# HG changeset patch
# User csalgau <csalgau@users.sourceforge.net>
# Date 2019-02-13 23:16:57
# Node ID 6cd9b76816a5193de8c8b2018193e239ee7fc276
# Parent  976a0af21f9d9c28b481f834a41844ad5c8d80bb

Issue #5536 - ability to disable server-side SSH key generation

- Fixes #5536

diff --git a/configs/development.ini b/configs/development.ini
--- a/configs/development.ini
+++ b/configs/development.ini
@@ -631,6 +631,10 @@ ssh.executable.hg = ~/.rccontrol/vcsserv
 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
 
+## Enables SSH key generator web interface. Disabling this still allows users
+## to add their own keys.
+ssh.enable_ui_key_generator = true
+
 
 ## Dummy marker to add new entries after.
 ## Add any custom entries below. Please don't remove.
diff --git a/configs/production.ini b/configs/production.ini
--- a/configs/production.ini
+++ b/configs/production.ini
@@ -604,6 +604,10 @@ ssh.executable.hg = ~/.rccontrol/vcsserv
 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
 
+## Enables SSH key generator web interface. Disabling this still allows users
+## to add their own keys.
+ssh.enable_ui_key_generator = true
+
 
 ## Dummy marker to add new entries after.
 ## Add any custom entries below. Please don't remove.
diff --git a/docs/auth/ssh-connection.rst b/docs/auth/ssh-connection.rst
--- a/docs/auth/ssh-connection.rst
+++ b/docs/auth/ssh-connection.rst
@@ -73,6 +73,10 @@ 2. Enable the SSH module on instance.
         ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
         ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
 
+        ## Enables SSH key generator web interface. Disabling this still allows users
+        ## to add their own keys.
+        ssh.enable_ui_key_generator = true
+
 
 3. Set base_url for instance to enable proper event handling (Optional):
 
diff --git a/rhodecode/apps/my_account/views/my_account_ssh_keys.py b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
--- a/rhodecode/apps/my_account/views/my_account_ssh_keys.py
+++ b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
@@ -71,10 +71,11 @@ class MyAccountSshKeysView(BaseAppView, 
         c = self.load_default_context()
 
         c.active = 'ssh_keys_generate'
-        comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
-        c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
-        c.target_form_url = h.route_path(
-            'my_account_ssh_keys', _query=dict(default_key=c.public))
+        if c.ssh_key_generator_enabled:
+            comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
+            c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
+            c.target_form_url = h.route_path(
+                'my_account_ssh_keys', _query=dict(default_key=c.public))
         return self._get_template_context(c)
 
     @LoginRequired()
diff --git a/rhodecode/apps/ssh_support/__init__.py b/rhodecode/apps/ssh_support/__init__.py
--- a/rhodecode/apps/ssh_support/__init__.py
+++ b/rhodecode/apps/ssh_support/__init__.py
@@ -36,6 +36,7 @@ def _sanitize_settings_and_apply_default
     _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
     _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
     _bool_setting(settings, config_keys.enable_debug_logging, 'false')
+    _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true')
 
     _string_setting(settings, config_keys.authorized_keys_file_path,
                     '~/.ssh/authorized_keys_rhodecode',
diff --git a/rhodecode/apps/ssh_support/config_keys.py b/rhodecode/apps/ssh_support/config_keys.py
--- a/rhodecode/apps/ssh_support/config_keys.py
+++ b/rhodecode/apps/ssh_support/config_keys.py
@@ -24,6 +24,7 @@
 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
+ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
 wrapper_cmd = 'ssh.wrapper_cmd'
 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
 enable_debug_logging = 'ssh.enable_debug_logging'
diff --git a/rhodecode/lib/base.py b/rhodecode/lib/base.py
--- a/rhodecode/lib/base.py
+++ b/rhodecode/lib/base.py
@@ -348,6 +348,8 @@ def attach_context_attributes(context, r
         config.get('labs_settings_active', 'false'))
     context.ssh_enabled = str2bool(
         config.get('ssh.generate_authorized_keyfile', 'false'))
+    context.ssh_key_generator_enabled = str2bool(
+        config.get('ssh.enable_ui_key_generator', 'true'))
 
