#!/bin/bash
#/*************************************************
#Copyright (C), 2020-2024, KylinSoft. Co., Ltd. 
#File name: ssh-change-mode
#Author: songjuntao
#Version: 1.0
#Description: 实现openssh国密配置和非国密配置的切换，优化配置过程
#Date: 2024-06-13 
#Others: 本脚本为辅助openssh配置脚本，运行与对应的麒麟openssh修改版本 
#Function List: change_to_gm，切换到国密配置， change_to_default，切换到非国密配置
#History: 暂无 
#*************************************************/


function usage()
{
	echo "openssh has two modes."
	printf "\t1: gm\n\t2: default\n"
}



SSHD_CONFIG=/etc/ssh/sshd_config
SSH_CONFIG=/etc/ssh/ssh_config
#SSHD_SERVICE=/lib/systemd/system/sshd.service
#SSH_CONFIG_D=/etc/ssh/ssh_config.d/05-redhat.conf

function change_to_gm()
{

	sed -i "s/^#KexAlgorithms sm2-sm3/KexAlgorithms sm2-sm3/g" $SSH_CONFIG
	sed -i "s/^#HostKeyAlgorithms sm2/HostKeyAlgorithms sm2/g" $SSH_CONFIG
	sed -i "s/^#Ciphers sm4-ctr/Ciphers sm4-ctr/g" $SSH_CONFIG
	sed -i "s/^#Macs hmac-sm3/Macs hmac-sm3/g" $SSH_CONFIG
	sed -i "s/^#FingerprintHash sm3/FingerprintHash sm3/g" $SSH_CONFIG
	sed -i "s/^#PubkeyAcceptedKeyTypes sm2/PubkeyAcceptedKeyTypes sm2/g" $SSH_CONFIG
	sed -i "s&^[[:space:]]Include /etc/crypto-policies/back-ends/openssh.config&\t#Include /etc/crypto-policies/back-ends/openssh.config&g"  $SSH_CONFIG

	sed -i "s&^#HostKey /etc/ssh/ssh_host_sm2_key&HostKey /etc/ssh/ssh_host_sm2_key&g" $SSHD_CONFIG	
	CipherReplace="Ciphers sm4-ctr"
	sed -i "/^Ciphers*/c$CipherReplace" $SSHD_CONFIG
	KexAlgorithmsReplace="KexAlgorithms sm2-sm3"
	sed -i "/^KexAlgorithms*/c$KexAlgorithmsReplace" $SSHD_CONFIG
	MacsReplace="MACs hmac-sm3"
	sed -i "/^MACs*/c$MacsReplace" $SSHD_CONFIG
	HostKeyAlgReplace="HostKeyAlgorithms sm2"
	sed -i "/^HostKeyAlgorithms*/c$HostKeyAlgReplace"  $SSHD_CONFIG
	sed -i "s/^#FingerprintHash sm3/FingerprintHash sm3/g" $SSHD_CONFIG
	PAKeyTypesReplace="PubkeyAcceptedKeyTypes sm2"
	sed -i "/^PubkeyAcceptedKeyTypes*/c$PAKeyTypesReplace" $SSHD_CONFIG


}

function change_to_default()
{
	
	sed -i "s/^KexAlgorithms sm2-sm3/#KexAlgorithms sm2-sm3/g" $SSH_CONFIG
	sed -i "s/^HostKeyAlgorithms sm2/#HostKeyAlgorithms sm2/g" $SSH_CONFIG
	sed -i "s/^Ciphers sm4-ctr/#Ciphers sm4-ctr/g" $SSH_CONFIG
	sed -i "s/^Macs hmac-sm3/#Macs hmac-sm3/g" $SSH_CONFIG
	sed -i "s/^FingerprintHash sm3/#FingerprintHash sm3/g" $SSH_CONFIG
	sed -i "s/^PubkeyAcceptedKeyTypes sm2/#PubkeyAcceptedKeyTypes sm2/g" $SSH_CONFIG
	sed -i "s&^[[:space:]]#Include /etc/crypto-policies/back-ends/openssh.config&\tInclude /etc/crypto-policies/back-ends/openssh.config&g"  $SSH_CONFIG

	sed -i "s&^HostKey /etc/ssh/ssh_host_sm2_key&#HostKey /etc/ssh/ssh_host_sm2_key&g" $SSHD_CONFIG
	CipherReplace="Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
	sed -i "/^Ciphers*/c$CipherReplace" $SSHD_CONFIG
	KexAlgorithmsReplace="KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
	sed -i "/^KexAlgorithms*/c$KexAlgorithmsReplace" $SSHD_CONFIG
	MacsReplace="MACs hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com"
	sed -i "/^MACs*/c$MacsReplace" $SSHD_CONFIG
	HostKeyAlgReplace="HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512"
	sed -i "/^HostKeyAlgorithms*/c$HostKeyAlgReplace" $SSHD_CONFIG
	sed -i "s/^FingerprintHash sm3/#FingerprintHash sm3/g" $SSHD_CONFIG
	PAKeyTypesReplace="PubkeyAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512"
	sed -i "/^PubkeyAcceptedKeyTypes*/c$PAKeyTypesReplace" $SSHD_CONFIG

}


MODE=$1
case $MODE in
	"gm")
	change_to_gm
	echo "ssh change to gm mode"
	;;
	"default")
	change_to_default
	echo "ssh change to default mode"
	;;
	"--help");&
	"-h")
	usage;;	
	*)
	echo "please choose right mode!"
	usage;;
esac


