#!/bin/bash

SSHD_CONF=/etc/ssh/sshd_config
SSHD_PAM_CONF=/etc/pam.d/sshd
RUBLON_CONFIG=/etc/rublon.config

if [ ! -f /etc/rublon.config ]
then
    cp -a /usr/share/rublon/rublon.config.defaults $RUBLON_CONFIG
    chown root:root $RUBLON_CONFIG
    chmod 640 $RUBLON_CONFIG
fi

if [ -f /etc/os-release ]
then
    . /etc/os-release
fi

grep -qe "^PasswordAuthentication" $SSHD_CONF && \
    sed -i 's/^#*PasswordAuthentication[[:space:]]\+.*/PasswordAuthentication yes/' $SSHD_CONF || \
    echo "PasswordAuthentication yes" >> $SSHD_CONF

grep -qe "^ChallengeResponseAuthentication" $SSHD_CONF && \
    sed -i 's/^#*ChallengeResponseAuthentication[[:space:]]\+.*/ChallengeResponseAuthentication yes/' $SSHD_CONF || \
    echo "ChallengeResponseAuthentication yes" >> $SSHD_CONF

grep -qe "^UsePAM" $SSHD_CONF && \
    sed -i 's/^#*UsePAM[[:space:]]\+.*/UsePAM yes/' $SSHD_CONF || \
    echo "UsePAM yes" >> $SSHD_CONF
    
sed -i 's/KbdInteractiveAuthentication/#KbdInteractiveAuthentication/' $SSHD_CONF

grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF