diff --git a/setup.sh b/setup.sh index acdee70..5cf4b6f 100644 --- a/setup.sh +++ b/setup.sh @@ -124,8 +124,8 @@ configure_ssh() { run "Configuring SSH access" bash -c "install -d -m 700 /home/$USERNAME/.ssh && cat >/home/$USERNAME/.ssh/authorized_keys <<'KEY' $SSH_KEY KEY -chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && systemctl restart sshd" - run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no' && sshd -T | grep -q '^permitrootlogin no'" +chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf && sed -i '/^[[:space:]]*PasswordAuthentication[[:space:]]\+yes[[:space:]]*$/d' /etc/ssh/sshd_config.d/*.conf && systemctl restart ssh" + run "Checking SSH configuration" bash -c "ssh -T | grep -q '^passwordauthentication no' && ssh -T | grep -q '^permitrootlogin no'" } configure_ufw() {