#!/bin/bash

# TODO.  instead  write files in sshd_config.d
# sshd_disable_pw () {
#   module_load config_edit
#   local cnf=$(declare -f confirm) 
#   local cc=$(declare -f config_change)
#   declare -A settings
#   local settings=( ["PasswordAuthentication"]=no ["PubkeyAuthentication"]=yes ["ChallengeResponseAuthentication"]=no)
#   #file=/etc/ssh/sshd_config
#   file=test.config
#   for setting in ${!settings[@]}; do        
#   sudo bash -c "$cnf;$cc;config_change $setting ${settings[${setting}]} $file"
#   done
# }


ssh_dir_permissions() {
    sudo chmod -R g-w $HOME
    echo warning turned off group write for $HOME as this can cause ssh failure
    sudo chown -R $USER:$USER $HOME/.ssh
    sudo chmod 00700 $HOME/.ssh
    sudo chmod 600 $HOME/.ssh/authorized_keys
    sudo chmod 400 $HOME/.ssh/id_rsa
    sudo chmod 644 $HOME/.ssh/id_rsa.pub
    sudo chmod 600 $HOME/.ssh/known_hosts
}


sshkeygen () {
  local OPTION; local OPTARG; local OPTIND; local pem
  local encode; local pass
  while getopts 'pr' OPTION; do
    # echo $OPTION $OPTARG
    case "$OPTION" in
    
    p)
      pem="-m PEM"
      ;;  
    e)
      encode="-t ecdsa -b 521"
    ;; 
    *)
      echo unknown sshkeygen option $OPTION
      ;;  
    esac
  done

  shift $((OPTIND - 1))

  [[ ! $1 ]] && echo must supply a private key name && return 1
  [[ $2 ]] && pass="-P $2" || echo warning, you are creating an unencrypted key without a passphrase

 ssh-keygen -f $1 $encode -C $1 $pass $pem

}