#!/bin/sh
# stdin: default config
# stdout: modified config

# save stdin (content of /etc/ssh/sshd_config) in variable
stdin=$(cat)

# assertions
echo "$stdin" | grep --quiet '^UsePAM yes$'
#
echo "$stdin" | grep --quiet '^#PermitRootLogin\s.*$'
echo "$stdin" | grep --quiet '^#PubkeyAuthentication\s.*$'
echo "$stdin" | grep --quiet '^#PasswordAuthentication\s.*$'
echo "$stdin" | grep --quiet '^#PermitEmptyPasswords\s.*$'
echo "$stdin" | grep --quiet '^#X11Forwarding\s.*$'

sed '
  s|^#PermitRootLogin\s.*$|PermitRootLogin no|;
  s|^#PubkeyAuthentication\s.*$|PubkeyAuthentication yes|;
  s|^#PasswordAuthentication\s.*$|PasswordAuthentication no|;
  s|^#PermitEmptyPasswords\s.*$|PermitEmptyPasswords no|;
  s|^#X11Forwarding\s.*$|X11Forwarding no|
  ' <<< "$stdin"