About this Contributor Invite:
- Task Area: Coding
- Effort rating: 2/5
- Skills required: Python, Django Views/Templates
Description of the Problem:
Before a user connects to FreedomBox via SSH, they should take a security precaution: verify that the server they are connecting to is the correct one. Otherwise, it is possible to perform person-in-the-middle attacks. In order to verify the SSH server, users must match the SSH fingerprint shown by the client with the one provided by a server administrator. In case of FreedomBox, we need to show this information in the SSH server page. But currently, the SSH page in the FreedomBox interface does not show the SSH fingerprint.
What we ask of you:
- Write a method to list the fingerprints for all the SSH keys on the server. Iterate through /etc/ssh/ssh_host_*_key.pub and run the command
ssh-keygen -l -f <file>. Parse the output and extract the fingerprint and algorithm.
- Add a table to the SSHAppView and show the fingerprint information in a tabular format. Create views.py for SSH, move the SSHAppView into it. Then pass the fingerprint information as context variable. Create a new template file for SSH and display the fingerprint information there.
Link to the issue in GitLab: https://salsa.debian.org/freedombox-team/plinth/issues/1650
How to claim this Contributor Invite:
Do you want to accept this invitation to contribute? If so, follow these steps:
- Comment on this forum post indicating that you would like to claim the invite. This will prevent multiple people from working on the same issue at the same time.
- Register an account with our GitLab instance and begin making your contributions on the GitLab issue page for this task. You can use the comment section of this forum post to ask questions, but the bulk of the development discussion should happen on GitLab.
If you need help with this issue, please feel free to ask for it from members of our core team: