diff --git a/docs/index.rst b/docs/index.rst
index 53c5012a857ce1198dbb3020428dd9c55958f1b4..7778b23d5401cd36b25997ef0fb33a7759d45991 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -59,6 +59,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    package/gluon-ebtables-filter-ra-dhcp
    package/gluon-ebtables-segment-mld
    package/gluon-ebtables-source-filter
+   package/gluon-web-admin
 
 .. toctree::
    :caption: Releases
diff --git a/docs/package/gluon-web-admin.rst b/docs/package/gluon-web-admin.rst
new file mode 100644
index 0000000000000000000000000000000000000000..114f8530226daddabf4888b395ca96d6a274d308
--- /dev/null
+++ b/docs/package/gluon-web-admin.rst
@@ -0,0 +1,27 @@
+gluon-web-admin
+===============
+
+This package allows the user to set options like the password for ssh access
+within config mode. You can define in your ``site.conf`` whether it should be
+possible to access the nodes via ssh with a password or not and what the mimimum
+password length must be.
+
+site.conf
+---------
+
+config_mode.remote_login.show_password_form \: optional (defaults to ``false``)
+  If ``show_password_form`` is set to ``true``, the password section in
+  config mode is shown.
+
+config_mode.remote_login.min_password_length \: optional (defaults to ``12``)
+  This sets the minimum allowed password length. Set this to ``1`` to
+  disable the length check.
+
+If you want to enable the password login you can use this example::
+
+  config_mode = {
+    remote_login = {
+      show_password_form = true, -- default false
+      min_password_length = 12
+    }
+  }
diff --git a/package/gluon-web-admin/Makefile b/package/gluon-web-admin/Makefile
index 726cbbe8be5b1101997cc21a123efe8e9d866ea5..e244b35b6d2f32f78cc48d1d679d1d6c538b26b3 100644
--- a/package/gluon-web-admin/Makefile
+++ b/package/gluon-web-admin/Makefile
@@ -39,4 +39,9 @@ define Package/gluon-web-admin/install
 	$(call GluonInstallI18N,gluon-web-admin,$(1))
 endef
 
+define Package/gluon-web-admin/postinst
+#!/bin/sh
+$(call GluonCheckSite,check_site.lua)
+endef
+
 $(eval $(call BuildPackage,gluon-web-admin))
diff --git a/package/gluon-web-admin/check_site.lua b/package/gluon-web-admin/check_site.lua
new file mode 100644
index 0000000000000000000000000000000000000000..7fdce6fb873c1ced788258d1f8c89161f58249fc
--- /dev/null
+++ b/package/gluon-web-admin/check_site.lua
@@ -0,0 +1,4 @@
+if need_table('config_mode', nil, false) and need_table('config_mode.remote_login', nil, false) then
+  need_boolean('config_mode.remote_login.show_password_form', false)
+  need_number('config_mode.remote_login.min_password_length', false)
+end
diff --git a/package/gluon-web-admin/i18n/de.po b/package/gluon-web-admin/i18n/de.po
index 21f6494b595e09efd7e1937145fce107b3db1702..ec4ac165a8d327586515bce985c4c3706309c9e8 100644
--- a/package/gluon-web-admin/i18n/de.po
+++ b/package/gluon-web-admin/i18n/de.po
@@ -32,6 +32,9 @@ msgstr "Abbrechen"
 msgid "Confirmation"
 msgstr "Bestätigung"
 
+msgid "%u characters min."
+msgstr "Mindestens %u Zeichen"
+
 msgid "Continue"
 msgstr "Fortfahren"
 
diff --git a/package/gluon-web-admin/i18n/fr.po b/package/gluon-web-admin/i18n/fr.po
index 552925c8483fc302f981826247142addaf71e260..6d3d374966f42ee85aec90ccdb1326321b616016 100644
--- a/package/gluon-web-admin/i18n/fr.po
+++ b/package/gluon-web-admin/i18n/fr.po
@@ -33,6 +33,9 @@ msgstr "Annuler"
 msgid "Confirmation"
 msgstr "Confirmation"
 
