Fix ssh configuration

src/freedombone-image-customise

@@ -279,6 +279,7 @@ configure_ssh() {
     fi
 
     sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
+    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
 
     if [[ "$SSH_PUBKEY" != "no" ]]; then
         if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
@@ -287,6 +288,7 @@ configure_ssh() {
         echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
         chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
         sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
+        sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
         echo $"Using ssh public key:"
         echo $SSH_PUBKEY
         echo $'Password ssh authentication turned off'

src/freedombone-utils-ssh

@@ -41,10 +41,15 @@ function configure_ssh {
         return
     fi
     sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
+    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" /etc/ssh/sshd_config
     sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
+    sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config
     sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
+    sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
     sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
+    sed -i 's/#ServerKeyBits 4096/ServerKeyBits 4096/g' /etc/ssh/sshd_config
     sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
+    sed -i 's/#TCPKeepAlive no/TCPKeepAlive no/g' /etc/ssh/sshd_config
     sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
     sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
     if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
@@ -57,26 +62,31 @@ function configure_ssh {
     else
         echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
     fi
+    sed -i 's/#ClientAliveInterval 60/ClientAliveInterval 60/g' /etc/ssh/sshd_config
     if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
         sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
     else
         echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
     fi
+    sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
     if grep -q 'Ciphers' /etc/ssh/sshd_config; then
         sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
     else
         echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
     fi
+    sed -i "s|#Ciphers $SSH_CIPHERS|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
     if grep -q 'MACs' /etc/ssh/sshd_config; then
         sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
     else
         echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
     fi
+    sed -i "s|#MACs $SSH_MACS|MACs $SSH_MACS|g" /etc/ssh/sshd_config
     if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
         sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
     else
         echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
     fi
+    sed -i "s|#KexAlgorithms $SSH_KEX|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
 
     apt-get -yq install fail2ban vim-common