(feature) Generate filesystem-backed SSH credentials

Add filesystem-backed SSH credentials for the native systemd deployment path. Generated keys are stored below POBSYNC_HOME with 0600 permissions, while Django keeps the public key, fingerprint, path, and selection metadata. Add a Django SSH key generation view, delete action for unused generated keys, and a management command used by the installer to ensure a default backup key exists. Update runtime config to use generated key paths directly as IdentityFile, extend host checks to verify key readability, and keep legacy uploaded keys available for compatibility.
2026-05-19 19:41:40 +02:00
parent ccacad3d37
commit df3dcc47c9
18 changed files with 483 additions and 24 deletions
--- a/src/pobsync_backend/templates/pobsync_backend/ssh_credential_generate.html
+++ b/src/pobsync_backend/templates/pobsync_backend/ssh_credential_generate.html
@@ -0,0 +1,32 @@
+{% extends "pobsync_backend/base.html" %}
+
+{% block title %}Generate SSH Key | pobsync{% endblock %}
+
+{% block content %}
+  <h1>Generate SSH Key</h1>
+
+  <section class="actions" aria-label="SSH key form actions">
+    <a class="button-link" href="{% url 'ssh_credentials' %}">Back to SSH keys</a>
+  </section>
+
+  <section class="panel">
+    <h2>Create Key Pair</h2>
+    <form method="post" class="form-grid">
+      {% csrf_token %}
+      {{ form.non_field_errors }}
+
+      {% for field in form %}
+        <div class="field">
+          {{ field.errors }}
+          <label for="{{ field.id_for_label }}">{{ field.label }}</label>
+          {{ field }}
+          {% if field.help_text %}<div class="helptext">{{ field.help_text }}</div>{% endif %}
+        </div>
+      {% endfor %}
+
+      <div class="actions">
+        <button type="submit">Generate SSH key</button>
+      </div>
+    </form>
+  </section>
+{% endblock %}