py-web-ssh 0.1.6__tar.gz → 0.1.7__tar.gz

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: py-web-ssh
-Version: 0.1.6
+Version: 0.1.7
 Summary: A Python web SSH client with xterm.js, reconnectable sessions, logs, and file transfer.
 License-Expression: MIT
 License-File: LICENSE
@@ -27,13 +27,14 @@ Description-Content-Type: text/markdown
 ## 功能
 
 - SSH 交互终端：Paramiko 后端 `invoke_shell`，xterm.js 前端实时交互。
-- 登录方式：密码、浏览器上传私钥、私钥口令、SSH agent、服务端本机 `~/.ssh` 密钥、免口令/none auth。
+- 登录方式：密码、浏览器上传私钥、私钥口令、服务端本机默认 `~/.ssh` 密钥、免口令/none auth。
+- Host key 确认：不使用 `known_hosts` 校验；每次交互 SSH 连接都会在 xterm.js 终端里显示服务器 host key 指纹，并要求用户输入 `Y` 或 `N` 后才继续认证。
 - Legacy 兼容：启动时按当前 Paramiko 运行时能力尽量启用旧 KEX/Cipher/MAC/HostKey/Pubkey 算法，并在日志中列出不可用算法。
 - UUID 会话：创建会话后返回 UUID，WebSocket 断开后可用同 UUID 重连。
 - 会话回收：同一个 UUID 如果所有浏览器连接都断开并且 5 分钟内无人重连，服务端会主动断开 SSH 并清理内存缓存。
 - 终端恢复：服务端保存 SSH 输出流，浏览器定期回传 xterm serialize 快照；重连时先恢复快照，再补放快照之后的输出。
 - 日志页面：`/sessions/{uuid}/logs` 展示完整连接、认证、错误和文件传输日志。
-- 文件传输：参考 `simple-ssh-copy` 思路，不使用 SFTP/SCP；每次传输都按连接配置新建独立 SSH 连接，使用远端 `base64` shell 命令上传/下载。上传先写远端临时文件，完成后再 `mv` 到最终路径，并支持进度显示和取消。
+- 文件传输：参考 `simple-ssh-copy` 思路，不使用 SFTP/SCP；每次传输都按连接配置新建独立 SSH 连接，使用远端 `base64` shell 命令上传/下载。上传先写远端临时文件，完成后再 `mv` 到最终路径，并支持进度显示和取消。文件传输连接会校验服务器 host key 必须等于用户在交互终端里确认过的 host key。
 - 可选 PIN 门禁：服务端传入 `--pin` 后，网页启动时必须先输入正确 PIN；验证成功后浏览器会保存加盐哈希 cookie，后端会保护 HTTP API、日志页面、文件接口和 WebSocket。
 - 启动锁定策略：支持 `--lock-host`、`--lock-username`、`--lock-pwd`、`--lock-private-key`，可从服务端强制绑定目标主机、用户名、密码和服务端侧私钥文件。前端会锁定或隐藏对应控件，后端仍会校验并覆盖敏感字段。
 - 中英双语：默认英文，网页和日志页都支持中英切换；语言选择会长期保存到 `py_web_ssh_lang` cookie。
@@ -93,5 +94,5 @@ py-web-ssh --lock-private-key C:\secrets\id_ed25519
 
 ## 安全提示
 
-这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。
+这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；SSH agent 已禁用，`known_hosts` 校验已移除，用户必须在 xterm.js 终端里确认服务器 host key 指纹后才会继续认证。如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。
 

