Disable ssh access if default password has not been changed

[eliasbakken]

It is now possible to enable ssh access on Rebuild/Refactor/Reflash. The idea is that once SSH has been enabled, the user will log in and is subsequently prompted to change passwords. If the user does not log in within a reasonable time (for instance one hour), the access should be disabled.

[obgr]

We can allow moonraker to manage the ssh service by modifying printer_data/moonraker.asvc. All we need to do is to add the systemd service name, and it will pop up in the managed services menu, allowing us to start/stop and restart the service. Fluidd in this case will capitalize the first letter in the service name, but it works.

If we want something that disables the service automatically, we can look at the password change date stamp with passwd debian --status and see if the passoword is changed after build date.

OR

We make things simpler by creating a systemd service always shutting down ssh after service has been running for an hour or two, and have it disabled upon first login and successful pw change.

I can also see an argument to have an ssh-auto-disabler as a feature, which can be turned on and off at will via moonraker like my example with ssh above. The user can get a question up on first login if they want the service enabled on boot or not.

[eliasbakken]

This is a great idea! Have you already got a patch working or is that from somewhere else?

[goeland86]

I can test and provide a PR for the moonraker.asvc file later this week if it hasn't been done yet?

[eliasbakken]

PR available for review

[eliasbakken]

Tested and looks good. Can be reopened if we find any other issues.