#!/usr/bin/env sh [ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1 case "${1}" in "on"|"enable"|"unlock") FROM=yes; TO=no; ;; "off"|"disable"|"lock") FROM=no; TO=yes; ;; "toggle") if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then FROM=yes; TO=no; else FROM=no; TO=yes; fi ;; *) echo 'Must specify one of the following:' echo ' [ on | yes | enable | unlock ] to allow interactive passwords' echo ' [ off | no | disable | lock ] to disallow interactive passwords' echo ' [ toggle ] to toggle the allowance of interactive passwords' echo ' [ status ] to show the current state of interactive passwords' exit 1 ;; esac for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config done if command -v systemctl > /dev/null; then systemctl restart sshd elif [ -x /etc/init.d/sshd ]; then /etc/init.d/sshd restart else echo "Restart SSH server to have changes take effect." fi