Ubuntu Snappy: conditionally enable SSH on Snappy

  When a user provides authentication tokens, enable SSH unless SSH has
  been explicitly disabled (LP: #1494816).

1 files changed, 14 insertions, 1 deletions

diff --git a/cloudinit/config/cc_snappy.py b/cloudinit/config/cc_snappy.py
index 7aaec94a..e36542bf 100644
--- a/cloudinit/config/cc_snappy.py
+++ b/cloudinit/config/cc_snappy.py
@@ -274,7 +274,20 @@ def handle(name, cfg, cloud, log, args):
             LOG.warn("'%s' failed for '%s': %s",
                      pkg_op['op'], pkg_op['name'], e)
 
-    disable_enable_ssh(mycfg.get('ssh_enabled', False))
+    # Default to disabling SSH
+    ssh_enabled = mycfg.get('ssh_enabled', False)
+
+    # If the user has not explicitly enabled or disabled SSH, then enable it
+    # when password SSH authentication is requested or there are SSH keys
+    if mycfg.get('ssh_enabled', None) is not False:
+        if len(mycfg.get('public-keys', [])) > 0:
+            LOG.debug("Enabling SSH, user SSH keys provided")
+            ssh_enabled = True
+        elif mycfg.get('ssh_pwauth', False):
+            LOG.debug("Enabling SSH, password authentication requested")
+            ssh_enabled = True
+
+    disable_enable_ssh(ssh_enabled)
 
     if fails:
         raise Exception("failed to install/configure snaps")