From b00c0a98003f18b96523abe991cc55360526dea3 Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Wed, 5 Oct 2022 13:56:41 +0900
Subject: [PATCH] Make sure PermitRootLogin is not set to 'no' during
 btcpay-update

---
 helpers.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/helpers.sh b/helpers.sh
index dcddabd..783ba21 100755
--- a/helpers.sh
+++ b/helpers.sh
@@ -81,6 +81,16 @@ if [[ "$BTCPAY_ENABLE_SSH" == "true" ]] && ! [[ "$BTCPAY_HOST_SSHAUTHORIZEDKEYS"
     BTCPAY_HOST_SSHKEYFILE=""
 fi
 
+sshd_config="/etc/ssh/sshd_config"
+if [[ "$BTCPAY_ENABLE_SSH" == "true" ]] && \
+   [[ -f "$sshd_config" ]] && \
+   grep -Fxq "PermitRootLogin no" "$sshd_config"; then
+   echo "Updating "$sshd_config" (Change from 'PermitRootLogin no' to 'PermitRootLogin prohibit-password')"
+   echo "BTCPay Server needs connection from inside the container to the host in order to run btcpay-update.sh"
+   sed -i 's/PermitRootLogin no/PermitRootLogin prohibit-password/' "$sshd_config"
+   service sshd reload
+fi
+
 echo "
 BTCPAY_PROTOCOL=$BTCPAY_PROTOCOL
 BTCPAY_HOST=$BTCPAY_HOST