local conf, out = ...;
local f = assert(io.open(out, "w"));

local i = 0;

for l in io.lines(conf) do
	i = i + 1;

	l = l:match "^(.-)#" or l;
	l = l:match "^%s*(.-)%s*$";

	if l ~= "" then
		local user, params = l:match "^([%a_]+)%s+=%s+(.*)$";
		if not user then
			error(conf .. ":" .. i .. ": invalid syntax", 0);
		end

		os.execute("adduser -Ds /bin/sh " .. user);
		os.execute("passwd -d " .. user);

		f:write("Match User ", user);
		f:write("\n\tForceCommand ssh -o StrictHostKeyChecking=no -A ", params);
		f:write("\n\tPubkeyAuthentication no");
		f:write("\n\tPasswordAuthentication yes");
		f:write("\n\tPermitEmptyPasswords yes");
		f:write("\n\tAllowAgentForwarding yes\n");
	end
end

f:close();