#!/usr/bin/env sh

[ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1

case "${1}" in
  "on"|"enable"|"unlock")
    FROM=yes; TO=no;
    ;;
  "off"|"disable"|"lock")
    FROM=no; TO=yes;
    ;;
  "toggle")
    if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then
      FROM=yes; TO=no;
    else
      FROM=no; TO=yes;
    fi
    ;;
  *)
    echo 'Must specify one of the following:'
    echo '  [ on | yes | enable | unlock ] to allow interactive passwords'
    echo '  [ off | no | disable | lock ] to disallow interactive passwords'
    echo '  [ toggle ] to toggle the allowance of interactive passwords'
    echo '  [ status ] to show the current state of interactive passwords'
    exit 1
  ;;
esac

for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do
  sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config
done

if command -v systemctl > /dev/null; then
  systemctl restart sshd
elif [ -x /etc/init.d/sshd ]; then
  /etc/init.d/sshd restart
else
  echo "Restart SSH server to have changes take effect."
fi