#!/bin/sh # stdin: default config # stdout: modified config set -e # save stdin (content of /etc/ssh/sshd_config) in variable stdin="$(cat)" # assertions echo "=== assert UsePAM ===" 1>&2 echo "$stdin" | grep --quiet '^UsePAM[[:space:]]+yes$' # echo "=== assert PermitRootLogin ===" 1>&2 echo "$stdin" | grep --quiet '^#PermitRootLogin[[:space:]]*' ! echo "$stdin" | grep --quiet '^PermitRootLogin[[:space:]]+' echo "=== assert PubkeyAuthentication ===" 1>&2 echo "$stdin" | grep --quiet '^#PubkeyAuthentication[[:space:]]*' ! echo "$stdin" | grep --quiet '^PubkeyAuthentication\[[:space:]]+' echo "=== assert PasswordAuthentication ===" 1>&2 echo "$stdin" | grep --quiet '^#PasswordAuthentication[[:space:]]*' ! echo "$stdin" | grep --quiet '^PasswordAuthentication[[:space:]]+' echo "=== assert PermitEmptyPasswords ===" 1>&2 echo "$stdin" | grep --quiet '^#PermitEmptyPasswords[[:space:]]*' ! echo "$stdin" | grep --quiet '^PermitEmptyPasswords[[:space:]]+' echo "=== assert X11Forwarding ===" 1>&2 echo "$stdin" | grep --quiet '^#X11Forwarding[[:space:]]*' ! echo "$stdin" | grep --quiet '^X11Forwarding[[:space:]]+' echo "=== sed ===" 1>&2 echo "$stdin" | sed ' s|^#PermitRootLogin\s.*$|PermitRootLogin yes|; s|^#PubkeyAuthentication\s.*$|PubkeyAuthentication yes|; s|^#PasswordAuthentication\s.*$|PasswordAuthentication no|; s|^#PermitEmptyPasswords\s.*$|PermitEmptyPasswords no|; s|^#X11Forwarding\s.*$|X11Forwarding no| '