Skip to content

feat: add CA-signed certificate authentication for SSH credentials#812

Open
black0utdev wants to merge 1 commit into
Termix-SSH:mainfrom
black0utdev:feat/ca-signed-certificate-auth
Open

feat: add CA-signed certificate authentication for SSH credentials#812
black0utdev wants to merge 1 commit into
Termix-SSH:mainfrom
black0utdev:feat/ca-signed-certificate-auth

Conversation

@black0utdev
Copy link
Copy Markdown

@black0utdev black0utdev commented May 22, 2026

Overview

Support OpenSSH certificate-based authentication (-cert.pub files) in the Credentials manager. When a CA-signed certificate is stored alongside a private key, Termix uses it during SSH connection establishment so that servers relying on certificate-based authorization work out of the box.

Changes Made

  • db/schema.ts: add cert_public_key column to ssh_credentials table
  • db/index.ts: auto-migration via addColumnIfNotExists
  • routes/credentials.ts: expose certPublicKey in create/update/get endpoints
  • ssh/auth-manager.ts: include certPublicKey in ResolvedCredentials
  • ssh/host-resolver.ts: propagate certPublicKey when resolving credentials
  • ssh/opkssh-cert-auth.ts: refactor shared logic into _applyCertToConnection; export new setupCACertAuth() with optional passphrase support
  • ssh/terminal.ts: call setupCACertAuth() when a certificate is present
  • utils/ssh-key-utils.ts: detect all OpenSSH cert types in public key parser
  • types/index.ts: add certPublicKey to Credential, CredentialBackend, CredentialData interfaces
  • CredentialAuthenticationTab.tsx: new CA Certificate section with file upload, paste editor and automatic cert-type badge
  • CredentialEditor.tsx: certPublicKey wired into form schema and submit
  • CredentialViewer.tsx: show certificate status in security tab
  • locales/en.json: add i18n strings for new UI elements

Screenshots / Demos

Screenshot 2026-05-23 at 00 15 32

Checklist

  • Code follows project style guidelines
  • Supports mobile and desktop UI/app (if applicable)
  • I have read Contributing.md
  • This is not a translation request. See docs

@marc-re-aoe
feat: add CA-signed certificate authentication for SSH credentials
be18d2c 
Support OpenSSH certificate-based authentication (-cert.pub files) in
the Credentials manager. When a CA-signed certificate is stored alongside
a private key, Termix uses it during SSH connection establishment so that
servers relying on certificate-based authorization work out of the box.

Changes:
- db/schema.ts: add cert_public_key column to ssh_credentials table
- db/index.ts: auto-migration via addColumnIfNotExists
- routes/credentials.ts: expose certPublicKey in create/update/get endpoints
- ssh/auth-manager.ts: include certPublicKey in ResolvedCredentials
- ssh/host-resolver.ts: propagate certPublicKey when resolving credentials
- ssh/opkssh-cert-auth.ts: refactor shared logic into _applyCertToConnection;
  export new setupCACertAuth() with optional passphrase support
- ssh/terminal.ts: call setupCACertAuth() when a certificate is present
- utils/ssh-key-utils.ts: detect all OpenSSH cert types in public key parser
- types/index.ts: add certPublicKey to Credential, CredentialBackend,
  CredentialData interfaces
- CredentialAuthenticationTab.tsx: new CA Certificate section with file
  upload, paste editor and automatic cert-type badge
- CredentialEditor.tsx: certPublicKey wired into form schema and submit
- CredentialViewer.tsx: show certificate status in security tab
- locales/en.json: add i18n strings for new UI elements
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@black0utdev @marc-re-aoe