#!/bin/bash

if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -u
set -o pipefail
echo "Begin: install and configure SSH"

# /etc/ssh/sshd_config is provided by openssh-server
# /etc/ssh/ssh_config is provided by openssh-client
# Note: You need diskimage-builder w/ SHA 82eacdec (11 July 2013) for
#       this install to work on Fedora - https://review.openstack.org/#/c/36739/
install-packages augeas-tools openssh-server openssh-client

augtool -s set /files/etc/ssh/sshd_config/GSSAPIAuthentication no
augtool -s set /files/etc/ssh/sshd_config/UseDNS no
augtool -s set /files/etc/ssh/sshd_config/PermitTunnel yes

# ssh-client configuration
# Common
augtool -s set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
augtool -s set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no

case "$DISTRO_NAME" in
    ubuntu )
        augtool -s set /files/etc/ssh/sshd_config/GSSAPICleanupCredentials yes
        augtool -s set /files/etc/ssh/sshd_config/AuthorizedKeysFile %h/.ssh/authorized_keys
    ;;
    fedora )
        sed -i 's/ssh_pwauth:    0/ssh_pwauth:    1/' /etc/cloud/cloud.cfg
        augtool -s clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
        augtool -s set /files/etc/ssh/sshd_config/SyslogFacility AUTH
        augtool -s set /files/etc/ssh/sshd_config/StrictModes yes
        augtool -s set /files/etc/ssh/sshd_config/RSAAuthentication yes
        augtool -s set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
    ;;
    rhel | centos )
        sed -i 's/ssh_pwauth:    0/ssh_pwauth:    1/' /etc/cloud/cloud.cfg
        augtool -s clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
        augtool -s set /files/etc/ssh/sshd_config/SyslogFacility AUTH
        augtool -s set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
    ;;
    * )
        echo "Unknown distro: $DISTRO_NAME, exiting"
        exit 1
    ;;
esac

echo "End: install and configure SSH"

:
