ssh: Disable password authentication by default
We want to have a more secure default to prevent network attacks.
Change-Id: I9c83d045ba57686847a74a3a91f1bfb305ea249f
diff --git a/debian/changelog b/debian/changelog
index 59fffc3..7844894 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
mendel-minimal (6-1) mendel-beaker; urgency=medium
* set-datetime: Make timesyncd behave in the face of broken time
+ * ssh: Disable password authentication
-- AIY Projects <support-aiyprojects@google.com> Tue, 26 Feb 2019 11:32:18 -0800
diff --git a/etc/runonce.d/03-check-ssh-keys b/etc/runonce.d/03-check-ssh-keys
index 0f4b055..8ac20ac 100755
--- a/etc/runonce.d/03-check-ssh-keys
+++ b/etc/runonce.d/03-check-ssh-keys
@@ -1,4 +1,5 @@
#!/bin/bash
rm -f /etc/ssh/ssh_host_*
-test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
\ No newline at end of file
+sed -e's/^#?PasswordAuthentication.*/PasswordAuthentication no/g' -i /etc/ssh/sshd_config
+test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server