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/README.md

@@ -5,13 +5,14 @@
 ## 功能
 
 - SSH 交互终端：Paramiko 后端 `invoke_shell`，xterm.js 前端实时交互。
-- 登录方式：密码、浏览器上传私钥、私钥口令、SSH agent、服务端本机 `~/.ssh` 密钥、免口令/none auth。
+- 登录方式：密码、浏览器上传私钥、私钥口令、服务端本机默认 `~/.ssh` 密钥、免口令/none auth。
+- Host key 确认：不使用 `known_hosts` 校验；每次交互 SSH 连接都会在 xterm.js 终端里显示服务器 host key 指纹，并要求用户输入 `Y` 或 `N` 后才继续认证。
 - Legacy 兼容：启动时按当前 Paramiko 运行时能力尽量启用旧 KEX/Cipher/MAC/HostKey/Pubkey 算法，并在日志中列出不可用算法。
 - UUID 会话：创建会话后返回 UUID，WebSocket 断开后可用同 UUID 重连。
 - 会话回收：同一个 UUID 如果所有浏览器连接都断开并且 5 分钟内无人重连，服务端会主动断开 SSH 并清理内存缓存。
 - 终端恢复：服务端保存 SSH 输出流，浏览器定期回传 xterm serialize 快照；重连时先恢复快照，再补放快照之后的输出。
 - 日志页面：`/sessions/{uuid}/logs` 展示完整连接、认证、错误和文件传输日志。
-- 文件传输：参考 `simple-ssh-copy` 思路，不使用 SFTP/SCP；每次传输都按连接配置新建独立 SSH 连接，使用远端 `base64` shell 命令上传/下载。上传先写远端临时文件，完成后再 `mv` 到最终路径，并支持进度显示和取消。
+- 文件传输：参考 `simple-ssh-copy` 思路，不使用 SFTP/SCP；每次传输都按连接配置新建独立 SSH 连接，使用远端 `base64` shell 命令上传/下载。上传先写远端临时文件，完成后再 `mv` 到最终路径，并支持进度显示和取消。文件传输连接会校验服务器 host key 必须等于用户在交互终端里确认过的 host key。
 - 可选 PIN 门禁：服务端传入 `--pin` 后，网页启动时必须先输入正确 PIN；验证成功后浏览器会保存加盐哈希 cookie，后端会保护 HTTP API、日志页面、文件接口和 WebSocket。
 - 启动锁定策略：支持 `--lock-host`、`--lock-username`、`--lock-pwd`、`--lock-private-key`，可从服务端强制绑定目标主机、用户名、密码和服务端侧私钥文件。前端会锁定或隐藏对应控件，后端仍会校验并覆盖敏感字段。
 - 中英双语：默认英文，网页和日志页都支持中英切换；语言选择会长期保存到 `py_web_ssh_lang` cookie。
@@ -71,4 +72,4 @@ py-web-ssh --lock-private-key C:\secrets\id_ed25519
 
 ## 安全提示
 
-这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。
+这个项目默认面向可信内网或本机使用。私钥和口令只保存在进程内存中，不写入日志；SSH agent 已禁用，`known_hosts` 校验已移除，用户必须在 xterm.js 终端里确认服务器 host key 指纹后才会继续认证。如果要暴露到公网，请务必加 HTTPS、登录认证、CSRF/来源限制、审计和会话回收策略。

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "py-web-ssh"
-version = "0.1.6"
+version = "0.1.7"
 description = "A Python web SSH client with xterm.js, reconnectable sessions, logs, and file transfer."
 readme = "README.md"
 requires-python = ">=3.10"

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/__init__.py

@@ -2,4 +2,4 @@
 
 __all__ = ["__version__"]
 
-__version__ = "0.1.6"
+__version__ = "0.1.7"

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/app.py

@@ -142,6 +142,12 @@ def upload(
     total_bytes: Annotated[int | None, Form()] = None,
 ) -> FileTransferResponse:
     session = _require_session(session_id)
+    expected_host_key = session.confirmed_host_key
+    if expected_host_key is None:
+        raise HTTPException(
+            status_code=409,
+            detail="SSH server host key has not been confirmed in the terminal yet.",
+        )
     tracker = transfers.get(transfer_id) if transfer_id else None
     if transfer_id and tracker is None:
         raise HTTPException(status_code=404, detail="Transfer not found.")
@@ -153,6 +159,7 @@ def upload(
             file.file,
             remote_path,
             total_bytes or _content_length(file),
+            expected_host_key,
             cancel_event=tracker.cancel_event,
             progress=tracker.update_progress,
         )
@@ -229,8 +236,14 @@ def cancel_transfer(transfer_id: str) -> JSONResponse:
 @app.get("/api/sessions/{session_id}/files/download")
 def download(session_id: str, remote_path: str) -> StreamingResponse:
     session = _require_session(session_id)
+    expected_host_key = session.confirmed_host_key
+    if expected_host_key is None:
+        raise HTTPException(
+            status_code=409,
+            detail="SSH server host key has not been confirmed in the terminal yet.",
+        )
     try:
-        method, stream = download_file_via_ssh(session.config, remote_path)
+        method, stream = download_file_via_ssh(session.config, remote_path, expected_host_key)
     except Exception as exc:
         session.log("error", f"File download failed: {exc}", None)
         raise HTTPException(status_code=500, detail=str(exc)) from exc

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/client_session.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import secrets
 import threading
 import uuid
 from dataclasses import dataclass, field

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/files.py

@@ -11,7 +11,7 @@ from collections.abc import Callable, Iterator
 from typing import BinaryIO
 
 from .models import ConnectRequest
-from .ssh_client import connect_ssh
+from .ssh_client import HostKeyInfo, connect_ssh
 
 
 class FileTransferError(RuntimeError):
@@ -30,6 +30,7 @@ def upload_file_via_ssh(
     source: BinaryIO,
     remote_path: str,
     size: int | None,
+    expected_host_key: HostKeyInfo,
     cancel_event: threading.Event | None = None,
     progress: ProgressCallback | None = None,
 ) -> tuple[str, int]:
@@ -40,7 +41,11 @@ def upload_file_via_ssh(
     atomically move the temp file into place after the complete upload succeeds.
     """
 
-    connected = connect_ssh(config, lambda _level, _message, _details=None: None)
+    connected = connect_ssh(
+        config,
+        lambda _level, _message, _details=None: None,
+        expected_host_key=expected_host_key,
+    )
     client = connected.client
     remote_dir = posixpath.dirname(remote_path) or "."
     temp_path = posixpath.join(remote_dir, f".py-web-ssh-upload-{uuid.uuid4().hex}.tmp")
@@ -90,8 +95,16 @@ def upload_file_via_ssh(
     return "shell", transferred
 
 
-def download_file_via_ssh(config: ConnectRequest, remote_path: str) -> tuple[str, Iterator[bytes]]:
-    connected = connect_ssh(config, lambda _level, _message, _details=None: None)
+def download_file_via_ssh(
+    config: ConnectRequest,
+    remote_path: str,
+    expected_host_key: HostKeyInfo,
+) -> tuple[str, Iterator[bytes]]:
+    connected = connect_ssh(
+        config,
+        lambda _level, _message, _details=None: None,
+        expected_host_key=expected_host_key,
+    )
     client = connected.client
     command = f"base64 < {shlex.quote(remote_path)}"
     stdin, stdout, stderr = client.exec_command(f"sh -c {shlex.quote(command)}")

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/models.py

@@ -18,10 +18,8 @@ class ConnectRequest(BaseModel):
     password: str | None = None
     private_key: str | None = None
     private_key_passphrase: str | None = None
-    allow_agent: bool = False
     look_for_keys: bool = False
     legacy_algorithms: bool = True
-    strict_host_key: bool = False
     term: str = Field(default="xterm-256color", min_length=1, max_length=64)
     size: TerminalSize = Field(default_factory=TerminalSize)
     timeout_seconds: float = Field(default=20.0, ge=3.0, le=120.0)

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/session.py

@@ -16,10 +16,10 @@ from starlette.websockets import WebSocket
 
 from .history import OutputChunk, OutputHistory
 from .models import ConnectRequest, LogEntry, SessionSummary
-from .ssh_client import ConnectedClient, connect_ssh
+from .ssh_client import ConnectedClient, HostKeyInfo, connect_ssh
 
 
-SessionState = Literal["connecting", "connected", "closing", "closed", "error"]
+SessionState = Literal["connecting", "waiting_host_key", "connected", "closing", "closed", "error"]
 
 
 @dataclass(eq=False)
@@ -41,6 +41,10 @@ class TerminalSession:
         self._clients: set[BrowserConnection] = set()
         self._lock = threading.RLock()
         self._channel_lock = threading.RLock()
+        self._host_key_lock = threading.Condition(threading.RLock())
+        self._awaiting_host_key_confirmation = False
+        self._host_key_decision: bool | None = None
+        self._confirmed_host_key: HostKeyInfo | None = None
         self._stop = threading.Event()
         self._thread = threading.Thread(target=self._run, name=f"ssh-session-{self.id}", daemon=True)
         self._connected: ConnectedClient | None = None
@@ -134,6 +138,8 @@ class TerminalSession:
             }
 
     def send_input(self, data: bytes) -> None:
+        if self._handle_host_key_confirmation_input(data):
+            return
         with self._channel_lock:
             if self._channel is None or self.state != "connected":
                 raise RuntimeError("SSH channel is not connected.")
@@ -174,10 +180,19 @@ class TerminalSession:
             raise RuntimeError("SSH connection is not ready.")
         return self._connected.client
 
+    @property
+    def confirmed_host_key(self) -> HostKeyInfo | None:
+        with self._host_key_lock:
+            return self._confirmed_host_key
+
     def _run(self) -> None:
         try:
             self.log("info", "Creating SSH connection.", None)
-            self._connected = connect_ssh(self.config, self.log)
+            self._connected = connect_ssh(
+                self.config,
+                self.log,
+                confirm_host_key=self._confirm_host_key,
+            )
             channel = self._connected.transport.open_session()
             channel.get_pty(
                 term=self.config.term,
@@ -238,6 +253,74 @@ class TerminalSession:
             self.updated_at = datetime.now(timezone.utc)
         self._broadcast(self._chunk_payload(chunk) | {"type": "output"})
 
+    def _confirm_host_key(self, host_key: HostKeyInfo) -> bool:
+        with self._host_key_lock:
+            self._awaiting_host_key_confirmation = True
+            self._host_key_decision = None
+        self._set_state("waiting_host_key")
+        self.log("warning", "Waiting for browser user to confirm SSH server host key.", host_key.details())
+        self._append_output(self._host_key_prompt(host_key).encode("utf-8"))
+
+        while not self._stop.is_set():
+            with self._host_key_lock:
+                if self._host_key_decision is not None:
+                    accepted = self._host_key_decision
+                    self._awaiting_host_key_confirmation = False
+                    if accepted:
+                        self._confirmed_host_key = host_key
+                    break
+                self._host_key_lock.wait(timeout=0.2)
+        else:
+            accepted = False
+
+        if accepted:
+            self._append_output(b"Y\r\nContinuing SSH authentication...\r\n")
+            self._set_state("connecting")
+            return True
+
+        self._append_output(b"N\r\nSSH connection cancelled before authentication.\r\n")
+        return False
+
+    def _handle_host_key_confirmation_input(self, data: bytes) -> bool:
+        with self._host_key_lock:
+            if not self._awaiting_host_key_confirmation:
+                return False
+
+        text = data.decode("utf-8", errors="ignore")
+        decision: bool | None = None
+        invalid = False
+        for char in text:
+            if char in "\r\n\t ":
+                continue
+            if char in ("y", "Y"):
+                decision = True
+                break
+            if char in ("n", "N"):
+                decision = False
+                break
+            invalid = True
+            break
+
+        if decision is None:
+            if invalid:
+                self._append_output(b"\r\nPlease type Y or N: ")
+            return True
+
+        with self._host_key_lock:
+            self._host_key_decision = decision
+            self._host_key_lock.notify_all()
+        return True
+
+    def _host_key_prompt(self, host_key: HostKeyInfo) -> str:
+        return (
+            "\r\n[py-web-ssh] SSH server host key fingerprint\r\n"
+            f"Host: {self.config.host}:{self.config.port}\r\n"
+            f"Key type: {host_key.key_type}\r\n"
+            f"SHA256 fingerprint: {host_key.sha256_fingerprint}\r\n"
+            f"MD5 fingerprint: {host_key.md5_fingerprint}\r\n"
+            "Continue connecting? Type Y or N: "
+        )
+
     def _chunk_payload(self, chunk: OutputChunk) -> dict[str, Any]:
         return {
             "seq": chunk.seq,

