From f87f488a13ee8d15356daa350c5150cf19cead63 Mon Sep 17 00:00:00 2001 From: deadcxap Date: Sun, 24 Aug 2025 06:53:07 +0300 Subject: [PATCH] =?UTF-8?q?ssh=20config=20=D0=B4=D0=BE=D1=80=D0=B0=D0=B1?= =?UTF-8?q?=D0=BE=D1=82=D0=BA=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup.sh | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/setup.sh b/setup.sh index 5cf4b6f..edfb2dc 100644 --- a/setup.sh +++ b/setup.sh @@ -121,11 +121,24 @@ create_user() { } configure_ssh() { - run "Configuring SSH access" bash -c "install -d -m 700 /home/$USERNAME/.ssh && cat >/home/$USERNAME/.ssh/authorized_keys <<'KEY' -$SSH_KEY -KEY -chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf && sed -i '/^[[:space:]]*PasswordAuthentication[[:space:]]\+yes[[:space:]]*$/d' /etc/ssh/sshd_config.d/*.conf && systemctl restart ssh" - run "Checking SSH configuration" bash -c "ssh -T | grep -q '^passwordauthentication no' && ssh -T | grep -q '^permitrootlogin no'" + run "Configuring SSH access" bash -c ' + install -d -m 700 -o "$USERNAME" -g "$USERNAME" "/home/$USERNAME/.ssh" + printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys" + chmod 600 "/home/$USERNAME/.ssh/authorized_keys" + chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh" + sed -i -E "s/^[[:space:]]*#?[[:space:]]*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config + sed -i -E "s/^[[:space:]]*#?[[:space:]]*PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config + sed -i -E "s/^[[:space:]]*#?[[:space:]]*(KbdInteractiveAuthentication|ChallengeResponseAuthentication).*/KbdInteractiveAuthentication no/" /etc/ssh/sshd_config + if [ -d /etc/ssh/sshd_config.d ]; then + rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf + find /etc/ssh/sshd_config.d -maxdepth 1 -type f -name "*.conf" \ + -exec sed -i "/^[[:space:]]*PasswordAuthentication[[:space:]]\\+yes[[:space:]]*$/d" {} + + fi + sshd -t + systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh + ' + + run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no$' && sshd -T | grep -q '^permitrootlogin no$' && sshd -T | grep -q '^kbdinteractiveauthentication no$'" } configure_ufw() {