ssh: Disable password authentication by default We want to have a more secure default to prevent network attacks. Change-Id: I9c83d045ba57686847a74a3a91f1bfb305ea249f

commit: 6745463ba76034798e92d0f45197617c46754232 [log] [tgz]
author: June Tate-Gans <jtgans@google.com> Mon Mar 04 17:16:11 2019 -0800
committer: June Tate-Gans <jtgans@google.com> Mon Mar 04 17:16:11 2019 -0800
tree: c9e9aea7e28ae8c25da9cb0d1bd2f8db2147b708
parent: 746c0af649fb911170a9a487c5eec86f021d2c59 [diff]
diff --git a/debian/changelog b/debian/changelog
index 59fffc3..7844894 100644
--- a/debian/changelog
+++ b/debian/changelog

@@ -1,6 +1,7 @@
 mendel-minimal (6-1) mendel-beaker; urgency=medium
 
   * set-datetime: Make timesyncd behave in the face of broken time
+  * ssh: Disable password authentication
 
  -- AIY Projects <support-aiyprojects@google.com>  Tue, 26 Feb 2019 11:32:18 -0800
 

diff --git a/etc/runonce.d/03-check-ssh-keys b/etc/runonce.d/03-check-ssh-keys
index 0f4b055..8ac20ac 100755
--- a/etc/runonce.d/03-check-ssh-keys
+++ b/etc/runonce.d/03-check-ssh-keys

@@ -1,4 +1,5 @@
 #!/bin/bash
 
 rm -f /etc/ssh/ssh_host_*
-test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
\ No newline at end of file
+sed -e's/^#?PasswordAuthentication.*/PasswordAuthentication no/g' -i /etc/ssh/sshd_config
+test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
commit	6745463ba76034798e92d0f45197617c46754232	[log] [tgz]
author	June Tate-Gans <jtgans@google.com>	Mon Mar 04 17:16:11 2019 -0800
committer	June Tate-Gans <jtgans@google.com>	Mon Mar 04 17:16:11 2019 -0800
tree	c9e9aea7e28ae8c25da9cb0d1bd2f8db2147b708
parent	746c0af649fb911170a9a487c5eec86f021d2c59 [diff]