From f9c3f33e74910cb4e71b86429ae8153be21512b4 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Fri, 6 Jun 2014 08:17:49 -0400
Subject: [PATCH] move the SSH password login check out of setup because it
 interfers with Vagrant and into a separate script that we'll use for auditing
 in a later phase

---
 setup/check_ssh.sh | 15 +++++++++++++++
 setup/system.sh    | 15 ---------------
 2 files changed, 15 insertions(+), 15 deletions(-)
 create mode 100755 setup/check_ssh.sh

diff --git a/setup/check_ssh.sh b/setup/check_ssh.sh
new file mode 100755
index 00000000..155bf704
--- /dev/null
+++ b/setup/check_ssh.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Check that SSH login with password is disabled. Stop if it's enabled.
+if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
+ || ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
+        echo "The SSH server on this machine permits password-based login."
+        echo "A more secure way to log in is using a public key."
+        echo ""
+        echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
+        echo "check that you can log in without a password, set the option"
+        echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
+        echo "restart the openssh via 'sudo service ssh restart'"
+        exit
+fi
+
diff --git a/setup/system.sh b/setup/system.sh
index 493fd43a..b8952662 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -5,21 +5,6 @@ source setup/functions.sh # load our functions
 apt-get -qq update
 apt-get -qq -y upgrade
 
-# Install openssh-server to ensure that the end result is consistent across all Mail-in-a-Boxes.
-apt_install openssh-server
-
-# Check that SSH login with password is disabled. Stop if it's enabled.
-if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
- || ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
-        echo
-        echo "The SSH server on this machine permits password-based login."
-        echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
-        echo "check that you can log in without a password, set the option"
-        echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
-        echo "restart the openssh via 'sudo service ssh restart'"
-        exit
-fi
-
 # Install basic utilities.
 
 apt_install python3 wget curl bind9-host