#!/bin/bash

if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -ue
set -o pipefail
echo "Begin: install and configure SSH"

case "$DISTRO_NAME" in
    fedora )
        # the main config file is empty in F25+
        SSH_CONFIG_FILE="/etc/ssh/ssh_config.d/05-redhat.conf"
        ;;
    * )
        SSH_CONFIG_FILE="/etc/ssh/ssh_config"
        ;;
esac

augtool <<EOF
set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
set /files/etc/ssh/sshd_config/UseDNS no
set /files/etc/ssh/sshd_config/PermitTunnel yes
set /files${SSH_CONFIG_FILE}/Host/StrictHostKeyChecking no
set /files${SSH_CONFIG_FILE}/Host/GSSAPIAuthentication no
save
EOF

case "$DISTRO_NAME" in
    ubuntu )
        augtool <<EOF
set /files/etc/ssh/sshd_config/GSSAPICleanupCredentials yes
set /files/etc/ssh/sshd_config/AuthorizedKeysFile %h/.ssh/authorized_keys
save
EOF
    ;;
    fedora )
        sed -i 's/ssh_pwauth:    0/ssh_pwauth:    1/' /etc/cloud/cloud.cfg
        augtool <<EOF
clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
set /files/etc/ssh/sshd_config/SyslogFacility AUTH
set /files/etc/ssh/sshd_config/StrictModes yes
set /files/etc/ssh/sshd_config/RSAAuthentication yes
set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
save
EOF
    ;;
    rhel7 | centos7 )
        sed -i 's/ssh_pwauth:    0/ssh_pwauth:    1/' /etc/cloud/cloud.cfg
        augtool <<EOF
clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
set /files/etc/ssh/sshd_config/SyslogFacility AUTH
set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
save
EOF
    ;;
    * )
        echo "Unknown distro: $DISTRO_NAME, exiting"
        exit 1
    ;;
esac

echo "End: install and configure SSH"

:
