distro/rhel90: disable pw auth for EC2 images

Disable loging in via password authentication since this is an
official Amazon marketplace requirement

  Linux-based AMIs must not allow SSH password authentication.
  Disable password authentication via your sshd_config file by
  setting PasswordAuthentication to NO.

  Section "Security policies" from
  https://docs.aws.amazon.com/marketplace/latest/userguide/product-and-ami-policies.html

internal/distro/rhel90/distro.go

@@ -945,6 +945,11 @@ func newDistro(distroName string) distro.Distro {
 		Authselect: &osbuild.AuthselectStageOptions{
 			Profile: "sssd",
 		},
+		SshdConfig: &osbuild.SshdConfigStageOptions{
+			Config: osbuild.SshdConfigConfig{
+				PasswordAuthentication: common.BoolToPtr(false),
+			},
+		},
 	}
 
 	// default EC2 images config (x86_64)

internal/distro/rhel90/pipelines.go

@@ -501,6 +501,10 @@ func osPipeline(t *imageType,
 		p.AddStage(osbuild.NewDNFConfigStage(dnfConfig))
 	}
 
+	if sshdConfig := imageConfig.SshdConfig; sshdConfig != nil {
+		p.AddStage((osbuild.NewSshdConfigStage(sshdConfig)))
+	}
+
 	if pt != nil {
 		p = prependKernelCmdlineStage(p, t, pt)
 		p.AddStage(osbuild.NewFSTabStage(pt.FSTabStageOptionsV2()))

test/data/manifests/rhel_90-aarch64-ami-boot.json

@@ -977,6 +977,14 @@
               "profile": "sssd"
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {

test/data/manifests/rhel_90-aarch64-ec2-boot.json

@@ -991,6 +991,14 @@
               "profile": "sssd"
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {

test/data/manifests/rhel_90-x86_64-ami-boot.json

@@ -972,6 +972,14 @@
               "profile": "sssd"
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {

test/data/manifests/rhel_90-x86_64-ec2-boot.json

@@ -988,6 +988,14 @@
               "profile": "sssd"
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {

test/data/manifests/rhel_90-x86_64-ec2_ha-boot.json

@@ -1182,6 +1182,14 @@
               "profile": "sssd"
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {

test/data/manifests/rhel_90-x86_64-ec2_sap-boot.json

@@ -1353,6 +1353,14 @@
               ]
             }
           },
+          {
+            "type": "org.osbuild.sshd.config",
+            "options": {
+              "config": {
+                "PasswordAuthentication": false
+              }
+            }
+          },
           {
             "type": "org.osbuild.fstab",
             "options": {