From 5e133f112d8a05c0f7c466fc793514e2a1ee8285 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 26 Jan 2018 00:07:45 +0000
Subject: Add debconf template to disable password auth

The new template is called openssh-server/password-authentication, and
is preseeding-only (at least for now).

Closes: #878945
---
 debian/openssh-server.config | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'debian/openssh-server.config')

diff --git a/debian/openssh-server.config b/debian/openssh-server.config
index 1cad01cff..4a66a35e9 100644
--- a/debian/openssh-server.config
+++ b/debian/openssh-server.config
@@ -17,6 +17,7 @@ get_config_option() {
 }
 
 permit_root_login="$(get_config_option PermitRootLogin)" || true
+password_authentication="$(get_config_option PasswordAuthentication)" || true
 if [ -f /etc/ssh/sshd_config ]; then
 	# Make sure the debconf database is in sync with the current state
 	# of the system.
@@ -25,6 +26,11 @@ if [ -f /etc/ssh/sshd_config ]; then
 	else
 		db_set openssh-server/permit-root-login true
 	fi
+	if [ "$password_authentication" = no ]; then
+		db_set openssh-server/password-authentication false
+	else
+		db_set openssh-server/password-authentication true
+	fi
 fi
 
 if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
-- 
cgit v1.2.3