In the documentation you describe how to put ssh2incus' web console behind a reverse proxy but how do I enable authentication in the web console since the default config exposes the full incus access without any authentication?
3 Answers
The easiest way to enable authentication in ssh2incus is to edit /etc/ssh2incus/config.yaml and update the following option:
# Enable basic http authentication for web console
# (comma-separated user:password values) (flag: --web-auth).
# web-auth: ""
web-auth: "user1:pass1,user2:pass2"
Then restart service systemctl restart ssh2incus
More ways to authenticate users in ssh2incus web console are coming soon.
Ah, I missed that in the default config comments. I did something similar in the reverse proxy, thanks!
Are there plans to map these users somehow to the keys stored in incus config trust or to use client cert auth like incus-ui-canonical not to reinvent the wheel and to reuse the grants done in incus?
Absolutely! We are actively developing new features. More options for web authentication is on our roadmap and we will have a huge update released within the next few weeks.
Cool, I'm looking forward to it & thanks for making ssh2incus open source!
