2 files changed, 22 insertions, 2 deletions

diff --git a/setup-sshd.in b/setup-sshd.in
index 280c015..9f1a0e2 100644
--- a/setup-sshd.in
+++ b/setup-sshd.in
@@ -77,7 +77,9 @@ fi
 
 $MOCK apk add --quiet $pkgs
 
-if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ]; then
+users=$(awk -F: '{if ($3<65000 && $3 >= 1000) print $1}' \
+	"$ROOT"/etc/passwd 2>/dev/null)
+if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ] && [ -z "$users" ]; then
 	suggest=prohibit-password
 	while [ -n "$interactive" ]; do
 		ask "Allow root ssh login? ('?' for help)" "$suggest"
diff --git a/tests/setup_sshd_test b/tests/setup_sshd_test
index b177949..1a779a4 100755
--- a/tests/setup_sshd_test
+++ b/tests/setup_sshd_test
@@ -7,7 +7,8 @@ init_tests \
 	setup_sshd_dropbear \
 	setup_sshd_openssh \
 	setup_sshd_interactive_openssh_nologin \
-	setup_sshd_interactive_openssh_prohibitpass
+	setup_sshd_interactive_openssh_prohibitpass \
+	setup_sshd_interactive_openssh_user_exist
 
 setup_sshd_usage_body() {
 	test_usage setup-sshd
@@ -85,3 +86,20 @@ setup_sshd_interactive_openssh_prohibitpass_body() {
 	grep "$WGETCONTENT" root/.ssh/authorized_keys
 }
 
+setup_sshd_interactive_openssh_user_exist_body() {
+	init_env
+	mkdir -p etc/ssh
+	# should not ask permit root login or ssh key if user exists
+	echo "joe:x:1000:1000:joe,,,:/home/joe:/bin/ash" >etc/passwd
+	(
+		echo "openssh"
+	) >answers
+	atf_check -s exit:0 \
+		-e empty \
+		-o match:"Which ssh server" \
+		-o not-match:"Allow root ssh login" \
+		-o not-match:"Enter ssh key" \
+		-o match:"apk add.* openssh" \
+		setup-sshd < answers
+}
+