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/ssh_client.py

@@ -1,5 +1,7 @@
 from __future__ import annotations
 
+import base64
+import hashlib
 import io
 import socket
 import traceback
@@ -21,7 +23,48 @@ class ConnectedClient:
     transport: paramiko.Transport
 
 
-def connect_ssh(config: ConnectRequest, log: LogCallback) -> ConnectedClient:
+@dataclass(frozen=True)
+class HostKeyInfo:
+    key_type: str
+    sha256_fingerprint: str
+    md5_fingerprint: str
+    key_base64: str
+
+    @classmethod
+    def from_key(cls, key: paramiko.PKey) -> "HostKeyInfo":
+        key_bytes = key.asbytes()
+        sha256_digest = hashlib.sha256(key_bytes).digest()
+        sha256_value = base64.b64encode(sha256_digest).decode("ascii").rstrip("=")
+        md5_value = ":".join(f"{byte:02x}" for byte in key.get_fingerprint())
+        return cls(
+            key_type=key.get_name(),
+            sha256_fingerprint=f"SHA256:{sha256_value}",
+            md5_fingerprint=f"MD5:{md5_value}",
+            key_base64=base64.b64encode(key_bytes).decode("ascii"),
+        )
+
+    def matches(self, key: paramiko.PKey) -> bool:
+        return self.key_base64 == base64.b64encode(key.asbytes()).decode("ascii")
+
+    def details(self) -> str:
+        return "\n".join(
+            [
+                f"type={self.key_type}",
+                f"sha256={self.sha256_fingerprint}",
+                f"md5={self.md5_fingerprint}",
+            ]
+        )
+
+
+HostKeyConfirmation = Callable[[HostKeyInfo], bool]
+
+
+def connect_ssh(
+    config: ConnectRequest,
+    log: LogCallback,
+    confirm_host_key: HostKeyConfirmation | None = None,
+    expected_host_key: HostKeyInfo | None = None,
+) -> ConnectedClient:
     """Open an SSH connection, including legacy algorithms Paramiko still supports."""
 
     sock = socket.create_connection((config.host, config.port), timeout=config.timeout_seconds)
@@ -35,10 +78,21 @@ def connect_ssh(config: ConnectRequest, log: LogCallback) -> ConnectedClient:
         if config.keepalive_seconds:
             transport.set_keepalive(config.keepalive_seconds)
 
-        if config.strict_host_key:
-            _check_known_host(config, transport, log)
+        host_key = transport.get_remote_server_key()
+        host_key_info = HostKeyInfo.from_key(host_key)
+        log("info", "SSH server host key received.", host_key_info.details())
+        if expected_host_key is not None:
+            if not expected_host_key.matches(host_key):
+                raise paramiko.SSHException(
+                    "SSH server host key changed since the browser user confirmed it."
+                )
+            log("info", "SSH server host key matches the browser-confirmed key.", None)
+        elif confirm_host_key is not None:
+            if not confirm_host_key(host_key_info):
+                raise paramiko.SSHException("SSH server host key was rejected by the browser user.")
+            log("info", "SSH server host key accepted by the browser user.", None)
         else:
-            log("warning", "Strict host key checking is disabled for this browser session.", None)
+            raise paramiko.SSHException("SSH server host key confirmation is required.")
 
