#!/usr/bin/env sh [ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1 case "${1}" in on|yes|enable|unlock) FROM=no; TO=yes ;; off|no|disable|lock) FROM=yes; TO=no ;; toggle) if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then FROM=yes; TO=no else FROM=no; TO=yes fi ;; status) true ;; *) echo 'Must specify one of the following:' echo ' [ on | yes | enable | unlock ] to allow interactive passwords' echo ' [ off | no | disable | lock ] to disallow interactive passwords' echo ' [ toggle ] to toggle the allowance of interactive passwords' echo ' [ status ] to show the current state of interactive passwords' exit 1 ;; esac for OPTION in PasswordAuthentication KbdInteractiveAuthentication ChallengeResponseAuthentication; do [ -n "${FROM}" ] && sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g" /etc/ssh/sshd_config grep "^#* *${OPTION} *\(yes\|no\)" /etc/ssh/sshd_config done if command -v systemctl > /dev/null; then printf 'Restarting SSH daemon via systemd...' systemctl restart sshd echo 'done.' elif [ -x /etc/init.d/sshd ]; then printf 'Restarting SSH daemon via SysV-compatible init...' /etc/init.d/sshd restart echo 'done.' else echo "Restart SSH server to have changes take effect." fi