Unable to log on via iPhone

[VinneyUK]

Hi, I get this error when trying to log in via my iPhone

Unable to connect to the Sshwifty backend server: TypeError: undefined is not an object (evaluating 'window.crypto.subtle.importKey')

any ideas?

[nirui]

Hello :D

This maybe caused by a couple of factors, please check:

• If the Sshwifty instance has HTTPS enabled and the iPhone is accessing the instance via HTTPS
• If HTTPS has already been enabled, please check if the HTTPS certificate is correctly setup and trusted by iPhone

If I remembered it correctly, iPhone don't by default trust self-signed HTTPS certificate. You might have to setup the phone to make it trust the certificate/CA.

Hope it helped :)

[VinneyUK]

Hi,
Thanks for the reply.
Looks like this issues isn't just localised to my iPhone. It's also doing it in safari and chrome :( ?

Here is my docker compose, no HTTPS set ...

version: '3.3'
services:
sshwifty:
restart: always
ports:
- '8182:8182'
container_name: sshwifty
image: 'niruix/sshwifty:latest'

[nirui]

Sshwifty can only be accessed when HTTPS is enabled, and iOS require an valid certificate for the HTTPS service so it would allow it to be accessed. Two conditions must both be met, to put it simply:

• Enable HTTPS
• Make sure the HTTPS service has a valid certificate (issued by the issuer that iOS trust)

[VinneyUK]

thanks for the reply. How do i go about enabling HTTPS and issue a certificate if running this locally only?

[CJendantix]

Thanks Ni, I got this from here. The best option would probably just setting up a simple reverse proxy in Docker. Although you must know simple Docker networking, and you need a domain, a reverse proxy makes it quick and easy to set up SSL. Can we move this conversation to discord to easily discuss what you need to do? CJendantix#1183

[CJendantix]

Hi,

The short answer I'm afraid is No. The limitation is actually not enforced by Sshwifty, instead it's a security policy implemented by the web browser (called Secure contexts).

Sshwifty require window.crypto to run, which is only available under Secure contexts.

I'm not aware any web browser is allowing web page to access window.crypto outside of Secure context. So the easiest way out is to setup Sshwifty as a HTTPS service (If your installation is only for personal/internal use, you can self-issue the SSL certificate).

Originally posted by @nirui in #101 (comment)

[nirui]

@VinneyUK Based on what I've read online, you absolutely CAN access HTTPS services on iOS device even if the service uses self-signed certificate. However, it require some setup in order for the iOS device to trust the certificate (actually the Root CA in this case), the detail on how to do that can be found on: https://developer.apple.com/library/archive/qa/qa1948/_index.html. That said, I don't really have any iOS device, so I guess you will be on this adventure alone :)

On the Sshwifty side, HTTPS can be enabled via TLSCertificateFile and TLSCertificateKeyFile settings (or SSHWIFTY_DOCKER_TLSCERT and SSHWIFTY_DOCKER_TLSCERTKEY if you want to do it via Docker). Which is probably the easy part of the story :) (more detail for this is described in README.md file)

@CJendantix The answers posted on Discord can only be read by people who uses Discord, not everybody here are welling to do that. If you have answer to the question, you're welcome to post it here so later users might also be helped. Thanks!

[CJendantix]

That's not what I meant, I was asking them to message me on discord as I see it easier to use for back-and-forths, but if they didn't have discord we could keep using this issue. I have always seen it annoying when I have to search the whole internet for answers so I would post the final answer here before asking them to mark it as solved, but thanks for the concern. Also I find it much less of a hassle to use a reverse proxy service than to manually set up https, and they probably don't already have a cert ready.

[nirui]

Also I find it much less of a hassle to use a reverse proxy service than to manually set up https, and they probably don't already have a cert ready.

I don't really think a reverse proxy can resolve the problem since the limit is imposed by the iOS device (at the client side), sorry :)