From 839672d28fe462b7f01e7c8b2062c9d1d552b665 Mon Sep 17 00:00:00 2001 From: Nicolas Palix Date: Mon, 19 Dec 2022 18:38:08 +0100 Subject: [PATCH] Fix handling of ssh_password_authentication The current template use if/else/endif which introduce spurious empty lines. As the setting value is "yes" or "no", as expected by the configuration file, the value is directly use. All uses of passwordauthentication are addressed. This adds the one used for the sftp group. Finally, the global configuration sets the yes and no values to "yes" and "no" respectively. --- conf/ssh/sshd_config | 8 ++------ share/config_global.toml | 2 ++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config index eaa0c7380..63cd0f8fd 100644 --- a/conf/ssh/sshd_config +++ b/conf/ssh/sshd_config @@ -57,11 +57,7 @@ UsePAM yes # PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command: # yunohost settings set security.ssh.ssh_password_authentication -v no -{% if password_authentication == "False" %} -PasswordAuthentication no -{% else %} -#PasswordAuthentication yes -{% endif %} +PasswordAuthentication {{ password_authentication }} # Post-login stuff Banner /etc/issue.net @@ -103,7 +99,7 @@ Match Group sftp.app,!ssh.app AllowStreamLocalForwarding no PermitTunnel no PermitUserRC no - PasswordAuthentication yes + PasswordAuthentication {{ password_authentication }} # root login is allowed on local networks # It's meant to be a backup solution in case LDAP is down and diff --git a/share/config_global.toml b/share/config_global.toml index 40b71ab19..7e8932067 100644 --- a/share/config_global.toml +++ b/share/config_global.toml @@ -42,6 +42,8 @@ name = "Security" [security.ssh.ssh_password_authentication] type = "boolean" default = true + yes = "yes" + no = "no" [security.nginx] name = "NGINX (web server)"