     context.visual.allow_repo_location_change = str2bool(
         config.get('allow_repo_location_change', True))
diff --git a/rhodecode/templates/admin/my_account/my_account_ssh_keys.mako b/rhodecode/templates/admin/my_account/my_account_ssh_keys.mako
--- a/rhodecode/templates/admin/my_account/my_account_ssh_keys.mako
+++ b/rhodecode/templates/admin/my_account/my_account_ssh_keys.mako
@@ -55,7 +55,9 @@
                         </div>
                         <div class="input">
                             ${h.text('description', class_='medium', placeholder=_('Description'))}
-                            <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
+                            % if c.ssh_key_generator_enabled:
+                                <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
+                            % endif
                         </div>
                      </div>
 
@@ -70,7 +72,7 @@
                       ${h.reset('reset',_('Reset'),class_="btn")}
                     </div>
                     % if c.default_key:
-                        ${_('Click add to use this generate SSH key')}
+                        ${_('Click add to use this generated SSH key')}
                     % endif
                 </div>
             </div>
diff --git a/rhodecode/templates/admin/users/user_edit_ssh_keys.mako b/rhodecode/templates/admin/users/user_edit_ssh_keys.mako
--- a/rhodecode/templates/admin/users/user_edit_ssh_keys.mako
+++ b/rhodecode/templates/admin/users/user_edit_ssh_keys.mako
@@ -50,7 +50,9 @@
                         </div>
                         <div class="input">
                             ${h.text('description', class_='medium', placeholder=_('Description'))}
-                            <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
+                            % if c.ssh_key_generator_enabled:
+                                <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
+                            % endif
                         </div>
                      </div>
 
diff --git a/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako b/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
--- a/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
+++ b/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
@@ -1,14 +1,15 @@
 <div class="panel panel-default">
     <div class="panel-heading">
-      <h3 class="panel-title">${_('New SSH Key generated')}</h3>
+         <h3 class="panel-title">${_('New SSH Key generation')}</h3>
     </div>
     <div class="panel-body">
-        <p>
-            ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
-            ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
-        </p>
-        <h4>${_('Private key')}</h4>
-        <pre>
+        %if c.ssh_enabled and c.ssh_key_generator_enabled:
+            <p>
+                ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
+                ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
+            </p>
+            <h4>${_('Private key')}</h4>
+            <pre>
 # Save the below content as
 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
@@ -16,30 +17,35 @@
 
 # Change permissions to 0600 to make it secure, and usable.
 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
-        </pre>
+            </pre>
 
-        <div>
-            <textarea style="height: 300px">${c.private}</textarea>
-        </div>
-        <br/>
+            <div>
+                <textarea style="height: 300px">${c.private}</textarea>
+            </div>
+            <br/>
 
-        <h4>${_('Public key')}</h4>
-        <pre>
+            <h4>${_('Public key')}</h4>
+            <pre>
 # Save the below content as
 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
-        </pre>
+            </pre>
 
-        <input type="text" value="${c.public}" class="large text" size="100"/>
-        <p>
-            % if hasattr(c, 'target_form_url'):
-                <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
-            % else:
-                <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
-            % endif
-            ${_('Confirmation required on the next screen')}.
-        </p>
+            <input type="text" value="${c.public}" class="large text" size="100"/>
+            <p>
+                % if hasattr(c, 'target_form_url'):
+                    <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
+                % else:
+                    <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
+                % endif
+                ${_('Confirmation required on the next screen')}.
+            </p>
+        % else:
+            <h2>
+                ${_('SSH key generator has been disabled.')}
+            </h2>
+        % endif
     </div>
 </div>
 
diff --git a/rhodecode/tests/rhodecode.ini b/rhodecode/tests/rhodecode.ini
--- a/rhodecode/tests/rhodecode.ini
+++ b/rhodecode/tests/rhodecode.ini
@@ -572,6 +572,10 @@ ssh.executable.hg = ~/.rccontrol/vcsserv
 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
 
+## Enables SSH key generator web interface. Disabling this still allows users
+## to add their own keys.
+ssh.enable_ui_key_generator = true
+
 
 ## Dummy marker to add new entries after.
 ## Add any custom entries below. Please don't remove.