feat: add SSH settings for device and namespace

Add allow-based SSH settings for both namespace and device
configuration, update the backend migrations and auth flow, and wire the
React console to edit the new settings consistently.

Closes #6136

Author: henrybarreto

agent/installer.go

@@ -88,7 +88,7 @@ func registerInstallerCommands(rootCmd *cobra.Command) {
 	installCmd.Flags().String("preferred-identity", "", "Preferred device identity")
 	installCmd.Flags().Uint("keepalive-interval", 30, "Keepalive interval in seconds")
 	installCmd.MarkFlagRequired("server-address") //nolint:errcheck
-	installCmd.MarkFlagRequired("tenant-id")       //nolint:errcheck
+	installCmd.MarkFlagRequired("tenant-id")      //nolint:errcheck
 
 	rootCmd.AddCommand(installCmd)
 
@@ -169,7 +169,7 @@ func writeAgentEnvFile(cfg installerConfig) error {
 		fmt.Fprintf(&buf, "SHELLHUB_KEEPALIVE_INTERVAL=%d\n", cfg.KeepaliveInterval)
 	}
 
-	return os.WriteFile(agentEnvFile, buf.Bytes(), 0600)
+	return os.WriteFile(agentEnvFile, buf.Bytes(), 0o600)
 }
 
 func writeAgentServiceFile(binaryPath string) error {
@@ -183,7 +183,7 @@ func writeAgentServiceFile(binaryPath string) error {
 		return err
 	}
 
-	return os.WriteFile(agentServiceFile, buf.Bytes(), 0644)
+	return os.WriteFile(agentServiceFile, buf.Bytes(), 0o644)
 }
 
 func agentUninstall() error {

api/routes/device.go

@@ -251,6 +251,10 @@ func (h *Handler) UpdateDevice(c gateway.Context) error {
 		return err
 	}
 
+	if c.Tenant() != nil {
+		req.TenantID = c.Tenant().ID
+	}
+
 	if err := h.service.UpdateDevice(c.Ctx(), req); err != nil {
 		return err
 	}

api/services/device.go

@@ -349,6 +349,40 @@ func (s *service) UpdateDevice(ctx context.Context, req *requests.DeviceUpdate)
 		device.Name = strings.ToLower(req.Name)
 	}
 
+	if req.SSH != nil {
+		if device.SSH == nil {
+			device.SSH = models.DefaultSSHSettings()
+		}
+
+		if req.SSH.AllowPassword != nil {
+			device.SSH.AllowPassword = *req.SSH.AllowPassword
+		}
+		if req.SSH.AllowPublicKey != nil {
+			device.SSH.AllowPublicKey = *req.SSH.AllowPublicKey
+		}
+		if req.SSH.AllowRoot != nil {
+			device.SSH.AllowRoot = *req.SSH.AllowRoot
+		}
+		if req.SSH.AllowEmptyPasswords != nil {
+			device.SSH.AllowEmptyPasswords = *req.SSH.AllowEmptyPasswords
+		}
+		if req.SSH.AllowTTY != nil {
+			device.SSH.AllowTTY = *req.SSH.AllowTTY
+		}
+		if req.SSH.AllowTCPForwarding != nil {
+			device.SSH.AllowTCPForwarding = *req.SSH.AllowTCPForwarding
+		}
+		if req.SSH.AllowWebEndpoints != nil {
+			device.SSH.AllowWebEndpoints = *req.SSH.AllowWebEndpoints
+		}
+		if req.SSH.AllowSFTP != nil {
+			device.SSH.AllowSFTP = *req.SSH.AllowSFTP
+		}
+		if req.SSH.AllowAgentForwarding != nil {
+			device.SSH.AllowAgentForwarding = *req.SSH.AllowAgentForwarding
+		}
+	}
+
 	if err := s.store.DeviceUpdate(ctx, device); err != nil { // nolint:revive
 		return err
 	}
@@ -376,6 +410,10 @@ func (s *service) mergeDevice(ctx context.Context, tenantID string, oldDevice *m
 	}
 
 	log.WithFields(logFields).Debug("updating new device name to preserve old device identity")
+	if oldDevice.SSH != nil {
+		newDevice.SSH = oldDevice.SSH
+	}
+
 	newDevice.Name = oldDevice.Name
 	if err := s.store.DeviceUpdate(ctx, newDevice); err != nil {
 		log.WithError(err).WithFields(logFields).Error("failed to update new device name")

