From f0f3a689e6f31168c914cde561c10db4e7077bd0 Mon Sep 17 00:00:00 2001
From: L3D <l3d@see-base.de>
Date: Mon, 8 Apr 2019 19:34:58 +0200
Subject: [PATCH] add option to enable password based auth

---
 defaults/main.yml     | 4 ++++
 templates/sshd_config | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e4ef4ee..8dbe253 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -12,3 +12,7 @@ sshd_default_allowed_groups:
 
 # Enable AllowUsers and AllowGroups options
 restrict_allow_users: True
+
+# Allow login with password?
+sshd_password_authentication: no
+ 
diff --git a/templates/sshd_config b/templates/sshd_config
index d8315f2..fff9ca5 100644
--- a/templates/sshd_config
+++ b/templates/sshd_config
@@ -21,7 +21,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 # HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
 
 # Client authentication
-PasswordAuthentication no
+PasswordAuthentication {{ sshd_password_authentication }}
 ChallengeResponseAuthentication no
 PubkeyAuthentication yes