From 7fb41313cdeecbac42ec581400dff64ac0594a73 Mon Sep 17 00:00:00 2001 From: James Valleroy Date: Sat, 6 Dec 2025 13:28:43 -0500 Subject: [PATCH] backups: Display SSH public key when adding remote Signed-off-by: James Valleroy --- plinth/modules/backups/__init__.py | 11 +++++++- plinth/modules/backups/forms.py | 4 ++- .../backups_add_remote_repository.html | 27 +++++++++++++++++++ plinth/modules/backups/views.py | 3 ++- 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/plinth/modules/backups/__init__.py b/plinth/modules/backups/__init__.py index f921bf50a..b1f725de2 100644 --- a/plinth/modules/backups/__init__.py +++ b/plinth/modules/backups/__init__.py @@ -148,7 +148,16 @@ def generate_ssh_client_auth_key(): str(key_path)], stdout=subprocess.DEVNULL, check=True) else: logger.info('SSH client key %s for FreedomBox service already exists', - key_file) + key_path) + + +def get_ssh_client_public_key() -> str: + """Get SSH client public key for FreedomBox service.""" + pubkey_path = pathlib.Path(cfg.data_dir) / '.ssh' / 'id_ed25519.pub' + with pubkey_path.open('r') as pubkey_file: + pubkey = pubkey_file.read() + + return pubkey def is_ssh_hostkey_verified(hostname): diff --git a/plinth/modules/backups/forms.py b/plinth/modules/backups/forms.py index 5e037bb8b..f7ccea780 100644 --- a/plinth/modules/backups/forms.py +++ b/plinth/modules/backups/forms.py @@ -254,7 +254,9 @@ class AddRemoteRepositoryForm(EncryptedBackupsMixin, forms.Form): ssh_password = forms.CharField( label=_('SSH server password'), strip=True, help_text=_('Password of the SSH Server.
' - 'SSH key-based authentication is not yet possible.'), + 'Either provide a password, or add the FreedomBox ' + "service's SSH client public key (listed above) to the " + 'authorized keys list on the remote machine.'), widget=forms.PasswordInput(), required=False) field_order = ['repository', 'ssh_password'] + encryption_fields diff --git a/plinth/modules/backups/templates/backups_add_remote_repository.html b/plinth/modules/backups/templates/backups_add_remote_repository.html index f2c0eacab..d996be073 100644 --- a/plinth/modules/backups/templates/backups_add_remote_repository.html +++ b/plinth/modules/backups/templates/backups_add_remote_repository.html @@ -13,6 +13,33 @@
{% csrf_token %} +
+
+

{% trans "SSH Client Authentication Key"%}

+

+ {% blocktrans trimmed %} + {{ box_name }} service has the following SSH client public key: + {% endblocktrans %} +

+ 
{{ ssh_client_public_key }}
+

+ {% blocktrans trimmed %} + If this public key is added to the authorized keys list on the remote + machine, then SSH key authentication will be used instead of + password-based authentication. + {% endblocktrans %} +

+

+ {% blocktrans trimmed %} + Otherwise, {{ box_name }} service will attempt to connect using the + password provided in the form below. If successful, then the public + key will be automatically added to the authorized keys list, so that + future connections do not need the password. + {% endblocktrans %} +

+
+
+ {{ form|bootstrap }}