From 6f2b8551e72596adfc685357d8471c454bd96d63 Mon Sep 17 00:00:00 2001
From: Ben Howard <ben.howard@canonical.com>
Date: Fri, 11 Sep 2015 13:38:14 -0600
Subject: Ubuntu Snappy: conditionally enable SSH on Snappy   When a user
 provides authentication tokens, enable SSH unless SSH has   been explicitly
 disabled (LP: #1494816).

---
 cloudinit/config/cc_snappy.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'cloudinit/config/cc_snappy.py')

diff --git a/cloudinit/config/cc_snappy.py b/cloudinit/config/cc_snappy.py
index 7aaec94a..e36542bf 100644
--- a/cloudinit/config/cc_snappy.py
+++ b/cloudinit/config/cc_snappy.py
@@ -274,7 +274,20 @@ def handle(name, cfg, cloud, log, args):
             LOG.warn("'%s' failed for '%s': %s",
                      pkg_op['op'], pkg_op['name'], e)
 
-    disable_enable_ssh(mycfg.get('ssh_enabled', False))
+    # Default to disabling SSH
+    ssh_enabled = mycfg.get('ssh_enabled', False)
+
+    # If the user has not explicitly enabled or disabled SSH, then enable it
+    # when password SSH authentication is requested or there are SSH keys
+    if mycfg.get('ssh_enabled', None) is not False:
+        if len(mycfg.get('public-keys', [])) > 0:
+            LOG.debug("Enabling SSH, user SSH keys provided")
+            ssh_enabled = True
+        elif mycfg.get('ssh_pwauth', False):
+            LOG.debug("Enabling SSH, password authentication requested")
+            ssh_enabled = True
+
+    disable_enable_ssh(ssh_enabled)
 
     if fails:
         raise Exception("failed to install/configure snaps")
-- 
cgit v1.2.3