backups: Display SSH public key when adding remote

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>

plinth/modules/backups/__init__.py

@@ -148,7 +148,16 @@ def generate_ssh_client_auth_key():
              str(key_path)], stdout=subprocess.DEVNULL, check=True)
     else:
         logger.info('SSH client key %s for FreedomBox service already exists',
-                    key_file)
+                    key_path)
+
+
+def get_ssh_client_public_key() -> str:
+    """Get SSH client public key for FreedomBox service."""
+    pubkey_path = pathlib.Path(cfg.data_dir) / '.ssh' / 'id_ed25519.pub'
+    with pubkey_path.open('r') as pubkey_file:
+        pubkey = pubkey_file.read()
+
+    return pubkey
 
 
 def is_ssh_hostkey_verified(hostname):

plinth/modules/backups/forms.py

@@ -254,7 +254,9 @@ class AddRemoteRepositoryForm(EncryptedBackupsMixin, forms.Form):
     ssh_password = forms.CharField(
         label=_('SSH server password'), strip=True,
         help_text=_('Password of the SSH Server.<br />'
-                    'SSH key-based authentication is not yet possible.'),
+                    'Either provide a password, or add the FreedomBox '
+                    "service's SSH client public key (listed above) to the "
+                    'authorized keys list on the remote machine.'),
         widget=forms.PasswordInput(), required=False)
 
     field_order = ['repository', 'ssh_password'] + encryption_fields

plinth/modules/backups/templates/backups_add_remote_repository.html

@@ -13,6 +13,33 @@
   <form class="form" method="post">
     {% csrf_token %}
 
+    <hr>
+    <div>
+      <h4>{% trans "SSH Client Authentication Key"%}</h4>
+      <p>
+        {% blocktrans trimmed %}
+          {{ box_name }} service has the following SSH client public key:
+        {% endblocktrans %}
+      </p>
+      <pre>{{ ssh_client_public_key }}</pre>
+      <p>
+        {% blocktrans trimmed %}
+          If this public key is added to the authorized keys list on the remote
+          machine, then SSH key authentication will be used instead of
+          password-based authentication.
+        {% endblocktrans %}
+      </p>
+      <p>
+        {% blocktrans trimmed %}
+          Otherwise, {{ box_name }} service will attempt to connect using the
+          password provided in the form below. If successful, then the public
+          key will be automatically added to the authorized keys list, so that
+          future connections do not need the password.
+        {% endblocktrans %}
+      </p>
+    </div>
+    <hr>
+
     {{ form|bootstrap }}
 
     <div class="alert alert-warning d-flex align-items-center" role="alert">

plinth/modules/backups/views.py

@@ -26,7 +26,7 @@ from plinth.views import AppView
 
 from . import (SESSION_PATH_VARIABLE, api, errors, forms,
                generate_ssh_client_auth_key, get_known_hosts_path,
-               is_ssh_hostkey_verified, privileged)
+               get_ssh_client_public_key, is_ssh_hostkey_verified, privileged)
 from .decorators import delete_tmp_backup_file
 from .repository import (BorgRepository, SshBorgRepository, get_instance,
                          get_repositories)
@@ -371,6 +371,7 @@ class AddRemoteRepositoryView(FormView):
         """Return additional context for rendering the template."""
         context = super().get_context_data(**kwargs)
         context['title'] = _('Create remote backup repository')
+        context['ssh_client_public_key'] = get_ssh_client_public_key()
         return context
 
     def form_valid(self, form):