Hello
we are now testing your application on a linux test server, creating test users manually and trying to synchronize the keys.

The two test-users are assigned in a keygroup "openshift-developers

The test-sever is in a separate host group and the rules allow access

We execute the command "php artisan ssham:send -v" and the following keyword error is displayed

# php artisan ssham:send -v
Hosts to be updated: 1

   BadMethodCallException  : Call to undefined method App\User::keygroups()

  at /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php:50
    46|      * @throws \BadMethodCallException
    47|      */
    48|     protected static function throwBadMethodCallException($method)
    49|     {
  > 50|         throw new BadMethodCallException(sprintf(
    51|             'Call to undefined method %s::%s()', static::class, $method
    52|         ));
    53|     }
    54| }

  Exception trace:

  1   Illuminate\Database\Eloquent\Model::throwBadMethodCallException("keygroups")
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php:36

  2   Illuminate\Database\Eloquent\Model::forwardCallTo(Object(Illuminate\Database\Eloquent\Builder), "keygroups", [])
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:1622

  3   Illuminate\Database\Eloquent\Model::__call("keygroups", [])
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:479

  4   Illuminate\Database\Eloquent\Builder::Illuminate\Database\Eloquent\Concerns\{closure}()
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Relations/Relation.php:90

  5   Illuminate\Database\Eloquent\Relations\Relation::noConstraints(Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:480

  6   Illuminate\Database\Eloquent\Builder::getRelationWithoutConstraints("keygroups")
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:35

  7   Illuminate\Database\Eloquent\Builder::has("keygroups", ">=", "and", Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:97

  8   Illuminate\Database\Eloquent\Builder::hasNested(">=", "and", Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:32

  9   Illuminate\Database\Eloquent\Builder::has("keygroups.hostgroups.hosts", ">=", "and", Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/QueriesRelationships.php:148

  10  Illuminate\Database\Eloquent\Builder::whereHas("keygroups.hostgroups.hosts", Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php:23

  11  Illuminate\Database\Eloquent\Model::forwardCallTo(Object(Illuminate\Database\Eloquent\Builder), "whereHas")
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:1622

  12  Illuminate\Database\Eloquent\Model::__call("whereHas")
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:1634

  13  Illuminate\Database\Eloquent\Model::__callStatic("whereHas")
      /opt/lampp/htdocs/app/Host.php:190

  14  App\Host::getSSHKeysForHost()
      /opt/lampp/htdocs/app/Console/Commands/SendKeysToHosts.php:89

  15  App\Console\Commands\SendKeysToHosts::handle()
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:32

  16  call_user_func_array([])
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:32

  17  Illuminate\Container\BoundMethod::Illuminate\Container\{closure}()
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/Util.php:37

  18  Illuminate\Container\Util::unwrapIfClosure(Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:90

  19  Illuminate\Container\BoundMethod::callBoundMethod(Object(Illuminate\Foundation\Application), Object(Closure))
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:34

  20  Illuminate\Container\BoundMethod::call(Object(Illuminate\Foundation\Application), [])
      /opt/lampp/htdocs/vendor/laravel/framework/src/Illuminate/Container/Container.php:590

Is this a known error or do you see this the first time?

cheers deepwather

Is your feature request related to a problem? Please describe.
I would like to have this awsome application connected to my identity service using ldap or sso

Describe the solution you'd like
Configuration to add my ldap or sso connection string

Good afternoon,
We would like to use your ssham in our company for user-ssh key management.

However, our public keys of the users are organized on all servers as follows:

u229044@oseadmin01az1 ~$ ls -la /etc/ssh/authorized_keys/
total 88
drwxr-xr-x. 2 root    root 4096 Aug  3 12:39 .
drwxr-xr-x. 3 root    root  248 Jan  6  2020 ..
-r--------. 1 u507889 root  381 Feb  1  2019 u507889
-r--------. 1 u509154 root  398 May  3  2019 u509154
-r--------. 1 u516765 root  740 Apr  1  2019 u516765
-r--------. 1 u518913 root  398 May 10  2019 u518913
-r--------. 1 u522294 root  101 Jan  9  2020 u522294
-r--------. 1 u528010 root  733 May 13 12:06 u528010
-r--------. 1 u529875 root  398 Aug  3 12:38 u529875
-r--------. 1 u529941 root  398 Aug  3 12:39 u529941
...