+msgid "%u characters min."
+msgstr "Au moins %u caractères"
+
 msgid "Continue"
 msgstr "Continuer"
 
diff --git a/package/gluon-web-admin/i18n/gluon-web-admin.pot b/package/gluon-web-admin/i18n/gluon-web-admin.pot
index 719ca3dbf88a5041b3beb1667e39a6f5352eb053..84995dd6e6e04523105e6f4219e13d618b71c544 100644
--- a/package/gluon-web-admin/i18n/gluon-web-admin.pot
+++ b/package/gluon-web-admin/i18n/gluon-web-admin.pot
@@ -19,6 +19,9 @@ msgstr ""
 msgid "Confirmation"
 msgstr ""
 
+msgid "%u characters min."
+msgstr ""
+
 msgid "Continue"
 msgstr ""
 
diff --git a/package/gluon-web-admin/luasrc/lib/gluon/web/model/admin/remote.lua b/package/gluon-web-admin/luasrc/lib/gluon/web/model/admin/remote.lua
index 1a6fe732ef135c8cbe3f2863c7e286911028f9e4..38abc97a90ac30a28304d1b831e5081cc52b50c9 100644
--- a/package/gluon-web-admin/luasrc/lib/gluon/web/model/admin/remote.lua
+++ b/package/gluon-web-admin/luasrc/lib/gluon/web/model/admin/remote.lua
@@ -13,12 +13,13 @@ You may obtain a copy of the License at
 local nixio = require "nixio"
 local fs = require "nixio.fs"
 local util = require "gluon.util"
+local site = require 'gluon.site_config'
 
 local f_keys = Form(translate("SSH keys"), translate("You can provide your SSH keys here (one per line):"), 'keys')
 local s = f_keys:section(Section)
 local keys = s:option(TextValue, "keys")
-keys.wrap    = "off"
-keys.rows    = 5
+keys.wrap = "off"
+keys.rows = 5
 keys.default = fs.readfile("/etc/dropbear/authorized_keys") or ""
 
 function keys:write(value)
@@ -30,11 +31,24 @@ function keys:write(value)
 	end
 end
 
+local config = (site.config_mode or {}).remote_login or {}
+if not config.show_password_form then
+	-- password login is disabled in site.conf
+	return f_keys
+end
+
+local min_password_length = config.min_password_length or 12
+local mintype = 'minlength(' .. min_password_length .. ')'
+local length_hint
+
+if min_password_length > 1 then
+	length_hint = translatef("%u characters min.", min_password_length)
+end
 
-local f_password = Form(translate("Password"),
-	translate(
-                "Alternatively, you can set a password to access your node. Please choose a secure password you don't use anywhere else.<br /><br />"
-                .. "If you set an empty password, login via password will be disabled. This is the default."
+local f_password = Form(translate("Password"), translate(
+	"Alternatively, you can set a password to access your node. Please choose a "
+	.. "secure password you don't use anywhere else.<br /><br />If you set an empty "
+	.. "password, login via password will be disabled. This is the default."
 	), 'password'
 )
 f_password.reset = false
@@ -43,12 +57,16 @@ local s = f_password:section(Section)
 
 local pw1 = s:option(Value, "pw1", translate("Password"))
 pw1.password = true
+pw1.optional = true
+pw1.datatype = mintype
 function pw1.cfgvalue()
 	return ''
 end
 
-local pw2 = s:option(Value, "pw2", translate("Confirmation"))
+local pw2 = s:option(Value, "pw2", translate("Confirmation"), length_hint)
 pw2.password = true
+pw2.optional = true
+pw2.datatype = mintype
 function pw2.cfgvalue()
 	return ''
 end
@@ -93,7 +111,7 @@ function f_password:write()
 
 	local pw = pw1.data
 
-	if #pw > 0 then
+	if pw ~= nil and #pw > 0 then
 		if set_password(pw) then
 			f_password.message = translate("Password changed.")
 		else