mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
Добавить fallback перезапуска SSH
This commit is contained in:
@@ -126,14 +126,35 @@ configure_ssh() {
|
|||||||
printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
|
printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
|
||||||
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
|
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
|
||||||
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
|
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
|
||||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
|
if ! grep -qE "^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf" /etc/ssh/sshd_config; then
|
||||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config
|
echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
|
||||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*(KbdInteractiveAuthentication|ChallengeResponseAuthentication).*/KbdInteractiveAuthentication no/" /etc/ssh/sshd_config
|
|
||||||
if [ -d /etc/ssh/sshd_config.d ]; then
|
|
||||||
rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf
|
|
||||||
find /etc/ssh/sshd_config.d -maxdepth 1 -type f -name "*.conf" \
|
|
||||||
-exec sed -i "/^[[:space:]]*PasswordAuthentication[[:space:]]\\+yes[[:space:]]*$/d" {} +
|
|
||||||
fi
|
fi
|
||||||
|
install -d -m 755 /etc/ssh/sshd_config.d
|
||||||
|
dir=/etc/ssh/sshd_config.d
|
||||||
|
shopt -s nullglob
|
||||||
|
for f in "$dir"/*.conf; do
|
||||||
|
base=$(basename "$f")
|
||||||
|
case "$base" in
|
||||||
|
[0-9][0-9]-*.conf)
|
||||||
|
[[ $base == 99-* ]] && mv "$f" "${f%.conf}.disabled"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
mv "$f" "${f%.conf}.disabled"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shopt -u nullglob
|
||||||
|
max=$(find "$dir" -maxdepth 1 -type f -name "[0-9][0-9]-*.conf" | sed -n "s#.*/\\([0-9][0-9]\\)-.*#\\1#p" | sort -n | tail -1)
|
||||||
|
if [ -z "$max" ]; then
|
||||||
|
next=10
|
||||||
|
else
|
||||||
|
next=$((10#$max + 10))
|
||||||
|
[ "$next" -gt 99 ] && next=99
|
||||||
|
fi
|
||||||
|
newfile=$(printf "%s/%02d-hardening.conf" "$dir" "$next")
|
||||||
|
printf "%s\n" "PasswordAuthentication no" "PermitRootLogin no" "KbdInteractiveAuthentication no" > "$newfile"
|
||||||
|
chown root:root "$newfile"
|
||||||
|
chmod 0644 "$newfile"
|
||||||
sshd -t
|
sshd -t
|
||||||
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
|
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
|
||||||
'
|
'
|
||||||
|
|||||||
Reference in New Issue
Block a user