- Please add a way to change the credentials from the web ui.
- Please add support for SSH key authentication
- Please add support for HTTPS
did you even try âssh-copy-id othernet@othernet.{local,lan}â ?
- Re; credentials from webui: Agreed, but then again make sure its not exploitable
- Re; HTTPS: Curious how would you propose they address the issue of the local ip/domain cert?
See here for a workaround:
Sure, but my ssh key didnât persist after I copied it in.
As to addressing and names, same way as any other device, eg. my NAS and router. I can turn on HTTPS, and itâs up to me to make sure DNS resolves correctly and that Iâm getting my certificate from a CA I trust. Maybe thatâs a local CA that I run, trusted only by devices I can personally touch. Maybe thatâs LetsEncrypt. Maybe thatâs a commercial CA. Maybe stick it behind an nginx proxy⌠but not everyone is going to have one of those.
I havenât even begun to look for command injection opportunities in the web UI. Iâm not planning on exposing my server publicly
@sv_sigint I feel like that is still outside the intended usage scope of the Dreamcatcher, which is to be accessed without internet connectivity.
I could be wrong but I feel the option to connect to existing Wifi is for our convience but outside of the official use case. For them to add HTTPS support is not that trivial and not required at all for the intended use case.
I am not opposed to the idea at all, but if anything it should be assigned low priority.
In the mean time, for your use case, the nginx proxy idea would work with my script, if you know javascript youâll find the part of my code that does autologin and can remove it, and it should work on a local network.
HTTPS: Letâs Encrypt can generate a serviceable cert but their automation needs to verify the server where the cert is going. that means crypto challenges from a distant online system to your online system. a self-signed cert would be simpler.
SSH: /mnt/conf is where the persistent magic lives