Fix none root login (#554)

* Fix account locking issue

* Fix script

ssh/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.3
+- Fix: User root not allowed because account is locked
+
 ## 5.2
 - Update Hass.io CLI to 2.1.0
 

ssh/Dockerfile

@@ -27,5 +27,6 @@ RUN apk add --no-cache curl \
 # Copy data
 COPY run.sh /
 COPY motd /etc/
+COPY sshd_config /etc/ssh/
 
 CMD [ "/run.sh" ]

ssh/config.json

@@ -1,6 +1,6 @@
 {
   "name": "SSH server",
-  "version": "5.2",
+  "version": "5.3",
   "slug": "ssh",
   "description": "Allows connections over SSH",
   "url": "https://home-assistant.io/addons/ssh/",

ssh/run.sh

@@ -7,10 +7,6 @@ KEYS_PATH=/data/host_keys
 AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH)
 PASSWORD=$(jq --raw-output ".password" $CONFIG_PATH)
 
-# Init defaults config
-sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config
-sed -i s/#LogLevel.*/LogLevel\ DEBUG/ /etc/ssh/sshd_config
-
 if [ -n "$AUTHORIZED_KEYS" ]; then
     echo "[INFO] Setup authorized_keys"
 
@@ -21,6 +17,10 @@ if [ -n "$AUTHORIZED_KEYS" ]; then
 
     chmod 600 ~/.ssh/authorized_keys
     sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
+
+    # Unlook account
+    PASSWORD="$(strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c32)"
+    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
 elif [ -n "$PASSWORD" ]; then
     echo "[INFO] Setup password login"
 

ssh/sshd_config

@@ -0,0 +1,20 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# Logging
+LogLevel DEBUG
+
+# Default
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+
+Subsystem       sftp    /usr/lib/ssh/sftp-server
+
+# Authentication:
+PermitRootLogin yes
+
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+