From 4a3a9f806411c0bb68a6c4c1ef753bb5e5071823 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Mon, 19 Dec 2022 18:38:08 +0100 Subject: [PATCH] ssh config: Fix handling of ssh_password_authentication The current template use if/else/endif which introduce spurious empty lines. As the setting value is "yes" or "no", as expected by the configuration file, the value is directly use. All uses of passwordauthentication are addressed. This adds the one used for the sftp group. Finally, the global configuration sets the yes and no values to "yes" and "no" respectively. Currently, the value is set to "0" which breaks the configuration generation when "0" is compared to "False". Signed-off-by: Nicolas Palix --- conf/ssh/sshd_config | 8 ++------ share/config_global.toml | 2 ++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config index eaa0c7380..63cd0f8fd 100644 --- a/conf/ssh/sshd_config +++ b/conf/ssh/sshd_config @@ -57,11 +57,7 @@ UsePAM yes # PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command: # yunohost settings set security.ssh.ssh_password_authentication -v no -{% if password_authentication == "False" %} -PasswordAuthentication no -{% else %} -#PasswordAuthentication yes -{% endif %} +PasswordAuthentication {{ password_authentication }} # Post-login stuff Banner /etc/issue.net @@ -103,7 +99,7 @@ Match Group sftp.app,!ssh.app AllowStreamLocalForwarding no PermitTunnel no PermitUserRC no - PasswordAuthentication yes + PasswordAuthentication {{ password_authentication }} # root login is allowed on local networks # It's meant to be a backup solution in case LDAP is down and diff --git a/share/config_global.toml b/share/config_global.toml index 1f3cc1b39..fcbb95ba5 100644 --- a/share/config_global.toml +++ b/share/config_global.toml @@ -42,6 +42,8 @@ name = "Security" [security.ssh.ssh_password_authentication] type = "boolean" default = true + yes = "yes" + no = "no" [security.nginx] name = "NGINX (web server)"