What do we need to change in the code to configure this? Or could you add a suitable option here that this is possible?

Friendly greetings
michu

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

• Audit section should contain a header.
• Status should be colored.
• Affected objects should be link-able
• Link to a new Audit section #86

Is your feature request related to a problem? Please describe.

see https://scrutinizer-ci.com/g/pacoorozco/ssham/issues/master/files/app/Http/Controllers/UserController.php?selectedLabels%5B0%5D=9&orderField=path&order=asc#inspectioncomment-1163523726

Is your feature request related to a problem? Please describe.
Currently and admin can change user's password. It would be better to allow own users to set their passwords by offering reset password capability.

Describe the solution you'd like
Remove change password form and use reset password capability.

Create a documentation web for this app. In this site you will find some useful information of what, why and how about SSH Access Manager.

The idea is to use GitHub Pages.

Describe the bug
SSHAM is using Laravel Jobs into a queue. The jobs are created, but the queue worker is always giving a success status, even when the server has not been updated.

To Reproduce
Steps to reproduce the behavior:

1. Add a running host and assign it to a hosts group
2. Add a ssh key and assign it to a keys group
3. Add a rule allowing access between the previous two groups
4. Run the php artisan ssham:send command.
5. See the authorized_keys file in the remote server... it should have not changed

Expected behavior
Remote authorized_keys files should have changed or an error has been raised.

Is your feature request related to a problem? Please describe.
On development phase there is no way to test ssham managing a ssh docker.

Describe the solution you'd like
Add a new docker with ssh enabled to test how ssham manages it.

see https://scrutinizer-ci.com/g/pacoorozco/ssham/issues/main/files/app/Jobs/UpdateServer.php?selectedLabels%5B0%5D=9&orderField=path&order=asc&honorSelectedPaths=0&issueId=46643850#inspectioncomment-173033459

Enable automatic docker creation and publish on DockerHub on each new release.

Describe the bug

Illuminate\Database\QueryException
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'homestead.App\Keygroup' doesn't exist (SQL: select count(*) as aggregate from `App\Keygroup` where `id` = 1) 

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Rules'
2. Click on 'Create new rule'
3. Fill the form.
4. See error

I am trying to run ssham on local network, but i cannot reach the istance when i run
php artisan serve --port=4000

It says:
Laravel development server started on http://localhost:4000/

but the pages are not reachable through http://server_ip:4000. Do i have to change something?

Is your feature request related to a problem? Please describe.

Is your feature request related to a problem? Please describe.
The installation forces you to seed the database with useless data.
The default username and password is always the same.

Describe the solution you'd like
A web installer that set it up everything in place and allows you to create the first username.

Describe alternatives you've considered
An artisan command.

Describe the bug

#############################################################################################################
#                                                                                                           #
#                                            W A R N I N G ! ! !                                            #
#                                                                                                           #
# You are using an unsupported method to get install-php-extensions!                                        #
#                                                                                                           #
# Please update the way you fetch it. Read the instrictions at                                              #
# https://github.com/mlocati/docker-php-extension-installer#usage                                           #
#                                                                                                           #
# For example, if you get this script by fetching                                                           #
# https://raw.githubusercontent.com/mlocati/docker-php-extension-installer/master/install-php-extensions    #
# replace it with                                                                                           #
# https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions #
#                                                                                                           #
# Sleeping for a while so you get bored of this and act ;)                                                  #
#                                                                                                           #
#############################################################################################################

This app was coded for Laravel 5.1. Nowadays Laravel 6.x is released. In order to maintain bug fixing and new features we must to upgrade this app.

This is a hard coding job but I'd like to rethink some design questions. It's possible that this revision breaks compatibility.

Describe the bug
There are several GitHub actions that have been deprecated:

• File: release-version.yml: actions/create-release and actions/upload-release-asset.

