nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/ssh/__init__.py
Sunil Mohan Adapa 4769c1c861
ssh: Update existing setups to add sudo group to allowed SSH groups 
Tests:

- On a setup with the patch, disable and re-enable the restricted users feature.
sudo is not part of allowed users. Apply the patch and restart the service. SSH
app will be updated and sudo is added to SSH allowed groups.

- Add a fresh unprivileged user to sudo group. SSH using that user to the
system.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
2023-01-13 07:52:02 -08:00

100 lines
3.2 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""FreedomBox app for OpenSSH server."""
import pathlib
import re
import subprocess
from django.utils.translation import gettext_lazy as _
from plinth import app as app_module
from plinth import menu
from plinth.daemon import Daemon
from plinth.modules.backups.components import BackupRestore
from plinth.modules.firewall.components import Firewall
from plinth.modules.users.components import UsersAndGroups
from plinth.package import Packages
from . import manifest, privileged
_description = [
_('A Secure Shell server uses the secure shell protocol to accept '
'connections from remote computers. An authorized remote computer '
'can perform administration tasks, copy files or run other services '
'using such connections.')
]
class SSHApp(app_module.App):
"""FreedomBox app for SSH."""
app_id = 'ssh'
_version = 3
def __init__(self):
"""Create components for the app."""
super().__init__()
info = app_module.Info(app_id=self.app_id, version=self._version,
is_essential=True,
name=_('Secure Shell (SSH) Server'),
icon='fa-terminal', description=_description,
manual_page='SecureShell')
self.add(info)
menu_item = menu.Menu('menu-ssh', info.name, None, info.icon,
'ssh:index', parent_url_name='system')
self.add(menu_item)
packages = Packages('packages-ssh', ['openssh-server'])
self.add(packages)
firewall = Firewall('firewall-ssh', info.name, ports=['ssh'],
is_external=True)
self.add(firewall)
daemon = Daemon('daemon-ssh', 'ssh')
self.add(daemon)
groups = {
'freedombox-ssh': _('Remotely login using Secure Shell (SSH)')
}
users_and_groups = UsersAndGroups('users-and-groups-ssh',
groups=groups)
self.add(users_and_groups)
backup_restore = BackupRestore('backup-restore-ssh', **manifest.backup)
self.add(backup_restore)
def setup(self, old_version):
"""Install and configure the app."""
super().setup(old_version)
privileged.setup()
if not old_version:
self.enable()
elif old_version == 2 and privileged.are_users_restricted():
privileged.restrict_users(True)
elif old_version == 1:
privileged.restrict_users(True)
def get_host_keys():
"""Return Host keys of the system."""
etc_ssh = pathlib.Path('/etc/ssh/')
host_keys = []
pattern = re.compile(r'^(?P<bit_size>\d+) (?P<fingerprint>[\S]+) '
r'.+ \((?P<algorithm>\w+)\)$')
for public_key in etc_ssh.glob('*.pub'):
process = subprocess.run(['ssh-keygen', '-l', '-f',
str(public_key)], stdout=subprocess.PIPE,
check=True)
output = process.stdout.decode().strip()
if output:
match = re.match(pattern, output)
if match:
host_keys.append(match.groupdict())
return host_keys
Reference in New Issue View Git Blame Copy Permalink