openssh: unifying debug and release settings

maxux · maxux · commit 79d14b3d5f2a · 2025-10-29T05:09:57.000+01:00
diff --git a/packages/openssh.sh b/packages/openssh.sh
@@ -49,23 +49,14 @@ install_openssh() {
 
     mkdir -p -m 700 "${ROOTDIR}/root/.ssh"
 
-    if [ "${BUILDMODE}" == "release" ]; then
-        echo "[+] hardening openssh server settings"
-
-        # hardening authentication
-        sed -i 's/#Port 22/Port 34022/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#UsePAM no/UsePAM no/g' "${ROOTDIR}"/etc/ssh/sshd_config
-    else
-        echo "[+] enable debug ssh settings"
-
-        # keep debugging mode more permissive
-        sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' "${ROOTDIR}"/etc/ssh/sshd_config
-        sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication yes/g' "${ROOTDIR}"/etc/ssh/sshd_config
-    fi
+    echo "[+] hardening openssh server settings"
+
+    # hardening authentication
+    sed -i 's/#Port 22/Port 34022/g' "${ROOTDIR}"/etc/ssh/sshd_config
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' "${ROOTDIR}"/etc/ssh/sshd_config
+    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' "${ROOTDIR}"/etc/ssh/sshd_config
+    sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/g' "${ROOTDIR}"/etc/ssh/sshd_config
+    sed -i 's/#UsePAM no/UsePAM no/g' "${ROOTDIR}"/etc/ssh/sshd_config
 
     unset CFLAGS
     unset LDFLAGS
