From b222940de2869c2efd7e06f640789192ed1f76b1 Mon Sep 17 00:00:00 2001
From: "David J. Bianco" <dbianco@splunk.com>
Date: Tue, 4 Feb 2025 16:05:23 -0500
Subject: [PATCH] Wildcard password support

Setting a password to be "*" in the config file will cause the server to accept any password the client provides for that account, including an empty password.
---
 SSH/config.ini.TEMPLATE | 5 ++++-
 SSH/ssh_server.py       | 8 ++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/SSH/config.ini.TEMPLATE b/SSH/config.ini.TEMPLATE
index 942a41d..c1aa2a9 100644
--- a/SSH/config.ini.TEMPLATE
+++ b/SSH/config.ini.TEMPLATE
@@ -75,9 +75,12 @@ system_prompt = Interpret all inputs as though they were SSH commands and provid
 # The valid user accounts and passwords for the SSH server, in the
 # form "username = password".  Note that you can enable login without 
 # a password by leaving that field blank (e.g., "guest =" on a line by
-# itself)
+# itself). You can set an account to accept ANY password, including an empty
+# password, by setting the password to "*"
 [user_accounts]
 guest = 
 user1 = secretpw
 user2 = password123
+root = *
+
 
diff --git a/SSH/ssh_server.py b/SSH/ssh_server.py
index e2550f6..ba0f14e 100755
--- a/SSH/ssh_server.py
+++ b/SSH/ssh_server.py
@@ -105,7 +105,7 @@ class MySSHServer(asyncssh.SSHServer):
     def validate_password(self, username: str, password: str) -> bool:
         pw = accounts.get(username, '*')
         
-        if ((pw != '*') and (password == pw)):
+        if pw == '*' or (pw != '*' and password == pw):
             logger.info("Authentication success", extra={"username": username, "password": password})
             return True
         else:
@@ -195,7 +195,7 @@ async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer)
                     config=llm_config
             )
             process.stdout.write(f"{llm_response.content}")
-            logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": False})
+            logger.info("LLM response 1", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": False})
             await session_summary(process, llm_config, with_message_history, server)
             process.exit(0)
         else:
@@ -210,7 +210,7 @@ async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer)
             )
 
             process.stdout.write(f"{llm_response.content}")
-            logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
+            logger.info("LLM response 2", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
 
             async for line in process.stdin:
                 line = line.rstrip('\n')
@@ -231,7 +231,7 @@ async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer)
                     return
                 else:
                     process.stdout.write(f"{llm_response.content}")
-                    logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
+                    logger.info("LLM response 3", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
 
     except asyncssh.BreakReceived:
         pass