create ssh directory in manager_user (#2598)

* set user directory perm to 755
* set userpass in case of ssh
* fix ssh server script
* change access type if condition
* create ssh directory in manager_user

app/gitspace/orchestrator/template/templates/manage_user.sh

@@ -20,9 +20,15 @@ fi
 # Changing ownership of everything inside user home to the newly created user
 chown -R $username:$username $homeDir
 echo "Changing ownership of dir $homeDir to $username."
+chmod 755 $homeDir
 
-if $accessType = "ssh_key"; then
+if [ "ssh_key" = "$accessType" ] ; then
+    echo "Add ssh key in $homeDir/.ssh/authorized_keys"
+    mkdir -p $homeDir/.ssh
+    chmod 700 $homeDir/.ssh
     echo $accessKey > $homeDir/.ssh/authorized_keys
+    chmod 600 $homeDir/.ssh/authorized_keys
+    chown -R $username:$username $homeDir/.ssh
 else
     echo "$username:$accessKey" | chpasswd
 fi

app/gitspace/orchestrator/template/templates/setup_ssh_server.sh

@@ -14,6 +14,7 @@ accessType={{ .AccessType }}
 
 # Configure SSH to allow this user
 config_file='/etc/ssh/sshd_config'
+
 grep -q "^AllowUsers" $config_file
 if [ $? -eq 0 ]; then
     # If AllowUsers exists, add the user to it
@@ -23,12 +24,17 @@ else
     echo "AllowUsers $username" >> $config_file
 fi
 
-if $accessType = "ssh_key"; then
+echo "Access type $accessType"
+
+if [ "ssh_key" = "$accessType" ] ; then
 # Ensure password authentication is disabled
 sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' $config_file
 if ! grep -q "^PasswordAuthentication no" $config_file; then
     echo "PasswordAuthentication no" >> $config_file
 fi
+sed -i 's/^UsePAM yes/UsePAM no/' $config_file
+echo "AuthorizedKeysFile	.ssh/authorized_keys" >> $config_file
+echo "PubkeyAuthentication yes" >> $config_file
 else
 # Ensure password authentication is enabled
 sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' $config_file