From 58989a6abf1585744476501f7f17599c4a79e9b7 Mon Sep 17 00:00:00 2001
From: L3D <l3d@see-base.de>
Date: Tue, 17 Mar 2020 18:52:03 +0100
Subject: [PATCH] forbid password auth

---
 templates/sshd_config.j2 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index d59a276..aa6e0bf 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -45,9 +45,13 @@ HostKeyAlgorithms
 {%- endfor %}
 
 
-{#
 # Client authentication
-PasswordAuthentication {{ sshd_password_authentication }}
+PasswordAuthentication
+{%- if sshd.password_authentication | bool -%}
+  {{ ' yes' }}
+{% else -%}
+  {{ ' no' }}
+{% endif %}
 ChallengeResponseAuthentication no
 PubkeyAuthentication yes
 
@@ -56,6 +60,7 @@ PubkeyAuthentication yes
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 
+{#
 # User Authentication
 {% if restrict_allow_users|default(True) %}
 AllowUsers {{ sshd_allow_users|join(' ') }}