Expected behavior
Using maintained versions will improve security and performance

Additional context

I've reviewed these options:

• softprops/action-gh-release

see https://scrutinizer-ci.com/g/pacoorozco/ssham/issues/main/files/app/Observers/PersonalAccessTokenObserver.php?&issueId=46639177#inspectioncomment-172942642

Is your feature request related to a problem? Please describe.
Laravel 9 was released, in order to ensure maintainability this app should be upgraded to L9.

Describe the solution you'd like
ssham being supported by L9

Is your feature request related to a problem? Please describe.
ssham offers a web UI to interact with the application. This is not suitable when you want to access programmatically (scripted).

Describe the solution you'd like
Offering API authentication and RESTful API endpoints (maybe json output) would be a good approach

Is your feature request related to a problem? Please describe.
Include the documentation to add a new server to ssham.

1. Server should contain the SSHAM public key on the authorized file, before adding it to this app.
2. Differences between strict and mixed mode.
3. How to reconnect an existing server.

ERROR: Service 'web' failed to build: The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache bash && adduser -D -H -u 1000 -s /bin/bash www-data' returned a non-zero code: 1

To implement a protection policy in a company, all users must have either rights or no rights on the servers. This can also be set up already. But if you want users to have rights as superusers, you cannot set this here today.

Our suggestion: refine the rules and add a further item "Superuser rights" to the "Allow" "Deny" actions.

for users who are then in this group, an additional file is created as follows:

echo "u229044 ALL=NOPASSWD: ALL" > /etc/sudoers.d/u229044

Friendly greetings
michu

An activity log to cover, at least:
[x] User creation / enablement / disablement
[x] Host creation / enablement / disablement
[x] Rule creation / deletion

As in title, if user don't exist on host but I add host to group in ssham which has assigned couple of people will ssham create account for them ?

I tried to look in repo and found https://github.com/pacoorozco/ssham/blob/master/app/Console/Commands/SendKeysToHosts.php but it don't indicates that such feature exists.

@pacoorozco
tbh i'm surprised there is no decent tool providing ssh key management access. Since you didn't updated this project in 3 years, is it reached good enough stage or maybe you are using something different?

Describe the bug
After installing the aplication and using the default information created by the seed command, the php artisan ssham:send command produces an error.

To Reproduce
Steps to reproduce the behavior:

1. Install the application and load the sample data, follow the README instructions.
2. Execute php artisan ssham:send
3. See error

docker-compose exec app php artisan ssham:send
Hosts to be updated: 1
Updating key for admin@ssh-server

   ArgumentCountError 

  Too few arguments to function App\Events\HostKeysUpdated::__construct(), 0 passed in /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Events/Dispatchable.php on line 14 and exactly 1 expected

  at app/Events/HostKeysUpdated.php:19
     15▕     {
     16▕         return $this->host;
     17▕     }
     18▕ 
  ➜  19▕     public function __construct(Host $host)
     20▕     {
     21▕         $this->host = $host;
     22▕     }
     23▕ }

      +1 vendor frames 
  2   app/Jobs/UpdateServer.php:56
      App\Events\HostKeysUpdated::dispatch()

      +21 vendor frames 
  24  app/Console/Commands/SendKeysToHosts.php:63
      App\Jobs\UpdateServer::dispatch(Object(App\Models\Host))

Expected behavior
Keys should synced

Desktop (please complete the following information):

• OS: kUbuntu 21.04
• Browser Firefox
• Version 0.14.2

Additional context
Using the provided docker-compose environment

Describe the bug
We are dealing with this browser warning (Firefox version here):

cookie “XSRF-TOKEN” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite wpvillain.concept.staging.site.com
Cookie “app_staging_session” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite wpvillain.concept.staging.site.com

Is your feature request related to a problem? Please describe.
Several cool features that will allow us to make cleaner code.

Laravel 8.x Release Notes

Describe the bug
Everytime a user logs in, some date attributes are updated. These changes are shown in audit log.

To Reproduce
Steps to reproduce the behavior:

1. Access to the portal
2. See audit log

Expected behavior
Login events should logged differently or not logged at all.

