#!/bin/bash

# check if ssh is installed
if ! command -v ssh &>/dev/null; then
  echo "SSH is not installed"
else
  echo "SSH is already installed"
  exit 1
fi

if lsb_release -a 2>/dev/null | grep -q -E "Debian|Ubuntu"; then
  echo "Running Debian or Ubuntu"
  apt-get install openssh-server
  systemctl start sshd

elif cat /etc/os-release 2>/dev/null | grep -q -i "alpine"; then
  echo "Running Alpine"

  # Stop and remove Dropbear
  rc-service dropbear stop
  rc-update del dropbear
  apk del dropbear* -f

  # Stop and remove SSHD
  rc-service sshd stop
  rc-update del sshd
  apk del openssh* -f

  # Clean up Dropbear and SSH configurations
  rm -rf /etc/dropbear
  rm -rf /etc/ssh
  rm /etc/init.d/ssh

  # Reboot now if needed
  # reboot now

  # Install OpenSSH and necessary packages
  apk add openssh gcompat libstdc++ curl bash git grep
  apk add procps --no-cache

  # Start and add SSHD to startup
  rc-service sshd start
  rc-update add sshd

  # Update AllowTcpForwarding setting
  sed -i 's/^#*AllowTcpForwarding.*/AllowTcpForwarding yes/' /etc/ssh/sshd_config

  # Update PermitTunnel setting
  sed -i 's/^#*PermitTunnel.*/PermitTunnel yes/' /etc/ssh/sshd_config

  # Uncomment the line if needed (remove '#' at the beginning)
  sed -i 's/^#PermitTunnel.*/PermitTunnel yes/' /etc/ssh/sshd_config

  # Restart the SSH service to apply the changes
  /etc/init.d/sshd restart

else
  echo "Unknown distribution"
  exit 1
fi

# Set PermitRootLogin to prohibit-password
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

# Generate SSH keys (doesn't overwrite if keys already exists)
ssh-keygen -q -t rsa -N '' <<< $'\nn' >/dev/null 2>&1