From 834f4cd860cd35c85ec675a08b2ea8b1a8d8fbaa Mon Sep 17 00:00:00 2001
From: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
Date: Sun, 15 Dec 2019 15:06:44 +0100
Subject: [PATCH] multi-factor-authentication: Remove existing authorized ssh
 pubkeys if none was given
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tobias Knöppler <tobias@knoeppler.net>
---
 bin/ncp/SECURITY/multi-factor-authentication.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bin/ncp/SECURITY/multi-factor-authentication.sh b/bin/ncp/SECURITY/multi-factor-authentication.sh
index ac34b8cf2..650f2cdc9 100755
--- a/bin/ncp/SECURITY/multi-factor-authentication.sh
+++ b/bin/ncp/SECURITY/multi-factor-authentication.sh
@@ -260,12 +260,16 @@ configure() {
   echo "Restarting ssh service..."
   systemctl is-enabled ssh -q && systemctl restart ssh
 
-  # Setup SSH public key if provided
-  if [[ -n "$ssh_pubkey" ]]
+  # Setup SSH public key
+  if [[ -n "$SSH_PUBLIC_KEY" ]]
   then
     echo "Setting up SSH public key..."
     echo "$ssh_pubkey" > "${SSH_USER_HOME}/.ssh/authorized_keys"
     chown "${SSH_USER}:" "${SSH_USER_HOME}/.ssh/authorized_keys"
+  elif [[ -f "${SSH_USER_HOME}/.ssh/authorized_keys" ]]
+  then
+    echo "Removing authorized ssh public key"
+    rm "${SSH_USER_HOME}/.ssh/authorized_keys"
   fi
 
   setup_totp_secret "$SSH_USER" "$SSH_USER_HOME"