Looking for a solution that would allow me to automatically log into ttyd from LuCI, I slightly modified the parameters in /etc/config/ttyd to call the /usr/bin/ttyd-auth.sh script.
config ttyd
option interface '@lan'
option port '7681'
option command '/usr/bin/ttyd-auth.sh'
option debug '7'
option url_arg '1'
option ssl '1'
option ssl_cert '/etc/ttyd.crt'
option ssl_key '/etc/ttyd.key'
So that if a LuCI session is active, the ttyd window is automatically opened in Services -> Terminal.
The problem is that while the LuCI session is active, any computer on the LAN can start a ttyd session without authenticating, which is a security issue.
I would like to know if anyone has another approach to improving the script so that it performs the necessary validations so that ttyd only starts automatically in the LuCI window, or at least on the computer from which LuCI was started.
This is the content of the script:
#!/bin/sh
# Check if there is an active root session in `ubus`
SESSION_ACTIVE=$(ubus call session list | grep -oE '"username": "root"')
# If there is no active session, ask for login
if [ -z "$SESSION_ACTIVE" ]; then
echo "[$(date)] No active root session found in LuCI" >> /var/ttyd-debug.log
exec /bin/login
fi
# Save the information in a log for debugging
echo "[$(date)] SESSION_ACTIVE: $SESSION_ACTIVE" > /var/ttyd-debug.log
# If there is an active session, allow access without login
exec /bin/sh --login