
 usb: true
-version: 9.1.1
+version: 10.0.0