Initial SSH password

shared/bin/configure-interfaces.py

@@ -61,6 +61,7 @@ class Constants:
     MSG_CONFIG_HOST = ('Hostname', 'Configure sensor hostname')
     MSG_CONFIG_INTERFACE = ('Interface', 'Configure an interface\'s IP address')
     MSG_CONFIG_TIME_SYNC = ('Time Sync', 'Configure time synchronization')
+    MSG_CONFIG_SSH = ('SSH Authentication', 'Configure SSH authentication')
     MSG_CONFIG_STATIC_TITLE = 'Provide the values for static IP configuration'
     MSG_ERR_ROOT_REQUIRED = 'Elevated privileges required, run as root'
     MSG_ERR_BAD_HOST = 'Invalid host or port'
@@ -82,7 +83,9 @@ class Constants:
     MSG_TESTING_CONNECTION_FAILURE = "Connection error: could not connect to {}:{}"
     MSG_SET_HOSTNAME_CURRENT = 'Current sensor identification information\n\n'
     MSG_SET_HOSTNAME_SUCCESS = 'Set sensor hostname successfully!\n\n'
+    MSG_CONFIG_SSH_SUCCESS = 'SSH authentication configured successfully!\n\n'
     MSG_IDENTIFY_NICS = 'Do you need help identifying network interfaces?'
+    MSG_SSH_PASSWORD_AUTH = 'Enable SSH Password Authentication?'
     MSG_SELECT_INTERFACE = 'Select interface to configure'
     MSG_SELECT_BLINK_INTERFACE = 'Select capture interface to identify'
     MSG_BLINK_INTERFACE = '{} will blink for {} seconds'
@@ -184,9 +187,9 @@ def main():
     except Exception:
         pass
     if installation == Constants.DEV_SENSOR:
-        modeChoices = [Constants.MSG_CONFIG_INTERFACE, Constants.MSG_CONFIG_HOST, Constants.MSG_CONFIG_TIME_SYNC]
+        modeChoices = [Constants.MSG_CONFIG_INTERFACE, Constants.MSG_CONFIG_HOST, Constants.MSG_CONFIG_TIME_SYNC, Constants.MSG_CONFIG_SSH]
     elif installation == Constants.DEV_AGGREGATOR:
-        modeChoices = [Constants.MSG_CONFIG_HOST, Constants.MSG_CONFIG_TIME_SYNC]
+        modeChoices = [Constants.MSG_CONFIG_HOST, Constants.MSG_CONFIG_TIME_SYNC, Constants.MSG_CONFIG_SSH]
     else:
         print(Constants.MSG_ERR_DEV_INVALID)
         sys.exit(1)
@@ -399,6 +402,16 @@ def main():
                 else:
                     raise CancelledError
 
+            elif config_mode == Constants.MSG_CONFIG_SSH[0]:
+                # configure SSH authentication options
+                code = d.yesno(Constants.MSG_CONFIG_SSH_SUCCESS)
+                if (code == Dialog.OK):
+                    with open('/etc/ssh/ssh_config', 'r') as f:
+                        for line in f:
+                            if line.startswith("PasswordAuthentication") or line.startswith("#   PasswordAuthentication"):
+                                line = "PasswordAuthentication yes"
+                            else:
+                                pass
             else:
                 # interface IP address configuration #################################################################################################
 

shared/bin/preseed_late_user_config.sh

@@ -52,6 +52,16 @@ Description:
 Template: malcolm/disable_ipv6_title
 Type: text
 Description: IPv6
+
+Template: malcolm/ssh_password_auth
+Type: boolean
+Default: false
+Description:
+ Allow SSH password authentication?
+
+Template: malcolm/ssh_password_auth_title
+Type: text
+Description: SSH Password Authentication
 !EOF!
 
 # load template
@@ -185,3 +195,23 @@ else
 fi
 
 echo "malcolm/dod_banner=$RET" >> /tmp/malcolm.answer
+
+# set title
+db_settitle malcolm/ssh_password_auth_title
+
+# prompt
+db_input critical malcolm/ssh_password_auth
+db_go
+
+# get answer to $RET
+db_get malcolm/ssh_password_auth
+
+if [ "$RET" = true ]; then
+  SSH_PASSWORD_AUTH = "yes"
+else
+  SSH_PASSWORD_AUTH = "no"
+fi
+
+sed -i "'s/#   PasswordAuthentication.*/\PasswordAuthentication $SSH_PASSWORD_AUTH/g'" /etc/ssh/ssh_config 2>/dev/null || true
+
+echo "malcolm/ssh_password_auth=$RET" >> /tmp/malcolm.answer