#!/bin/sh -e

if ! which sshd > /dev/null || ! [ -f /etc/ssh/sshd_config ]; then
	echo "SSH Server not installed, continuing."
	exit 0
fi

set_option () {
	verbose "Setting $1 $2"
	if grep -qF "$1" /etc/ssh/sshd_config; then {
		sed --in-place=bak "s/^$1.*\$/$1 $2/" /etc/ssh/sshd_config
	} else {
		cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
		echo "$1 $2" >> /etc/ssh/sshd_config
	} fi
}

echo "Setting SSH settings"

if [ "$cpch_DRY_RUN" -eq 0 ]; then
	set_option PermitRootLogin no
	set_option ChallengeResponseAuthentication no
	set_option PasswordAuthentication no
	set_option UsePAM no
	set_option PermitEmptyPasswords no
	set_option ClientAliveInterval 300
	set_option ClientAliveCountMax 0
	set_option IgnoreRhosts yes
	set_option AllowTCPForwarding no
	set_option RSAAuthentication yes
	set_option PubkeyAuthentication yes
	sshd -t
fi
