From 7f18482566f99c41fd582923a4850ead2b7546b2 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 31 Oct 2018 23:47:13 -0600
Subject: [PATCH] more exact checking

---
 lib/ssh.js | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/ssh.js b/lib/ssh.js
index 37adf4c..3097023 100644
--- a/lib/ssh.js
+++ b/lib/ssh.js
@@ -28,14 +28,14 @@ function sshAllowsPassword(user) {
       stdout = (stdout||'').toString('utf8');
       stderr = (stderr||'').toString('utf8');
       if (/\bpassword\b/.test(stdout) || /\bpassword\b/.test(stderr)) {
-        resolve(true);
+        resolve('yes');
         return;
       }
       if (/\bAuthentications\b/.test(stdout) || /\bAuthentications\b/.test(stderr)) {
-        resolve(false);
+        resolve('no');
         return;
       }
-      resolve();
+      resolve('maybe');
     });
   });
 }
@@ -43,21 +43,21 @@ function sshAllowsPassword(user) {
 module.exports.checkSecurity = function () {
   var conf = {};
   var sshdConf = '/etc/ssh/sshd_config';
-  var noRootPasswordRe = /(^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
-  var noPasswordRe = /(^|[\r\n]+)\s*PasswordAuthentication\s+no\s*/i;
+  var noRootPasswordRe = /(?:^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
+  var noPasswordRe = /(?:^|[\r\n]+)\s*PasswordAuthentication\s+(no)\s*/i;
   return readFile(sshdConf, null).then(function (sshd) {
     sshd = sshd.toString('utf8');
-    conf.disallowPasswordRoot = noRootPasswordRe.test(sshd);
-    conf.disallowPassword = noPasswordRe.test(sshd);
+    var match;
+    match = sshd.match(noRootPasswordRe);
+    conf.permit_root_login = match ? match[1] : 'yes';
+    match = sshd.match(noPasswordRe);
+    conf.password_authentication = match ? match[1] : 'yes';
   }).catch(function () {
     // ignore error as that might not be the correct sshd_config location
   }).then(function () {
     var doesntExist = crypto.randomBytes(16).toString('hex');
     return sshAllowsPassword(doesntExist).then(function (maybe) {
-      conf.allowsPassword = maybe;
-      return sshAllowsPassword('root').then(function (maybe) {
-        conf.allowsRootPassword = maybe;
-      });
+      conf.requests_password = maybe;
     });
   }).then(function () {
     return conf;