From fe8b5b907b6a1dc828f9b8cdfff6b806dadd238e Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Fri, 15 Jun 2012 16:55:02 +0300
Subject: [PATCH] fix sshd settings

---
 initscripts/lxc-sliceimage | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/initscripts/lxc-sliceimage b/initscripts/lxc-sliceimage
index b1c6337..07ff98a 100755
--- a/initscripts/lxc-sliceimage
+++ b/initscripts/lxc-sliceimage
@@ -89,8 +89,9 @@ ONBOOT=yes
 EOF
     # Tweak sshd configuration
     chroot $rootfs sed -i 's/^UsePAM\ *yes/\#&/' /etc/ssh/sshd_config
-    chroot $rootfs sed -i 's/^GSSAPIAuthentication\ *yes/\#&/' /etc/ssh/sshd_config
-    chroot $rootfs sed -i 's/^PasswordAuthentication\ *yes/\#&/' /etc/ssh/sshd_config
+    # commenting out the defaults in the file is not enough, need to explicitly set these to no
+    chroot $rootfs sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
+    chroot $rootfs sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
     # Allow root to login at virsh console
     echo "pts/0" >> $rootfs/etc/securetty
     # our image does not have NetworkManager, only network, and it is off by default
-- 
2.43.0