Enable or disable ssh password logins

src/freedombone-sec

@@ -34,6 +34,7 @@ SSH_CIPHERS=
 SSH_MACS=
 SSH_KEX=
 SSH_HOST_KEY_ALGORITHMS=
+SSH_PASSWORDS=
 XMPP_CIPHERS=
 XMPP_ECC_CURVE=
 
@@ -105,6 +106,7 @@ function get_ssh_settings {
       SSH_CIPHERS=$(cat $SSH_CONFIG | grep 'Ciphers ' | awk -F 'Ciphers ' '{print $2}')
       SSH_MACS=$(cat $SSH_CONFIG | grep 'MACs ' | awk -F 'MACs ' '{print $2}')
       SSH_KEX=$(cat $SSH_CONFIG | grep 'KexAlgorithms ' | awk -F 'KexAlgorithms ' '{print $2}')
+      SSH_PASSWORDS=$(cat $SSH_CONFIG | grep 'PasswordAuthentication ' | awk -F 'PasswordAuthentication ' '{print $2}')
   fi
   if [ -f /etc/ssh/ssh_config ]; then
       SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}')
@@ -175,10 +177,14 @@ function change_ssh_settings {
       if [ ! $SSH_KEX ]; then
           return
       fi
+      if [ ! $SSH_PASSWORDS ]; then
+          return
+      fi
 
       sed -i "s|Ciphers .*|Ciphers $SSH_CIPHERS|g" $SSH_CONFIG
       sed -i "s|MACs .*|MACs $SSH_MACS|g" $SSH_CONFIG
       sed -i "s|KexAlgorithms .*|KexAlgorithms $SSH_KEX|g" $SSH_CONFIG
+      sed -i "s|PasswordAuthentication .*|PasswordAuthentication $SSH_PASSWORDS|g" $SSH_CONFIG
       service ssh restart
       echo 'ssh server security settings changed'
   fi
@@ -254,6 +260,23 @@ function interactive_setup {
       esac
   fi
 
+  if [[ $SSH_PASSWORDS == "yes" ]]; then
+      dialog --title "SSH Passwords" \
+          --backtitle "Freedombone Security Configuration" \
+          --yesno "\nAllow SSH login using passwords?" 7 60
+  else
+      dialog --title "SSH Passwords" \
+          --backtitle "Freedombone Security Configuration" \
+          --defaultno \
+          --yesno "\nAllow SSH login using passwords?" 7 60
+  fi
+  sel=$?
+  case $sel in
+      0) SSH_PASSWORDS="yes";;
+      1) SSH_PASSWORDS="no";;
+      255) exit 0;;
+  esac
+
   if [ $XMPP_CIPHERS ]; then
       data=$(tempfile 2>/dev/null)
       trap "rm -f $data" 0 1 2 5 15