Allow password / extend CLI (#151)

* Allow password / extend CLI

* allow only use one variant

* fix key generator

ssh/config.json

@@ -1,6 +1,6 @@
 {
   "name": "SSH server",
-  "version": "1.0",
+  "version": "2.0",
   "slug": "ssh",
   "description": "Connect to your server over SSH",
   "url": "https://home-assistant.io/addons/ssh/",
@@ -11,10 +11,12 @@
    },
   "map": ["config:rw", "ssl:rw", "addons:rw", "share:rw", "backup:rw"],
   "options": {
-    "authorized_keys": [null]
+    "authorized_keys": [],
+    "password": ""
   },
   "schema": {
-    "authorized_keys": ["str"]
+    "authorized_keys": ["str"],
+    "password": "str"
   },
   "image": "homeassistant/{arch}-addon-ssh"
 }

ssh/hassio

@@ -12,25 +12,23 @@ HomeAssistant:
   $ hassio homeassistant logs
   $ hassio homeassistant restart
   $ hassio homeassistant update
+
+Host:
+  $ hassio host restart
+  $ hassio host shutdown
+  $ hassio host update
 EOF
 fi
 
-function call_api_post() {
-    if ! api_ret="$(curl -X POST "$HASSIO_API/$1/$2")"; then
-        echo "API error: $api_ret"
-        exit 1
-    fi
-    echo "$api_ret"
-}
-
-function call_api_get() {
-    if ! api_ret="$(curl "$HASSIO_API/$1/$2")"; then
+function call_api() {
+    if ! api_ret="$(curl -s -X $1 "$HASSIO_API/$2/$3")"; then
         echo "API error: $api_ret"
         exit 1
     fi
     echo "$api_ret"
 }
 
+######
 # homeassistant functions
 if [ "$1" == "homeassistant" ]; then
     hass_cmd=('logs' 'restart' 'update')
@@ -38,12 +36,23 @@ if [ "$1" == "homeassistant" ]; then
         echo "No homeassistant command '$2' found!"
         exit 1
     fi
-    
+
     # logs
     if [ "$2" == "logs" ]; then
-        call_api_get "$1" "$2"
-        exit 0
+        call_api GET "$1" "$2"
+    else
+        call_api POST "$1" "$2"
     fi
-    
-    call_api_post "$1" "$2"
+fi
+
+######
+# host functions
+if [ "$1" == "host" ]; then
+    hass_cmd=('restart' 'shutdown' 'update')
+    if [[ ! ${hass_cmd[*]} =~ $2 ]]; then
+        echo "No host command '$2' found!"
+        exit 1
+    fi
+
+    call_api POST "$1" "$2"
 fi

ssh/run.sh

@@ -5,25 +5,42 @@ CONFIG_PATH=/data/options.json
 KEYS_PATH=/data/host_keys
 
 AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH)
+PASSWORD=$(jq --raw-output ".password" $CONFIG_PATH)
 
 # Init defaults config
 sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config
-sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
 sed -i s/#LogLevel.*/LogLevel\ DEBUG/ /etc/ssh/sshd_config
 
-# Generate authorized_keys file
-mkdir -p ~/.ssh
-while read -r line; do
-    echo "$line" >> ~/.ssh/authorized_keys
-done <<< "$AUTHORIZED_KEYS"
-chmod 600 ~/.ssh/authorized_keys
+if [ ! -z "$AUTHORIZED_KEYS" ]; then
+    echo "[INFO] Setup authorized_keys"
+
+    mkdir -p ~/.ssh
+    while read -r line; do
+        echo "$line" >> ~/.ssh/authorized_keys
+    done <<< "$AUTHORIZED_KEYS"
+
+    chmod 600 ~/.ssh/authorized_keys
+    sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
+elif [ ! -z "$PASSWORD" ]; then
+    echo "[INFO] Setup password login"
+
+    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
+    sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ yes/ /etc/ssh/sshd_config
+    sed -i s/#PermitEmptyPasswords.*/PermitEmptyPasswords\ no/ /etc/ssh/sshd_config
+else
+    echo "[Error] You need setup a login!"
+    exit 1
+fi
 
 # Generate host keys
 if [ ! -d "$KEYS_PATH" ]; then
+    echo "[INFO] Create host keys"
+
     mkdir -p "$KEYS_PATH"
     ssh-keygen -A
     cp -fp /etc/ssh/ssh_host* "$KEYS_PATH/"
 else
+    echo "[INFO] Restore host keys"
     cp -fp "$KEYS_PATH"/* /etc/ssh/
 fi