From d2ca6fb86158b3856dac239c32d19824f3be8a78 Mon Sep 17 00:00:00 2001 From: Sander Koenders Date: Mon, 16 Feb 2026 18:00:34 +0100 Subject: [PATCH] Add options to enable and disable password authentication Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration. --- ct/alpine-borgbackup-server.sh | 50 ++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/ct/alpine-borgbackup-server.sh b/ct/alpine-borgbackup-server.sh index b293a8340..a1fe28a44 100644 --- a/ct/alpine-borgbackup-server.sh +++ b/ct/alpine-borgbackup-server.sh @@ -21,7 +21,7 @@ catch_errors # Enable error handling with automatic exit on failure function update_script() { header_info - + if [[ ! -f /usr/bin/borg ]]; then msg_error "No ${APP} Installation Found!" exit @@ -29,10 +29,12 @@ function update_script() { CHOICE=$(msg_menu "BorgBackup Server Update Options" \ "1" "Update BorgBackup Server" \ - "2" "Reset SSH Access") + "2" "Reset SSH Access" \ + "3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \ + "4" "Disable password authentication for backup user (recommended for security, use SSH key)") case $CHOICE in - 1) + 1) msg_info "Updating $APP LXC" $STD apk -U upgrade msg_ok "Updated $APP LXC successfully!" @@ -42,40 +44,58 @@ function update_script() { msg_warn "Reset SSH Public key requires interactive mode, skipping." exit fi - + msg_info "Setting up SSH Public Key for backup user" - + # Get SSH public key from user - msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):" - read -r SSH_PUBLIC_KEY - + msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n" + read -p "Key: " SSH_PUBLIC_KEY + echo + if [[ -z "$SSH_PUBLIC_KEY" ]]; then msg_error "No SSH public key provided!" exit 1 fi - + # Validate that it looks like an SSH public key if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then msg_error "Invalid SSH public key format!" exit 1 fi - + # Set up SSH directory and authorized_keys file msg_info "Setting up SSH access" mkdir -p /home/backup/.ssh echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys - + # Set correct permissions chown -R backup:backup /home/backup/.ssh chmod 700 /home/backup/.ssh chmod 600 /home/backup/.ssh/authorized_keys - + msg_ok "SSH access configured for backup user" - msg_info "SSH access details:" - msg_info "Connection: ssh backup@${IP}" + ;; + 3) + if [[ "${PHS_SILENT:-0}" == "1" ]]; then + msg_warn "Enabling password authentication requires interactive mode, skipping." + exit + fi + + msg_info "Enabling password authentication for backup user" + msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead." + passwd backup + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication enabled for backup user" + ;; + 4) + msg_info "Disabling password authentication for backup user" + sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config + rc-service sshd restart + msg_ok "Password authentication disabled for backup user" ;; esac - + exit 0 }