Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: Security Audit SSH Errors #1377

Browse Source 
- Fixed SSH key authentication detection in server-audit.ts
- Added proper handling for prohibit-password and other secure root login options
- Fixed typos in security audit UI labels
- Improved error handling with optional chaining
This commit is contained in:
Jason Parks
2025-03-22 14:26:40 -06:00
parent ff3d444b89
commit fc7eff94b6
2 changed files with 86 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
apps/dokploy/components/dashboard/settings/servers/security-audit.tsx
View File

@@ -26,6 +26,16 @@ export const SecurityAudit = ({ serverId }: Props) => {
},
);
const _utils = api.useUtils();
// Helper function to check if root login is securely configured
const isRootLoginSecure = () => {
if (!data?.ssh?.permitRootLogin) return false;
// These are secure options for PermitRootLogin
const secureOptions = ['no', 'prohibit-password', 'without-password', 'forced-commands-only'];
return secureOptions.includes(data.ssh.permitRootLogin);
};
return (
<CardContent className="p-0">
<div className="flex flex-col gap-4">
@@ -36,10 +46,10 @@ export const SecurityAudit = ({ serverId }: Props) => {
<div className="flex items-center gap-2">
<LockKeyhole className="size-5" />
<CardTitle className="text-xl">
Setup Security Sugestions
Setup Security Suggestions
</CardTitle>
</div>
<CardDescription>Check the security sugestions</CardDescription>
<CardDescription>Check the security suggestions</CardDescription>
</div>
<Button
isLoading={isRefreshing}
@@ -120,36 +130,45 @@ export const SecurityAudit = ({ serverId }: Props) => {
<div className="grid gap-2.5">
<StatusRow
label="Enabled"
isEnabled={data?.ssh.enabled}
isEnabled={data?.ssh?.enabled}
description={
data?.ssh.enabled
data?.ssh?.enabled
? "Enabled"
: "Not Enabled (SSH should be enabled)"
}
/>
<StatusRow
label="Key Auth"
isEnabled={data?.ssh.keyAuth}
isEnabled={data?.ssh?.keyAuth}
description={
data?.ssh.keyAuth
data?.ssh?.keyAuth
? "Enabled (Recommended)"
: "Not Enabled (Key Authentication should be enabled)"
}
/>
<StatusRow
label="Password Auth"
isEnabled={data?.ssh.passwordAuth === "no"}
isEnabled={data?.ssh?.passwordAuth === "no"}
description={
data?.ssh.passwordAuth === "no"
data?.ssh?.passwordAuth === "no"
? "Disabled (Recommended)"
: "Enabled (Password Authentication should be disabled)"
}
/>
<StatusRow
label="Use PAM"
isEnabled={data?.ssh.usePam === "no"}
label="Root Login"
isEnabled={isRootLoginSecure()}
description={
data?.ssh.usePam === "no"
isRootLoginSecure()
? `${data?.ssh?.permitRootLogin} (Secure)`
: `${data?.ssh?.permitRootLogin || "yes"} (Should be set to 'prohibit-password' or 'no')`
}
/>
<StatusRow
label="Use PAM"
isEnabled={data?.ssh?.usePam === "no"}
description={
data?.ssh?.usePam === "no"
? "Disabled (Recommended for key-based auth)"
: "Enabled (Should be disabled when using key-based auth)"
}
@@ -166,9 +185,9 @@ export const SecurityAudit = ({ serverId }: Props) => {
<div className="grid gap-2.5">
<StatusRow
label="Installed"
isEnabled={data?.fail2ban.installed}
isEnabled={data?.fail2ban?.installed}
description={
data?.fail2ban.installed
data?.fail2ban?.installed
? "Installed (Recommended)"
: "Not Installed (Fail2Ban should be installed for protection against brute force attacks)"
}
@@ -176,18 +195,18 @@ export const SecurityAudit = ({ serverId }: Props) => {
<StatusRow
label="Enabled"
isEnabled={data?.fail2ban.enabled}
isEnabled={data?.fail2ban?.enabled}
description={
data?.fail2ban.enabled
data?.fail2ban?.enabled
? "Enabled (Recommended)"
: "Not Enabled (Fail2Ban service should be enabled)"
}
/>
<StatusRow
label="Active"
isEnabled={data?.fail2ban.active}
isEnabled={data?.fail2ban?.active}
description={
data?.fail2ban.active
data?.fail2ban?.active
? "Active (Recommended)"
: "Not Active (Fail2Ban service should be running)"
}
@@ -195,9 +214,9 @@ export const SecurityAudit = ({ serverId }: Props) => {
<StatusRow
label="SSH Protection"
isEnabled={data?.fail2ban.sshEnabled === "true"}
isEnabled={data?.fail2ban?.sshEnabled === "true"}
description={
data?.fail2ban.sshEnabled === "true"
data?.fail2ban?.sshEnabled === "true"
? "Enabled (Recommended)"
: "Not Enabled (SSH protection should be enabled to prevent brute force attacks)"
}
@@ -205,11 +224,11 @@ export const SecurityAudit = ({ serverId }: Props) => {
<StatusRow
label="SSH Mode"
isEnabled={data?.fail2ban.sshMode === "aggressive"}
isEnabled={data?.fail2ban?.sshMode === "aggressive"}
description={
data?.fail2ban.sshMode === "aggressive"
data?.fail2ban?.sshMode === "aggressive"
? "Aggressive Mode (Recommended)"
: `Mode: ${data?.fail2ban.sshMode || "Not Set"} (Aggressive mode recommended for better protection)`
: `Mode: ${data?.fail2ban?.sshMode || "Not Set"} (Aggressive mode recommended for better protection)`
}
/>
</div>
@@ -221,4 +240,4 @@ export const SecurityAudit = ({ serverId }: Props) => {
</div>
</CardContent>
);
};
};