ssh: enable PasswordAuthentication for containerized undercloud

We don't expect our operators to have SSH keys setup on the undercloud
node, so we don't want to block the PasswordAuthentication in
sshd_config.

Depends-On: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Change-Id: I10b112e8bffff30879606ddd970dfd3ec67fd9c7
Closes-Bug: #1772519

environments/undercloud.yaml

@@ -123,3 +123,4 @@ parameter_defaults:
       DhcpRangeEnd: '192.168.24.24'
   UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
   MistralDockerGroup: true
+  PasswordAuthentication: 'yes'

puppet/services/sshd.yaml

@@ -46,7 +46,6 @@ parameters:
         - '/etc/ssh/ssh_host_ed25519_key'
       SyslogFacility: 'AUTHPRIV'
       AuthorizedKeysFile: '.ssh/authorized_keys'
-      PasswordAuthentication: 'no'
       ChallengeResponseAuthentication: 'no'
       GSSAPIAuthentication: 'yes'
       GSSAPICleanupCredentials: 'no'
@@ -62,6 +61,10 @@ parameters:
       Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
     description: Mapping of sshd_config values
     type: json
+  PasswordAuthentication:
+    default: 'no'
+    description: Whether or not disable password authentication
+    type: string
 
 outputs:
   role_data:
@@ -72,5 +75,6 @@ outputs:
         tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
         tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
         tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
+        tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
       step_config: |
         include ::tripleo::profile::base::sshd