api/services/device_test.go

@@ -1699,13 +1699,35 @@ func TestUpdateDeviceStatus(t *testing.T) {
 					TenantID: "00000000-0000-0000-0000-000000000000",
 					Status:   models.DeviceStatusAccepted,
 					Identity: &models.DeviceIdentity{MAC: "aa:bb:cc:dd:ee:ff"},
+					SSH: &models.SSHSettings{
+						AllowPassword:        false,
+						AllowPublicKey:       true,
+						AllowRoot:            false,
+						AllowEmptyPasswords:  true,
+						AllowTTY:             false,
+						AllowTCPForwarding:   true,
+						AllowWebEndpoints:    false,
+						AllowSFTP:            true,
+						AllowAgentForwarding: false,
+					},
 				}
 				mergedDevice := &models.Device{
 					UID:      "new-device",
 					Name:     "device-name",
 					TenantID: "00000000-0000-0000-0000-000000000000",
 					Status:   models.DeviceStatusPending,
 					Identity: &models.DeviceIdentity{MAC: "aa:bb:cc:dd:ee:ff"},
+					SSH: &models.SSHSettings{
+						AllowPassword:        false,
+						AllowPublicKey:       true,
+						AllowRoot:            false,
+						AllowEmptyPasswords:  true,
+						AllowTTY:             false,
+						AllowTCPForwarding:   true,
+						AllowWebEndpoints:    false,
+						AllowSFTP:            true,
+						AllowAgentForwarding: false,
+					},
 				}
 				finalDevice := &models.Device{
 					UID:             "new-device",
@@ -1714,6 +1736,17 @@ func TestUpdateDeviceStatus(t *testing.T) {
 					Status:          models.DeviceStatusAccepted,
 					StatusUpdatedAt: now,
 					Identity:        &models.DeviceIdentity{MAC: "aa:bb:cc:dd:ee:ff"},
+					SSH: &models.SSHSettings{
+						AllowPassword:        false,
+						AllowPublicKey:       true,
+						AllowRoot:            false,
+						AllowEmptyPasswords:  true,
+						AllowTTY:             false,
+						AllowTCPForwarding:   true,
+						AllowWebEndpoints:    false,
+						AllowSFTP:            true,
+						AllowAgentForwarding: false,
+					},
 				}
 
 				storeMock.

api/services/namespace.go

@@ -66,6 +66,15 @@ func (s *service) CreateNamespace(ctx context.Context, req *requests.NamespaceCr
 		Settings: &models.NamespaceSettings{
 			SessionRecord:          true,
 			ConnectionAnnouncement: "",
+			AllowPassword:          true,
+			AllowPublicKey:         true,
+			AllowRoot:              true,
+			AllowEmptyPasswords:    true,
+			AllowTTY:               true,
+			AllowTCPForwarding:     true,
+			AllowWebEndpoints:      true,
+			AllowSFTP:              true,
+			AllowAgentForwarding:   true,
 		},
 		TenantID: req.TenantID,
 		Type:     models.NewDefaultType(),
@@ -176,6 +185,42 @@ func (s *service) EditNamespace(ctx context.Context, req *requests.NamespaceEdit
 		namespace.Settings.ConnectionAnnouncement = *req.Settings.ConnectionAnnouncement
 	}
 
+	if req.Settings.AllowPassword != nil {
+		namespace.Settings.AllowPassword = *req.Settings.AllowPassword
+	}
+
+	if req.Settings.AllowPublicKey != nil {
+		namespace.Settings.AllowPublicKey = *req.Settings.AllowPublicKey
+	}
+
+	if req.Settings.AllowRoot != nil {
+		namespace.Settings.AllowRoot = *req.Settings.AllowRoot
+	}
+
+	if req.Settings.AllowEmptyPasswords != nil {
+		namespace.Settings.AllowEmptyPasswords = *req.Settings.AllowEmptyPasswords
+	}
+
+	if req.Settings.AllowTTY != nil {
+		namespace.Settings.AllowTTY = *req.Settings.AllowTTY
+	}
+
+	if req.Settings.AllowTCPForwarding != nil {
+		namespace.Settings.AllowTCPForwarding = *req.Settings.AllowTCPForwarding
+	}
+
+	if req.Settings.AllowWebEndpoints != nil {
+		namespace.Settings.AllowWebEndpoints = *req.Settings.AllowWebEndpoints
+	}
+
+	if req.Settings.AllowSFTP != nil {
+		namespace.Settings.AllowSFTP = *req.Settings.AllowSFTP
+	}
+
+	if req.Settings.AllowAgentForwarding != nil {
+		namespace.Settings.AllowAgentForwarding = *req.Settings.AllowAgentForwarding
+	}
+
 	if err := s.store.NamespaceUpdate(ctx, namespace); err != nil {
 		return nil, err
 	}