Apply PasswordAuthentication attribute to SSH

SteveLowe · SteveLowe · commit 985d9f64fc2b · 2016-01-15T16:58:47.000Z
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -66,7 +66,7 @@
 default['ssh']['allow_groups']            = []      # sshd
 default['ssh']['print_motd']              = false   # sshd
 default['ssh']['print_last_log']          = false   # sshd
-default['ssh']['password_authentication'] = false    # sshd
+default['ssh']['password_authentication'] = false    # sshd + ssh
 # set this to nil to let us use the default OpenSSH in case it's not set by the user
 default['ssh']['use_dns']                 = nil     # sshd
 # set this to nil to let us detect the attribute based on the node platform
diff --git a/templates/default/openssh.conf.erb b/templates/default/openssh.conf.erb
@@ -88,7 +88,7 @@ RhostsRSAAuthentication no
 RSAAuthentication yes
 
 # Disable password-based authentication, it can allow for potentially easier brute-force attacks.
-PasswordAuthentication no
+PasswordAuthentication <%= ((@node['ssh']['password_authentication']) ? "yes" : "no" ) %>
 
 # Only use GSSAPIAuthentication if implemented on the network.
 GSSAPIAuthentication no
