#!/bin/sh # stdin: default config # stdout: modified config set -e # save stdin (content of /etc/ssh/sshd_config) in variable stdin="$(cat)" # assertions echo "=== assert UsePAM ===" 1>&2 echo "$stdin" | grep --quiet '^UsePAM yes$' # echo "=== assert PermitRootLogin ===" 1>&2 echo "$stdin" | grep --quiet '^#PermitRootLogin\s.*$' ! echo "$stdin" | grep --quiet '^PermitRootLogin\s.*$' echo "=== assert PubkeyAuthentication ===" 1>&2 echo "$stdin" | grep --quiet '^#PubkeyAuthentication\s.*$' ! echo "$stdin" | grep --quiet '^PubkeyAuthentication\s.*$' echo "=== assert PasswordAuthentication ===" 1>&2 echo "$stdin" | grep --quiet '^#PasswordAuthentication\s.*$' ! echo "$stdin" | grep --quiet '^PasswordAuthentication\s.*$' echo "=== assert PermitEmptyPasswords ===" 1>&2 echo "$stdin" | grep --quiet '^#PermitEmptyPasswords\s.*$' ! echo "$stdin" | grep --quiet '^PermitEmptyPasswords\s.*$' echo "=== assert X11Forwarding ===" 1>&2 echo "$stdin" | grep --quiet '^#X11Forwarding\s.*$' ! echo "$stdin" | grep --quiet '^X11Forwarding\s.*$' echo "=== sed ===" 1>&2 echo "$stdin" | sed ' s|^#PermitRootLogin\s.*$|PermitRootLogin no|; s|^#PubkeyAuthentication\s.*$|PubkeyAuthentication yes|; s|^#PasswordAuthentication\s.*$|PasswordAuthentication no|; s|^#PermitEmptyPasswords\s.*$|PermitEmptyPasswords no|; s|^#X11Forwarding\s.*$|X11Forwarding no| '