From a875a7b21f2d1b18c92997eb885b9692365fce3d Mon Sep 17 00:00:00 2001
From: Lilian Roller <lilian.roller@wingcon.com>
Date: Tue, 17 Mar 2020 18:52:03 +0100
Subject: [PATCH] forbid password auth

---
 templates/sshd_config.j2 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index d59a276..3b1446c 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -45,9 +45,13 @@ HostKeyAlgorithms
 {%- endfor %}
 
 
-{#
 # Client authentication
-PasswordAuthentication {{ sshd_password_authentication }}
+PasswordAuthentication
+{%- if sshd.password_authentication | bool -%}
+  yes
+{%- else -%}
+  no
+{%- endif %}
 ChallengeResponseAuthentication no
 PubkeyAuthentication yes
 
@@ -56,6 +60,7 @@ PubkeyAuthentication yes
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 
+{#
 # User Authentication
 {% if restrict_allow_users|default(True) %}
 AllowUsers {{ sshd_allow_users|join(' ') }}