community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Add options to enable and disable password authentication

Browse Source 
Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration.
This commit is contained in:
Sander Koenders 2026-02-16 18:00:34 +01:00
parent 0042f61d04
commit d2ca6fb861
1 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ct/alpine-borgbackup-server.sh
View File

@ -29,7 +29,9 @@ function update_script() {
CHOICE=$(msg_menu "BorgBackup Server Update Options" \ CHOICE=$(msg_menu "BorgBackup Server Update Options" \
"1" "Update BorgBackup Server" \ "1" "Update BorgBackup Server" \
"2" "Reset SSH Access") "2" "Reset SSH Access" \
"3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \
"4" "Disable password authentication for backup user (recommended for security, use SSH key)")
case $CHOICE in case $CHOICE in
1) 1)
@ -46,8 +48,9 @@ function update_script() {
msg_info "Setting up SSH Public Key for backup user" msg_info "Setting up SSH Public Key for backup user"
# Get SSH public key from user # Get SSH public key from user
msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):" msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n"
read -r SSH_PUBLIC_KEY read -p "Key: " SSH_PUBLIC_KEY
echo
if [[ -z "$SSH_PUBLIC_KEY" ]]; then if [[ -z "$SSH_PUBLIC_KEY" ]]; then
msg_error "No SSH public key provided!" msg_error "No SSH public key provided!"
@ -71,8 +74,25 @@ function update_script() {
chmod 600 /home/backup/.ssh/authorized_keys chmod 600 /home/backup/.ssh/authorized_keys
msg_ok "SSH access configured for backup user" msg_ok "SSH access configured for backup user"
msg_info "SSH access details:" ;;
msg_info "Connection: ssh backup@${IP}" 3)
if [[ "${PHS_SILENT:-0}" == "1" ]]; then
msg_warn "Enabling password authentication requires interactive mode, skipping."
exit
fi
msg_info "Enabling password authentication for backup user"
msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead."
passwd backup
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication enabled for backup user"
;;
4)
msg_info "Disabling password authentication for backup user"
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication disabled for backup user"
;; ;;
esac esac