#!/bin/bash

echo "Adjusting ssh configuration"

# /etc/ssh/sshd_config is provided by openssh-server
# /etc/ssh/ssh_config is provided by openssh-clients
# Note0: augtool is provided by augeas-tools on Ubuntu
# Note1: augtool on Ubuntu does not auto-save, pass -s
install-packages augeas openssh-server openssh-clients


##
## ssh server configuration
##

# Unique to Ubuntu
augtool -s set /files/etc/ssh/sshd_config/PasswordAuthentication yes
augtool -s set /files/etc/ssh/sshd_config/GSSAPICleanupCredentials yes
augtool -s set /files/etc/ssh/sshd_config/AuthorizedKeysFile .ssh/authorized_keys

# Unique to Fedora
augtool -s set /files/etc/ssh/sshd_config/SyslogFacility AUTH
augtool -s set /files/etc/ssh/sshd_config/PermitRootLogin yes
augtool -s set /files/etc/ssh/sshd_config/StrictModes yes
augtool -s set /files/etc/ssh/sshd_config/RSAAuthentication yes
augtool -s set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
augtool -s set /files/etc/ssh/sshd_config/IgnoreRhosts yes

# Common
augtool -s set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
augtool -s set /files/etc/ssh/sshd_config/UseDNS no
augtool -s set /files/etc/ssh/sshd_config/PermitTunnel yes


##
## ssh client configuration
##

# Unique to Ubuntu
#none

# Unique to Fedora
augtool -s set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no

# Common
augtool -s set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
augtool -s set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no


##
## Misc configuration
##

# Unique to Fedora
# No known augeas lense for cloud-init config
sed -i 's/ssh_pwauth:   0/ssh_pwauth:   1/' /etc/cloud/cloud.cfg

# Unique to Fedora
augtool -s clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate