ssh: Allow disabling password authentication

Add an option to disable SSH password authentication. This is good option to improve security by preventing guessing of password to log into administrator account on FreedomBox.

If we are able to enable it by default, we can choose not provide an option at all. However, SSH may be required for critical restoration in case of failures. If the administrator has not setup keys by then, this could result in lockout.

• Write new subcommand to get and set configuration of SSH. It is implement storing/retrieving the value of PasswordAuthentication in /etc/ssh/sshd_config. Use augeas library to actually edit the configuration file (see examples in other apps).
• Add user interface checkbox in the SSH application with label 'Disable password authentication' and description 'Improves security by preventing password guessing. Ensure that you have setup SSH keys in your administrator user account before enabling this option.' To do this:
  • Implement a new form.py and create a Form.
  • Create views.py for SSH, move the SSHAppView into it. Use the created form.
  • When form is loaded, retrieve the state of the passwordauthentication option and set the state of the checkbox. When form is submitted, trigger setting configuration. See mediawiki app for example of above implementation.

Originally Created by: elvirolo

Original Title:

Allow user to disable SSH password logins in Plinth

Original description

It would be great if one could disable SSH password authentication from the Plinth user management page when/if an SSH public key is added.