Enabling the option in to disable Password Authentication and only us…

…e Public Key Authentication

Addressing issue vmware-samples#14.

By default, both Public Key Authentication and Password Authentication are enabled for Linux distributons. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated script in the `/scripts` directory. Comments are added to the scripts to call out what to uncomment, if desired.

README.md

@@ -582,7 +582,7 @@ Decoded Password: [decoded password]
  ```
  These files are copied to the guest operating systems with a Packer file provisioner; after which, the a shell provisioner adds the certificate to the Trusted Certificate Authority of the guest operating system.
 
-  >**NOTE**: If you do not wish to install the certificates on the guest operating systems, comment out the portion of the shell provisioner scripts in the `scripts` directory and remove the file provisioner from the `prk.hcl` file for each build. If you need to add an intermediate certificate, add the certificate to `/certificates` and update the shell provisioner scripts in the `scripts` directory with your requirements.
+  >**NOTE**: If you do not wish to install the certificates on the guest operating systems, comment or remove the portion of the associated script in the `/scripts` directory and the file provisioner from the `prk.hcl` file for each build. If you need to add an intermediate certificate, add the certificate to `/certificates` and update the shell provisioner scripts in the `scripts` directory with your requirements.
 
 2. Generate a Public Key
 
@@ -624,13 +624,15 @@ Decoded Password: [decoded password]
  │ └── id_ecdsa.pub
  ```
 
- This file is temporarily copied to the guest operating systems of the Linux distributions with a Packer file provisioner; after which, the a shell provisioner adds the key to the `.ssh/authorized_keys` file of the `build_username` on the guest operating system.
+ This file is temporarily copied to the guest operating systems of the Linux distributions with a Packer file provisioner; after which, the a shell provisioner adds the key to the `.ssh/authorized_keys` file of the `build_username` on the guest operating system. 
 
-  >**IMPORTANT**: You definitely **must** to replace this public key.
-
-  >**NOTE**: This release uses the newer ECDSA versus the older RSA public key algorithm. 
+  >**WARNING**: You should most definitely replace this public key.
+ 
+  >**NOTE**: This repository uses the newer ECDSA versus the older RSA public key algorithm. See [Generate a New SSH Key][ssh-keygen] on SSH.com. 
+ > 
+ > If you do not wish to install the public key on the Linux guest operating systems and therefore disable Public Key Authentication, comment or remove the portion of the associated script in the `/scripts` directory and the file provisioner from the `prk.hcl` file for each Linux build. 
  >
- > See [Generate a New SSH Key][ssh-keygen] on SSH.com. 
+ > By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated script in the `/scripts` directory.
 
 ## Build
 

scripts/linux/almalinux-server-cleanup.sh

@@ -30,6 +30,7 @@ sudo rm -rf /tmp/root-ca.crt
 
 ### Copy the SSH key to authorized_keys and set permissions. ###
 echo '> Copying the SSH key to Authorized Keys and setting permissions ...'
+### Comment the lines below to to if you disable Public Key Authentication. ###
 sudo mkdir -p /home/$BUILD_USERNAME/.ssh
 sudo chmod 700 /home/$BUILD_USERNAME/.ssh
 sudo cat /tmp/id_ecdsa.pub > /home/$BUILD_USERNAME/.ssh/authorized_keys
@@ -39,8 +40,11 @@ sudo rm -rf /tmp/id_ecdsa.pub
 
 ### Configure SSH for Public Key Authentication. ###
 echo '> Configuring SSH for Public Key Authentication ...'
-sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
+sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
+### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 ### Restart the SSH daemon. ###
 echo '> Restarting the SSH daemon. ...'

scripts/linux/centos-server-cleanup.sh

@@ -29,6 +29,7 @@ sudo rm -rf /tmp/root-ca.crt
 
 ### Copy the SSH key to authorized_keys and set permissions. ###
 echo '> Copying the SSH key to Authorized Keys and setting permissions ...'
+### Comment the lines below to to if you disable Public Key Authentication. ###
 sudo mkdir -p /home/$BUILD_USERNAME/.ssh
 sudo chmod 700 /home/$BUILD_USERNAME/.ssh
 sudo cat /tmp/id_ecdsa.pub > /home/$BUILD_USERNAME/.ssh/authorized_keys
@@ -38,8 +39,11 @@ sudo rm -rf /tmp/id_ecdsa.pub
 
 ### Configure SSH for Public Key Authentication. ###
 echo '> Configuring SSH for Public Key Authentication ...'
-sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
+sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
+### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 ### Restart the SSH daemon. ###
 echo '> Restarting the SSH daemon. ...'

scripts/linux/redhat-server-cleanup.sh

@@ -37,17 +37,21 @@ sudo rm -rf /tmp/root-ca.crt
 
 ### Copy the SSH key to authorized_keys and set permissions. ###
 echo '> Copying the SSH key to Authorized Keys and setting permissions ...'
+### Comment the lines below to to if you disable Public Key Authentication. ###
 sudo mkdir -p /home/$BUILD_USERNAME/.ssh
 sudo chmod 700 /home/$BUILD_USERNAME/.ssh
 sudo cat /tmp/id_ecdsa.pub > /home/$BUILD_USERNAME/.ssh/authorized_keys
 sudo chmod 644 /home/$BUILD_USERNAME/.ssh/authorized_keys
-sudo chown -R $BUILD_USERNAME /home/rainpole/.ssh
+sudo chown -R $BUILD_USERNAME /home/$BUILD_USERNAME/.ssh
 sudo rm -rf /tmp/id_ecdsa.pub
 
 ### Configure SSH for Public Key Authentication. ###
 echo '> Configuring SSH for Public Key Authentication ...'
-sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
+sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
+### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 ### Restart the SSH daemon. ###
 echo '> Restarting the SSH daemon. ...'

scripts/linux/rocky-server-cleanup.sh

@@ -30,6 +30,7 @@ sudo rm -rf /tmp/root-ca.crt
 
 ### Copy the SSH key to authorized_keys and set permissions. ###
 echo '> Copying the SSH key to Authorized Keys and setting permissions ...'
+### Comment the lines below to to if you disable Public Key Authentication. ###
 sudo mkdir -p /home/$BUILD_USERNAME/.ssh
 sudo chmod 700 /home/$BUILD_USERNAME/.ssh
 sudo cat /tmp/id_ecdsa.pub > /home/$BUILD_USERNAME/.ssh/authorized_keys
@@ -39,8 +40,11 @@ sudo rm -rf /tmp/id_ecdsa.pub
 
 ### Configure SSH for Public Key Authentication. ###
 echo '> Configuring SSH for Public Key Authentication ...'
-sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
+sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
+### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 ### Restart the SSH daemon. ###
 echo '> Restarting the SSH daemon. ...'

scripts/linux/ubuntu-server-cleanup.sh

@@ -30,6 +30,7 @@ sudo rm -rf /tmp/root-ca.crt
 
 ### Copy the SSH key to authorized_keys and set permissions. ###
 echo '> Copying the SSH key to Authorized Keys and setting permissions ...'
+### Comment the lines below to to if you disable Public Key Authentication. ###
 sudo mkdir -p /home/$BUILD_USERNAME/.ssh
 sudo chmod 700 /home/$BUILD_USERNAME/.ssh
 sudo cat /tmp/id_ecdsa.pub > /home/$BUILD_USERNAME/.ssh/authorized_keys
@@ -39,8 +40,10 @@ sudo rm -rf /tmp/id_ecdsa.pub
 
 ### Configure SSH for Public Key Authentication. ###
 echo '> Configuring SSH for Public Key Authentication ...'
-sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+### Comment or r4move the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
+sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
+### sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 ### Restart the SSH daemon. ###
 echo '> Restarting the SSH daemon. ...'