#!/bin/bash



function usage()
{
	echo "openssh has two modes."
	printf "\t1: gm\n\t2: default\n"
}



SSHD_CONFIG=/etc/ssh/sshd_config
SSH_CONFIG=/etc/ssh/ssh_config
SSHD_SERVICE=/lib/systemd/system/sshd.service
SSH_CONFIG_D=/etc/ssh/ssh_config.d/05-redhat.conf

function change_to_gm()
{

	sed -i "s/^#KexAlgorithms ecgm-sm2-sm3/KexAlgorithms ecgm-sm2-sm3/g" $SSH_CONFIG
	sed -i "s/^#HostKeyAlgorithms sm2/HostKeyAlgorithms sm2/g" $SSH_CONFIG
	sed -i "s/^#Ciphers sm4-ctr/Ciphers sm4-ctr/g" $SSH_CONFIG
	sed -i "s/^#Macs hmac-sm3/Macs hmac-sm3/g" $SSH_CONFIG
	sed -i "s/^#FingerprintHash sm3/FingerprintHash sm3/g" $SSH_CONFIG
	sed -i "s&^[[:space:]]Include /etc/crypto-policies/back-ends/openssh.config&\t#Include /etc/crypto-policies/back-ends/openssh.config&g"  $SSH_CONFIG_D
	sed -i "s&^#   IdentityFile ~/.ssh/id_sm2&   IdentityFile ~/.ssh/id_sm2&g"   $SSH_CONFIG

	sed -i "s&^#HostKey /etc/ssh/ssh_host_sm2_key&HostKey /etc/ssh/ssh_host_sm2_key&g" $SSHD_CONFIG	
	CipherReplace="Ciphers sm4-ctr"
	sed -i "/^Ciphers*/c$CipherReplace" $SSHD_CONFIG
	KexAlgorithmsReplace="KexAlgorithms ecgm-sm2-sm3"
	sed -i "/^KexAlgorithms*/c$KexAlgorithmsReplace" $SSHD_CONFIG
	MacsReplace="MACs hmac-sm3"
	sed -i "/^MACs*/c$MacsReplace" $SSHD_CONFIG
	sed -i "s/^#HostKeyAlgorithms sm2/HostKeyAlgorithms sm2/g"  $SSHD_CONFIG
	sed -i "s/^#FingerprintHash sm3/FingerprintHash sm3/g" $SSHD_CONFIG

	PAKeyTypesReplace="PubkeyAcceptedKeyTypes sm2"
        sed -i "/^[Pp]ubkey[Aa]ccepted[Kk]ey[Tt]ypes*/c$PAKeyTypesReplace" $SSHD_CONFIG

	#sed -i "s/\$CRYPTO_POLICY//g" $SSHD_SERVICE 
	replace="ExecStart=/usr/sbin/sshd -D \$OPTIONS  \$PERMITROOTLOGIN"
	sed -i "/^ExecStart=*/c$replace" $SSHD_SERVICE

}

function change_to_default()
{
	
	sed -i "s/^KexAlgorithms ecgm-sm2-sm3/#KexAlgorithms ecgm-sm2-sm3/g" $SSH_CONFIG
	sed -i "s/^HostKeyAlgorithms sm2/#HostKeyAlgorithms sm2/g"  $SSH_CONFIG
	sed -i "s/^Ciphers sm4-ctr/#Ciphers sm4-ctr/g" $SSH_CONFIG
	sed -i "s/^Macs hmac-sm3/#Macs hmac-sm3/g" $SSH_CONFIG
	sed -i "s/^FingerprintHash sm3/#FingerprintHash sm3/g" $SSH_CONFIG
	sed -i "s&^[[:space:]]#Include /etc/crypto-policies/back-ends/openssh.config&\tInclude /etc/crypto-policies/back-ends/openssh.config&g"  $SSH_CONFIG_D
	sed -i "s&^   IdentityFile ~/.ssh/id_sm2&#   IdentityFile ~/.ssh/id_sm2&g"   $SSH_CONFIG

	sed -i "s&^HostKey /etc/ssh/ssh_host_sm2_key&#HostKey /etc/ssh/ssh_host_sm2_key&g" $SSHD_CONFIG
	CipherReplace="Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
	sed -i "/^Ciphers*/c$CipherReplace" $SSHD_CONFIG
	KexAlgorithmsReplace="KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
	sed -i "/^KexAlgorithms*/c$KexAlgorithmsReplace" $SSHD_CONFIG
	MacsReplace="MACs hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com"
	sed -i "/^MACs*/c$MacsReplace" $SSHD_CONFIG
	sed -i "s/^HostKeyAlgorithms sm2/#HostKeyAlgorithms sm2/g" $SSHD_CONFIG
	sed -i "s/^FingerprintHash sm3/#FingerprintHash sm3/g" $SSHD_CONFIG
        PAKeyTypesReplace="PubkeyAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512"
        sed -i "/^[Pp]ubkey[Aa]ccepted[Kk]ey[Tt]ypes*/c$PAKeyTypesReplace" $SSHD_CONFIG
	
	replace="ExecStart=/usr/sbin/sshd -D \$OPTIONS \$CRYPTO_POLICY \$PERMITROOTLOGIN"
	sed -i "/^ExecStart=*/c$replace" $SSHD_SERVICE
}


MODE=$1
case $MODE in
	"gm")
	change_to_gm
	echo "ssh change to gm mode"
	;;
	"default")
	change_to_default
	echo "ssh change to default mode"
	;;
	"--help");&
	"-h")
	usage;;	
	*)
	echo "please choose right mode!"
	usage;;
esac

