Contributor Invite: Allow disabling password authentication for SSH

About this Contributor Invite:

  • Task Area: Coding
  • Effort rating: 3/5
  • Skills required: Python, Django Views/Templates/Forms

Description of the Problem:

Currently, after users start using SSH public keys for authentication, there is no easy way to disable SSH password authentication. These users may want to disable SSH password authentication in order to improve security by preventing guesses of the password to log into administrator account on FreedomBox via SSH. FreedomBox should have an option to disable password authentication in SSH for all accounts.

What we ask of you:

  • Write new subcommand to get and set configuration of SSH. It is implement storing/retrieving the value of PasswordAuthentication in /etc/ssh/sshd_config. Use augeas library to actually edit the configuration file (see examples in other apps).
  • Add user interface checkbox in the SSH application with label ‘Disable password authentication’ and description ‘Improves security by preventing password guessing. Ensure that you have setup SSH keys in your administrator user account before enabling this option.’ To do this:
    • Implement a new form.py and create a Form.
    • Create views.py for SSH, move the SSHAppView into it. Use the created form.
    • When form is loaded, retrieve the state of the passwordauthentication option and set the state of the checkbox. When form is submitted, trigger setting configuration. See mediawiki app for example of above implementation.

Link to the issue in GitLab: https://salsa.debian.org/freedombox-team/plinth/issues/572

How to claim this Contributor Invite:

Do you want to accept this invitation to contribute? If so, follow these steps:

  1. Comment on this forum post indicating that you would like to claim the invite. This will prevent multiple people from working on the same issue at the same time.
  2. Register an account with our GitLab instance and begin making your contributions on the GitLab issue page for this task. You can use the comment section of this forum post to ask questions, but the bulk of the development discussion should happen on GitLab.

Resources:

If you need help with this issue, please feel free to ask for it from members of our core team:

  • Sunil Mohan Adapa (@sunil): Lead Developer & Code Reviewer
  • Joseph Nuthalapati (@njoseph ): DevOps Engineer, Developer, & Code Reviewer
  • James Valleroy (@jvalleroy) : Release Manager, Developer, & Code Reviewer