#!/bin/bash add_ssh_client_config () { local cfg=$1 cat /etc/ssh/ssh_config | sed -n '/^Host \*/,$p' | grep -q "${cfg}" [ $? -eq 1 ] && sed "/^Host \*/a\ \t${cfg}" -i /etc/ssh/ssh_config } # disabling SSH password login for root sed '/^#\?PermitRootLogin/s/.*/PermitRootLogin without-password/' -i /etc/ssh/sshd_config # enabling HostbasedAuthentication on sshd side sed '/^#*HostbasedAuthentication/s/.*/HostbasedAuthentication yes/' -i /etc/ssh/sshd_config sed '/^#*IgnoreUserKnownHosts/s/.*/IgnoreUserKnownHosts yes/' -i /etc/ssh/sshd_config sed '/^#*IgnoreRhosts/s/.*/IgnoreRhosts yes/' -i /etc/ssh/sshd_config # adding SSH agent forwarding to global client config add_ssh_client_config "ForwardAgent yes" # enabling HostbasedAuthentication on ssh client side add_ssh_client_config "HostbasedAuthentication yes" add_ssh_client_config "NoHostAuthenticationForLocalhost yes" add_ssh_client_config "EnableSSHKeysign yes" exit 0