From 32490ff019e229ae6fea7075c6dd3181cf983cac Mon Sep 17 00:00:00 2001
From: Dmitry Mikhin <dmikhin@webmonitorx.ru>
Date: Wed, 9 Aug 2023 21:33:57 +0300
Subject: [PATCH] fix #205, automatically set PasswordAuthentication in sshd
 conf to no value

---
 products-prepare/linux/yc-image-cleanup.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/products-prepare/linux/yc-image-cleanup.sh b/products-prepare/linux/yc-image-cleanup.sh
index d03a86fb..b8aafe14 100755
--- a/products-prepare/linux/yc-image-cleanup.sh
+++ b/products-prepare/linux/yc-image-cleanup.sh
@@ -482,6 +482,16 @@ function changeSSHRootLoginToDefault {
   fi
 
 }
+
+
+function changeSSHPasswordAuthenticationToNo {
+  #taken from https://superuser.com/a/1486297
+  sed -E -i 's|^#?(PasswordAuthentication)\s.*|\1 no|' /etc/ssh/sshd_config
+  if ! grep -q '^PasswordAuthentication\s' /etc/ssh/sshd_config; then echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config; fi
+  echo "DONE"
+}
+
+
 function cleanRootPassword {
   OS_TYPE=$(getOS)
   if [ "$OS_TYPE" == "FreeBSD" ]; then
@@ -742,6 +752,8 @@ function cleanupImage {
     cleanLogFiles
     echo -n "Changing ssh PermitRootLogin parameter to the default value... "
     changeSSHRootLoginToDefault
+    echo -n "Changing ssh PasswordAuthentication parameter to the 'no' value... "
+    changeSSHPasswordAuthenticationToNo
     echo -n "Starting to clean up root password... "
     cleanRootPassword
     echo -n "Removing system user... "