1*8b031932SBaptiste Daroussin#!/usr/libexec/flua 2*8b031932SBaptiste Daroussin--- 3*8b031932SBaptiste Daroussin-- SPDX-License-Identifier: BSD-2-Clause 4*8b031932SBaptiste Daroussin-- 5*8b031932SBaptiste Daroussin-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org> 6*8b031932SBaptiste Daroussin 7*8b031932SBaptiste Daroussinlocal n = require("nuage") 8*8b031932SBaptiste Daroussin 9*8b031932SBaptiste Daroussinlocal root = os.getenv("NUAGE_FAKE_ROOTDIR") 10*8b031932SBaptiste Daroussinif not root then 11*8b031932SBaptiste Daroussin root = "" 12*8b031932SBaptiste Daroussinend 13*8b031932SBaptiste Daroussin 14*8b031932SBaptiste Daroussinlocal sshd_config = root .. "/etc/ssh/sshd_config" 15*8b031932SBaptiste Daroussin 16*8b031932SBaptiste Daroussinlocal function setup(content) 17*8b031932SBaptiste Daroussin local dir = root .. "/etc/ssh" 18*8b031932SBaptiste Daroussin n.mkdir_p(dir) 19*8b031932SBaptiste Daroussin local f = assert(io.open(sshd_config, "w")) 20*8b031932SBaptiste Daroussin f:write(content) 21*8b031932SBaptiste Daroussin f:close() 22*8b031932SBaptiste Daroussinend 23*8b031932SBaptiste Daroussin 24*8b031932SBaptiste Daroussinlocal function read_config() 25*8b031932SBaptiste Daroussin local f = assert(io.open(sshd_config, "r")) 26*8b031932SBaptiste Daroussin local content = f:read("*a") 27*8b031932SBaptiste Daroussin f:close() 28*8b031932SBaptiste Daroussin return content 29*8b031932SBaptiste Daroussinend 30*8b031932SBaptiste Daroussin 31*8b031932SBaptiste Daroussin-- Key not found: appended 32*8b031932SBaptiste Daroussinsetup("SomeOtherKey yes\n") 33*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 34*8b031932SBaptiste Daroussinif read_config() ~= "SomeOtherKey yes\nPasswordAuthentication yes\n" then 35*8b031932SBaptiste Daroussin n.err("Key not found: should be appended") 36*8b031932SBaptiste Daroussinend 37*8b031932SBaptiste Daroussin 38*8b031932SBaptiste Daroussin-- Key with same value: no change 39*8b031932SBaptiste Daroussinsetup("PasswordAuthentication yes\n") 40*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 41*8b031932SBaptiste Daroussinif read_config() ~= "PasswordAuthentication yes\n" then 42*8b031932SBaptiste Daroussin n.err("Same value: should not change") 43*8b031932SBaptiste Daroussinend 44*8b031932SBaptiste Daroussin 45*8b031932SBaptiste Daroussin-- Key with different value: changed 46*8b031932SBaptiste Daroussinsetup("PasswordAuthentication no\n") 47*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 48*8b031932SBaptiste Daroussinif read_config() ~= "PasswordAuthentication yes\n" then 49*8b031932SBaptiste Daroussin n.err("Different value: should change") 50*8b031932SBaptiste Daroussinend 51*8b031932SBaptiste Daroussin 52*8b031932SBaptiste Daroussin-- Key with comment 53*8b031932SBaptiste Daroussinsetup("PasswordAuthentication no # keep this\n") 54*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 55*8b031932SBaptiste Daroussinif read_config() ~= "PasswordAuthentication yes\n" then 56*8b031932SBaptiste Daroussin n.err("Comment stripped: '" .. read_config() .. "'") 57*8b031932SBaptiste Daroussinend 58*8b031932SBaptiste Daroussin 59*8b031932SBaptiste Daroussin-- Case insensitive key matching 60*8b031932SBaptiste Daroussinsetup("passwordauthentication no\n") 61*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 62*8b031932SBaptiste Daroussinif read_config() ~= "PasswordAuthentication yes\n" then 63*8b031932SBaptiste Daroussin n.err("Case insensitive matching failed") 64*8b031932SBaptiste Daroussinend 65*8b031932SBaptiste Daroussin 66*8b031932SBaptiste Daroussin-- Extra spaces 67*8b031932SBaptiste Daroussinsetup(" PasswordAuthentication no \n") 68*8b031932SBaptiste Daroussinn.update_sshd_config("PasswordAuthentication", "yes") 69*8b031932SBaptiste Daroussinif read_config() ~= "PasswordAuthentication yes\n" then 70*8b031932SBaptiste Daroussin n.err("Extra spaces handling failed: '" .. read_config() .. "'") 71*8b031932SBaptiste Daroussinend 72*8b031932SBaptiste Daroussin 73*8b031932SBaptiste Daroussinos.exit(0) 74