security/netbird: Add SSH configuration options (#5113)

security/netbird/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		netbird
-PLUGIN_VERSION=		1.1
+PLUGIN_VERSION=		1.2
 PLUGIN_DEPENDS=		netbird
 PLUGIN_COMMENT=		Peer-to-peer VPN that seamlessly connects your devices
 PLUGIN_MAINTAINER=	dev@netbird.io

security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml

@@ -42,6 +42,36 @@
         <type>checkbox</type>
         <help>Allows incoming SSH connections</help>
     </field>
+    <field>
+        <id>settings.ssh.enableRoot</id>
+        <label>Enable Root Login</label>
+        <type>checkbox</type>
+        <help>Allow root user login</help>
+    </field>
+    <field>
+        <id>settings.ssh.enableSFTP</id>
+        <label>Enable SFTP</label>
+        <type>checkbox</type>
+        <help>Enable SFTP subsystem for file transfers</help>
+    </field>
+    <field>
+        <id>settings.ssh.enableLocalPortForwarding</id>
+        <label>Enable Local Port Forwarding</label>
+        <type>checkbox</type>
+        <help>Allow clients to forward local ports through the server</help>
+    </field>
+    <field>
+        <id>settings.ssh.enableRemotePortForwarding</id>
+        <label>Enable Remote Port Forwarding</label>
+        <type>checkbox</type>
+        <help>Allow clients to request remote port forwarding</help>
+    </field>
+    <field>
+        <id>settings.ssh.enableAuth</id>
+        <label>Enable SSH Authentication</label>
+        <type>checkbox</type>
+        <help>Enable JWT authentication for SSH connections. When disabled, allows any peer with network access</help>
+    </field>
     <field>
         <type>header</type>
         <label>DNS</label>

security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php

@@ -46,6 +46,11 @@ class Settings extends BaseModel
 
         $config["WgPort"] = (int)$this->general->wireguardPort->__toString();
         $config["ServerSSHAllowed"] = $this->ssh->enable->__toString() == 1;
+        $config["EnableSSHRoot"] = $this->ssh->enableRoot->__toString() == 1;
+        $config["EnableSSHSFTP"] = $this->ssh->enableSFTP->__toString() == 1;
+        $config["EnableSSHLocalPortForwarding"] = $this->ssh->enableLocalPortForwarding->__toString() == 1;
+        $config["EnableSSHRemotePortForwarding"] = $this->ssh->enableRemotePortForwarding->__toString() == 1;
+        $config["DisableSSHAuth"] = $this->ssh->enableAuth->__toString() != 1;
         $config["DisableFirewall"] = $this->firewall->allowConfig->__toString() != 1;
         $config["BlockInbound"] = $this->firewall->blockInboundConnection->__toString() == 1;
         $config["DisableDNS"] = $this->dns->enable->__toString() != 1;

security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml

@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/netbird/settings</mount>
     <description>NetBird settings</description>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
     <items>
         <general>
             <enable type="BooleanField">
@@ -31,6 +31,26 @@
                 <Default>0</Default>
                 <Required>Y</Required>
             </enable>
+            <enableRoot type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enableRoot>
+            <enableSFTP type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enableSFTP>
+            <enableLocalPortForwarding type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enableLocalPortForwarding>
+            <enableRemotePortForwarding type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enableRemotePortForwarding>
+            <enableAuth type="BooleanField">
+                <Default>1</Default>
+                <Required>Y</Required>
+            </enableAuth>
         </ssh>
         <dns>
             <enable type="BooleanField">