         _authenticate(transport, config, log)
 
@@ -158,29 +212,6 @@ def _supported_algorithms(options: paramiko.transport.SecurityOptions, attr: str
     return set(getattr(transport, info_attr).keys())
 
 
-def _check_known_host(config: ConnectRequest, transport: paramiko.Transport, log: LogCallback) -> None:
-    host_key = transport.get_remote_server_key()
-    known_hosts = paramiko.HostKeys()
-    paths = [
-        Path.home() / ".ssh" / "known_hosts",
-        Path.home() / ".ssh" / "known_hosts2",
-    ]
-    for path in paths:
-        if path.exists():
-            known_hosts.load(str(path))
-
-    candidates = [config.host, f"[{config.host}]:{config.port}"]
-    for candidate in candidates:
-        if known_hosts.check(candidate, host_key):
-            log("info", f"Host key verified for {candidate}.", None)
-            return
-
-    raise paramiko.SSHException(
-        "Strict host key checking failed. The remote host key is not present in "
-        "~/.ssh/known_hosts for this server and port."
-    )
-
-
 def _authenticate(transport: paramiko.Transport, config: ConnectRequest, log: LogCallback) -> None:
     username = config.username
     errors: list[str] = []
@@ -196,21 +227,6 @@ def _authenticate(transport: paramiko.Transport, config: ConnectRequest, log: Lo
         if transport.is_authenticated():
             return
 
-    if config.allow_agent:
-        try:
-            for key in paramiko.Agent().get_keys():
-                try:
-                    log("info", f"Trying SSH agent key {key.get_name()}.", None)
-                    transport.auth_publickey(username, key)
-                except Exception as exc:
-                    errors.append(f"agent key {key.get_name()}: {exc}")
-                    log("debug", f"SSH agent key failed: {exc}", None)
-                if transport.is_authenticated():
-                    return
-        except Exception as exc:
-            errors.append(f"agent: {exc}")
-            log("warning", f"SSH agent authentication failed: {exc}", traceback.format_exc())
-
     if config.look_for_keys:
         for key in _load_default_private_keys(config.private_key_passphrase, log):
             try:

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/static/app.js

@@ -34,9 +34,7 @@ const translations = {
     privateKeyLocked: "Private key file is forced by the server.",
     privateKeyPassphrase: "Private key passphrase",
     legacyAlgorithms: "Legacy algorithms",
-    sshAgent: "SSH agent",
     serverKeys: "Server local keys",
-    knownHosts: "known_hosts check",
     reconnect: "Reconnect",
     disconnect: "Disconnect SSH",
     openLogs: "Open full logs",
@@ -95,9 +93,7 @@ const translations = {
     privateKeyLocked: "私钥文件已强制绑定",
     privateKeyPassphrase: "私钥口令",
     legacyAlgorithms: "legacy 算法",
-    sshAgent: "SSH agent",
     serverKeys: "服务端本机密钥",
-    knownHosts: "known_hosts 校验",
     reconnect: "重连",
     disconnect: "断开 SSH",
     openLogs: "打开完整日志",
@@ -222,10 +218,8 @@ document.querySelector("#connect-form").addEventListener("submit", async (event)
     password: valueOf("#password"),
     private_key: privateKey,
     private_key_passphrase: valueOf("#private-key-passphrase"),
-    allow_agent: checked("#allow-agent"),
     look_for_keys: checked("#look-for-keys"),
     legacy_algorithms: checked("#legacy-algorithms"),
-    strict_host_key: checked("#strict-host-key"),
     term: "xterm-256color",
     size: { cols: term.cols, rows: term.rows },
   };

{py_web_ssh-0.1.6 → py_web_ssh-0.1.7}/webssh/static/index.html

@@ -70,9 +70,7 @@
               </label>
               <div class="checks">
                 <label><input id="legacy-algorithms" type="checkbox" checked /> <span data-i18n="legacyAlgorithms">Legacy algorithms</span></label>
-                <label><input id="allow-agent" type="checkbox" /> <span data-i18n="sshAgent">SSH agent</span></label>
                 <label><input id="look-for-keys" type="checkbox" /> <span data-i18n="serverKeys">Server local keys</span></label>
-                <label><input id="strict-host-key" type="checkbox" /> <span data-i18n="knownHosts">known_hosts check</span></label>
               </div>
               <button class="primary" type="submit" data-i18n="connect">Connect</button>
             </form>