Describe the bug
The button to edit settings is grayed-out

To Reproduce
Steps to reproduce the behavior:

1. Fresh install, sample data and using the admin user
2. Click on Settings
3. See how the button to edit settings is not clickable

Expected behavior
Admin users should be able to click on the edit button

This app was coded for Laravel 5.1. Nowadays Laravel 6.x is released. In order to maintain bug fixing and new features we must to upgrade this app.

This is a hard coding job but I'd like to rethink some design questions. It's possible that this revision breaks compatibility.

We should implement a search among Users / Hosts / Groups to allow users to easily access the data they want.

See Spatie Searchable and this post

workaround is to downgrade mysql to 5.7 in docker-compose.yml
laradock/laradock#1390

Is your feature request related to a problem? Please describe.
In order to increase support life we should update to Laravel 8.x

Is your feature request related to a problem? Please describe.
There are a lot of settings to configure in this applications. Most of them should use defaults and calculated values.

Describe the solution you'd like

• Instead of submitting private & public keys, user should be able to create or submit a private key. The public key could be created from the private one.
• Users should set a writable folder on the remote hosts when SSHAM can deploy ssham_file, non_ssham_file, cmd_remote_updater. E.g. ~/.ssh/ssham
• Remove unused temp_dir setting.
• Hybrid mode will configure the cmd_remote_updater using field cofigured in 2

Is your feature request related to a problem? Please describe.
The only way to see the audit log now is using the Dashboard, where you can read the latest 15 messages.

Describe the solution you'd like
A new section on the app to manage this audit log:

• Show more than 15 messages (pagination).
• Searchable by any column.
• Affected objects should be link-able.

How is a user key distribution started manually?

Is there an internal cronjob for a distribution or is the distribution started when the user changes?

How can we check if a distribution is triggered at all?

What about UID and GID settings?

The best way would be to create a new user via ssham and distribute it to the systems with the key. Is this already the case?

We do not see any distributed users or keys on our test system.

Friendly greetings
michu

Is your feature request related to a problem? Please describe.
Since the implementation of Roles & Permissions [#113], running the tests takes a lot of time (~57s). This is due to the Roles and Permissions seeders.

Describe the solution you'd like
Split testing in three sections:

1. Controllers should not test Roles & Permissions (remove Roles & Permission seeder)
2. Policies should be tested using Permissions
3. Roles should be tested using Permissions (eg. which permissions are expected for a Admin?)

Hello,

We've configured the trustedproxy.php with this:

'proxies' => '*',
'headers' => env('TRUSTED_HEADERS', Illuminate\Http\Request::HEADER_X_FORWARDED_ALL),

But when we put the https url, it doesn't work.

Have you got any idea?

Thanks,
Regards,
Joan

see https://scrutinizer-ci.com/g/pacoorozco/ssham/inspections/95104bf6-e276-434a-9503-a1b272848502/issues/files/app/Http/Controllers/UserController.php?status=new&orderField=path&order=asc#inspectioncomment-1163581025

Describe the bug
ssham is using AdminLTE v3.0.5 which has several vulnerabilities.

Expected behavior
Upgrade AdminLTE to the latest version to avoid vulnerable code.

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. After fresh install, sample data...
2. Click on 'User management'
3. Select your own user to edit it.
4. Click on the 'Edit' button

Expected behavior
The validation should pass.

**Is your feature request related to a problem?
If you want to use a group that includes ALL keys or hosts, you need to update it everytime you create a new key/host.

Describe the solution you'd like
Two special groups All keys and All hosts that allow you to define all existent keys/hosts in every moment. It would be used only in policies. The name of this group should not be allowed as group name.

Describe alternatives you've considered
Creating an auto-updated group, but it's better to deal with this only in policies.

Is your feature request related to a problem? Please describe.
User has not restrictions now: including user management.

Describe the solution you'd like
It would be better to have different roles

• Admin
• Operator: cannot-manage-user
• Auditor: can-only-view

After reading this article I believe that using queues to deal with remote host is the best option. The reasons, extracted from the article, are:

• Redundancy via Persistence
• Asynchronous Messaging
• Transaction Ordering and Concurrency Challenges
• Guarantee Transaction Occurs Once

And for implementing queues we can start using same database or Redis...