community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Add options to enable and disable password authentication

Browse Source 
Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration.
This commit is contained in:
Sander Koenders 2026-02-16 18:00:34 +01:00
parent 0042f61d04
commit d2ca6fb861
1 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
ct/alpine-borgbackup-server.sh
View File

@ -21,7 +21,7 @@ catch_errors # Enable error handling with automatic exit on failure
function update_script() { function update_script() {
header_info header_info
if [[ ! -f /usr/bin/borg ]]; then if [[ ! -f /usr/bin/borg ]]; then
msg_error "No ${APP} Installation Found!" msg_error "No ${APP} Installation Found!"
exit exit
@ -29,10 +29,12 @@ function update_script() {
CHOICE=$(msg_menu "BorgBackup Server Update Options" \ CHOICE=$(msg_menu "BorgBackup Server Update Options" \
"1" "Update BorgBackup Server" \ "1" "Update BorgBackup Server" \
"2" "Reset SSH Access") "2" "Reset SSH Access" \
"3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \
"4" "Disable password authentication for backup user (recommended for security, use SSH key)")
case $CHOICE in case $CHOICE in
1) 1)
msg_info "Updating $APP LXC" msg_info "Updating $APP LXC"
$STD apk -U upgrade $STD apk -U upgrade
msg_ok "Updated $APP LXC successfully!" msg_ok "Updated $APP LXC successfully!"
@ -42,40 +44,58 @@ function update_script() {
msg_warn "Reset SSH Public key requires interactive mode, skipping." msg_warn "Reset SSH Public key requires interactive mode, skipping."
exit exit
fi fi
msg_info "Setting up SSH Public Key for backup user" msg_info "Setting up SSH Public Key for backup user"
# Get SSH public key from user # Get SSH public key from user
msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host):" msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n"
read -r SSH_PUBLIC_KEY read -p "Key: " SSH_PUBLIC_KEY
echo
if [[ -z "$SSH_PUBLIC_KEY" ]]; then if [[ -z "$SSH_PUBLIC_KEY" ]]; then
msg_error "No SSH public key provided!" msg_error "No SSH public key provided!"
exit 1 exit 1
fi fi
# Validate that it looks like an SSH public key # Validate that it looks like an SSH public key
if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then
msg_error "Invalid SSH public key format!" msg_error "Invalid SSH public key format!"
exit 1 exit 1
fi fi
# Set up SSH directory and authorized_keys file # Set up SSH directory and authorized_keys file
msg_info "Setting up SSH access" msg_info "Setting up SSH access"
mkdir -p /home/backup/.ssh mkdir -p /home/backup/.ssh
echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys
# Set correct permissions # Set correct permissions
chown -R backup:backup /home/backup/.ssh chown -R backup:backup /home/backup/.ssh
chmod 700 /home/backup/.ssh chmod 700 /home/backup/.ssh
chmod 600 /home/backup/.ssh/authorized_keys chmod 600 /home/backup/.ssh/authorized_keys
msg_ok "SSH access configured for backup user" msg_ok "SSH access configured for backup user"
msg_info "SSH access details:" ;;
msg_info "Connection: ssh backup@${IP}" 3)
if [[ "${PHS_SILENT:-0}" == "1" ]]; then
msg_warn "Enabling password authentication requires interactive mode, skipping."
exit
fi
msg_info "Enabling password authentication for backup user"
msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead."
passwd backup
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication enabled for backup user"
;;
4)
msg_info "Disabling password authentication for backup user"
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication disabled for backup user"
;; ;;
esac esac
exit 0 exit 0
} }