This change prevents the plinth user to set the ssh-keys without
knowing the user password.
- Debian: added new dependency python3-pampy to authenticate users.
- Added additional required parameter --auth-user to the
'actions/ssh set-keys' command. A password should be
provided through STDIN.
Tests performed:
- running 'actions/ssh set-keys' with empty or wrong admin credentials
fails.
- running 'actions/ssh set-keys' with correct admin credentials
succeeds.
- running 'actions/ssh set-keys' with correct non-admin credentials
succeeds if the --username is the same user.
- running 'actions/ssh set-keys' with correct non-admin credentials
fails if the --username is a different user.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Also, set 'username' and 'keys' arguments for the ssh action
script as required.
Tests performed:
- Setting and deleting ssh keys for the 'tester' user via
web interface works.
- trying to set keys for the root user
`./actions/ssh set-keys --username root --keys abc`
fails with an error.
- trying to get root user keys fails
`./actions/ssh get-keys --username root`
- running ./actions/ssh get-keys and set-keys without parameters
shows required arguments.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
