#!/usr/bin/env bash
set -euo pipefail

if [[ ! -f /etc/ssh/sshd_config ]]; then
  echo "sshd_config: missing"
  exit 1
fi

if grep -Eq '^PasswordAuthentication\s+no' /etc/ssh/sshd_config; then
  echo "ssh: password auth disabled"
else
  echo "ssh: password auth not disabled"
  exit 1
fi

if grep -Eq '^PermitRootLogin\s+no' /etc/ssh/sshd_config; then
  echo "ssh: root login disabled"
else
  echo "ssh: root login not disabled"
  exit 1
fi

exit 0