Add options to enable and disable password authentication

Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration.
2026-02-16 18:00:34 +01:00 · 2026-02-16 18:00:34 +01:00 · d2ca6fb861
commit d2ca6fb861
parent 0042f61d04
1 changed files with 35 additions and 15 deletions
--- a/ct/alpine-borgbackup-server.sh
+++ b/ct/alpine-borgbackup-server.sh
@ -21,7 +21,7 @@ catch_errors       # Enable error handling with automatic exit on failure

 function update_script() {
  header_info
-  
+
  if [[ ! -f /usr/bin/borg ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
@ -29,10 +29,12 @@ function update_script() {

  CHOICE=$(msg_menu "BorgBackup Server Update Options" \
    "1" "Update BorgBackup Server" \
-    "2" "Reset SSH Access")
+    "2" "Reset SSH Access" \
+    "3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \
+    "4" "Disable password authentication for backup user (recommended for security, use SSH key)")

  case $CHOICE in
-  1)    
+  1)
    msg_info "Updating $APP LXC"
    $STD apk -U upgrade
    msg_ok "Updated $APP LXC successfully!"
@ -42,40 +44,58 @@ function update_script() {
      msg_warn "Reset SSH Public key requires interactive mode, skipping."
      exit
    fi
-    
+
    msg_info "Setting up SSH Public Key for backup user"
-    
+
    # Get SSH public key from user
-    msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):"
-    read -r SSH_PUBLIC_KEY
-    
+    msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n"
+    read -p "Key: " SSH_PUBLIC_KEY
+    echo
+
    if [[ -z "$SSH_PUBLIC_KEY" ]]; then
      msg_error "No SSH public key provided!"
      exit 1
    fi
-    
+
    # Validate that it looks like an SSH public key
    if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then
      msg_error "Invalid SSH public key format!"
      exit 1
    fi
-    
+
    # Set up SSH directory and authorized_keys file
    msg_info "Setting up SSH access"
    mkdir -p /home/backup/.ssh
    echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys
-    
+
    # Set correct permissions
    chown -R backup:backup /home/backup/.ssh
    chmod 700 /home/backup/.ssh
    chmod 600 /home/backup/.ssh/authorized_keys
-    
+
    msg_ok "SSH access configured for backup user"
-    msg_info "SSH access details:"
-    msg_info "Connection: ssh backup@${IP}"
+    ;;
+  3)
+    if [[ "${PHS_SILENT:-0}" == "1" ]]; then
+      msg_warn "Enabling password authentication requires interactive mode, skipping."
+      exit
+    fi
+
+    msg_info "Enabling password authentication for backup user"
+    msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead."
+    passwd backup
+    sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config
+    rc-service sshd restart
+    msg_ok "Password authentication enabled for backup user"
+    ;;
+  4)
+    msg_info "Disabling password authentication for backup user"
+    sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
+    rc-service sshd restart
+    msg_ok "Password authentication disabled for backup user"
    ;;
  esac
-  
+
  exit 0
 }