Implemented new features. Request to commit.

[LaKing]

Hello.

Okay, for my own purposes I implemented the following 'features':

* SSL certificate signing with a custom CA as default. (not delf-signed)
This is approx. 4 lines of code, not a big deal.

* SSH Public Key authentication
This is several lines of code in several files (interface, server and also requires new fields in SQL.)
When a new user is created, the server generates the private and public key, that can be obtained in the Tools section. When creating a new shell-user, the user's public key, and an additional optional custom key is added to the shell user's authorised keys, thus allowing logging in without typing a password.


There are two options. I can post all modifications here to the forum as code, so the main developers can review them, and apply them in the next release, or I can add them myself to the svn, to some beta-branch.

Please advise ...

Greetings,
István Király

[till]

Are these new options configurable in system > server config so that they can be disabled by default and dont change the current behaviour of existing installs?

[LaKing]

Not yet, but I can implement that.

Lets say, a CA-path into the system configuration->web tab, empty by default for self signing certificates. And an additional CA-signing password might be necessary.

For public key authentication, a new tab might be necessary unless we want to handle ssh-access in one tab, in that case the jailkit tab shuld be renamed to 'ssh'-tab, and there should be two sections, ssh and ssh-jailkit.

Also, the installer/updater scripts need to be updated. ...

I can do all that if you want to have it in the official release. ...

[till]

Quote:

Not yet, but I can implement that.

That would be great!

Quote:

Lets say, a CA-path into the system configuration->web tab, empty by default for self signing certificates. And an additional CA-signing password might be necessary.

ok.

Quote:

For public key authentication, a new tab might be necessary unless we want to handle ssh-access in one tab, in that case the jailkit tab shuld be renamed to 'ssh'-tab, and there should be two sections, ssh and ssh-jailkit.

I think that renaming is a good idea as we dont have that much space for new tabs.

Quote:

Also, the installer/updater scripts need to be updated. ...

ok.

Quote:

I can do all that if you want to have it in the official release. ...

I guess it can be integrated into 3.0.4. As the next release 3.0.3.3 is a bugfix release.

Please upload your changes to SVN trunk. If you dont have a password yet, please send me an email to dev [at] ispconfig [dot] org.