[COMPLETED] Contributor Invite: Allow disabling password authentication for SSH

About this Contributor Invite:

  • Task Area: Coding
  • Effort rating: 3/5
  • Skills required: Python, Django Views/Templates/Forms

Description of the Problem:

Currently, after users start using SSH public keys for authentication, there is no easy way to disable SSH password authentication. These users may want to disable SSH password authentication in order to improve security by preventing guesses of the password to log into administrator account on FreedomBox via SSH. FreedomBox should have an option to disable password authentication in SSH for all accounts.

What we ask of you:

  • Write new subcommand to get and set configuration of SSH. It is implement storing/retrieving the value of PasswordAuthentication in /etc/ssh/sshd_config. Use augeas library to actually edit the configuration file (see examples in other apps).
  • Add user interface checkbox in the SSH application with label ‘Disable password authentication’ and description ‘Improves security by preventing password guessing. Ensure that you have setup SSH keys in your administrator user account before enabling this option.’ To do this:
    • Implement a new form.py and create a Form.
    • Create views.py for SSH, move the SSHAppView into it. Use the created form.
    • When form is loaded, retrieve the state of the passwordauthentication option and set the state of the checkbox. When form is submitted, trigger setting configuration. See mediawiki app for example of above implementation.

Link to the issue in GitLab: https://salsa.debian.org/freedombox-team/plinth/issues/572

How to claim this Contributor Invite:

Do you want to accept this invitation to contribute? If so, follow these steps:

  1. Comment on this forum post indicating that you would like to claim the invite. This will prevent multiple people from working on the same issue at the same time.
  2. Register an account with our GitLab instance and begin making your contributions on the GitLab issue page for this task. You can use the comment section of this forum post to ask questions, but the bulk of the development discussion should happen on GitLab.

Resources:

If you need help with this issue, please feel free to ask for it from members of our core team:

  • Sunil Mohan Adapa (@sunil): Lead Developer & Code Reviewer
  • Joseph Nuthalapati (@njoseph ): DevOps Engineer, Developer, & Code Reviewer
  • James Valleroy (@jvalleroy) : Release Manager, Developer, & Code Reviewer

Hi I would like to claim this issue if no one is working on it.
I might need 3-4 days to finish it as I will need to go through the source code.
Thanks!

2 Likes

@nkatakis Nektarios, thanks for taking interest! This Contributor Invite is now yours. Since you’ve claimed this invite, I’ll mark it as [CLAIMED] in the title.

And welcome to our community, Nektarios! My name is Danny, and I work at the FreedomBox Foundation. Since you’re new, I want to make sure that you know about the resources and support we offer our contributors. Check out our “Welcome” page for some basic information and for the contact info of our core team: https://wiki.debian.org/FreedomBox/Welcome

If you have the time, please do join one of our upcoming weekend progress calls and introduce yourself. These calls are completely optional, but you’re always welcome to join! We have a call this Sunday, October 27th at 17:00 UTC.

Good luck with this task!

This Invite has been marked as [COMPLETE]. Congratulations, @nkatakis, and welcome to our team!