more exact checking

lib/ssh.js

@@ -28,14 +28,14 @@ function sshAllowsPassword(user) {
       stdout = (stdout||'').toString('utf8');
       stderr = (stderr||'').toString('utf8');
       if (/\bpassword\b/.test(stdout) || /\bpassword\b/.test(stderr)) {
-        resolve(true);
+        resolve('yes');
         return;
       }
       if (/\bAuthentications\b/.test(stdout) || /\bAuthentications\b/.test(stderr)) {
-        resolve(false);
+        resolve('no');
         return;
       }
-      resolve();
+      resolve('maybe');
     });
   });
 }
@@ -43,21 +43,21 @@ function sshAllowsPassword(user) {
 module.exports.checkSecurity = function () {
   var conf = {};
   var sshdConf = '/etc/ssh/sshd_config';
-  var noRootPasswordRe = /(^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
-  var noPasswordRe = /(^|[\r\n]+)\s*PasswordAuthentication\s+no\s*/i;
+  var noRootPasswordRe = /(?:^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
+  var noPasswordRe = /(?:^|[\r\n]+)\s*PasswordAuthentication\s+(no)\s*/i;
   return readFile(sshdConf, null).then(function (sshd) {
     sshd = sshd.toString('utf8');
-    conf.disallowPasswordRoot = noRootPasswordRe.test(sshd);
-    conf.disallowPassword = noPasswordRe.test(sshd);
+    var match;
+    match = sshd.match(noRootPasswordRe);
+    conf.permit_root_login = match ? match[1] : 'yes';
+    match = sshd.match(noPasswordRe);
+    conf.password_authentication = match ? match[1] : 'yes';
   }).catch(function () {
     // ignore error as that might not be the correct sshd_config location
   }).then(function () {
     var doesntExist = crypto.randomBytes(16).toString('hex');
     return sshAllowsPassword(doesntExist).then(function (maybe) {
-      conf.allowsPassword = maybe;
-      return sshAllowsPassword('root').then(function (maybe) {
-        conf.allowsRootPassword = maybe;
-      });
+      conf.requests_password = maybe;
     });
   }).then(function () {
     return conf;