Disable password authentification on empty password#338
Conversation
|
Hey @carlfriedrich! Thanks for your contribution! Could you update your changes to not set the password callback to a function and instead set it to nil if it's an empty string? That get's rid of the branching if logic. |
5a962d2 to
7305d58
Compare
|
@antoniomika Thanks for the quick reply! Not sure if I got it correctly, but I pushed a new version without the |
|
Change looks bigger than it is now, though, due to changed indentation. :-) |
|
Heh, that isn't exactly what I meant. I meant more to revert your changes and add an if statement after the ssh config is defined that sets sshConfig.PasswordCallback to nil. Should only be the lines of the if clause added (3ish lines) and reads a bit more clean (to me at least). |
7305d58 to
f50966f
Compare
|
@antoniomika Ah, got it! 🙈 That's a much cleaner change indeed. Pushed updated version. |
|
Awesome, looks great! Also realized we forgot one check. Can you also make sure the config for "authentication-password-request-url" is empty? I think that's it! |
f50966f to
e93a30a
Compare
|
@antoniomika Done. |
|
@carlfriedrich hrm the linter doesn't seem to like the changes. I'll add this plus in a lint fix once I'm at my computer. Otherwise, feel free to run go fmt |
If no password is set, disable password authentification completely by setting an empty password callback function. This prevents brute force attacks guessing the password and hence reduces server load and log amount.
e93a30a to
987d2c6
Compare
|
@antoniomika Thank you! I updated the commit, linter is happy now. |
|
Thanks for your contribution @carlfriedrich! |
If no password is set, disable password authentification completely by setting an empty password callback function. This prevents brute force attacks guessing the password and hence reduces server load and log amount.