[Question] - Info about http-auth (tunnel with basic auth)

[manprint]

Hi @antoniomika

I would need to tunnel some services via subdomains and basic auth.
This is my sish configuration:

docker run -itd \
  --name=sish \
  --hostname "sish.noc" \
  --pull=always \
  -v $(pwd)/ssl:/ssl \
  -v $(pwd)/keys:/keys \
  -v $(pwd)/pubkeys:/pubkeys \
  -v /home/alpine/docker/certs/etc-lets:/etc/letsencrypt \
  --network=def \
  --restart=always \
  antoniomika/sish:latest \
  --ssh-address=:2222 \
  --http-address=:80 \
  --https-address=:443 \
  --https=true \
  --https-certificate-directory=/ssl \
  --authentication-keys-directory=/pubkeys \
  --private-keys-directory=/keys \
  --bind-random-aliases=false \
  --bind-random-ports=false \
  --bind-random-subdomains=false \
  --force-requested-aliases=true \
  --force-requested-ports=true \
  --force-requested-subdomains=true \
  --authentication-password="xxxxxxxxx" \
  --force-https \
  --admin-console \
  --admin-console-token=xxxxxxxxx \
  --service-console-max-content-length=0 \
  --log-to-client \
  --verify-ssl=false \
  --domain=dev.mydomain.link

With this setup I'm sure that if someone tries to use an already assigned subdomain, sish won't assign a random subdomain.

With this configuration, when I start the auth tunnel with the command:

ssh -p 443 -R foo\\:bar@test:80:localhost:9090 dev.mydomain.link

the tunnel is not started and the system response is:

Warning: remote port forwarding failed for listen port 80

For authentication to work correctly, I need to set the bind parameters as follows:

  --force-requested-aliases=false
  --force-requested-ports=false
  --force-requested-subdomains=false

With these settings, however, if an already assigned tunnel is requested, sish generates a random subdomain.

My question is this: how do I configure sish to have these two requirements:

1. Authentication works.
2. If an already assigned tunnel is requested, a random subdomain must NOT be generated, but the bind must fail.

Thank You very Much.