mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
ssh config доработка
This commit is contained in:
@@ -121,11 +121,24 @@ create_user() {
|
||||
}
|
||||
|
||||
configure_ssh() {
|
||||
run "Configuring SSH access" bash -c "install -d -m 700 /home/$USERNAME/.ssh && cat >/home/$USERNAME/.ssh/authorized_keys <<'KEY'
|
||||
$SSH_KEY
|
||||
KEY
|
||||
chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf && sed -i '/^[[:space:]]*PasswordAuthentication[[:space:]]\+yes[[:space:]]*$/d' /etc/ssh/sshd_config.d/*.conf && systemctl restart ssh"
|
||||
run "Checking SSH configuration" bash -c "ssh -T | grep -q '^passwordauthentication no' && ssh -T | grep -q '^permitrootlogin no'"
|
||||
run "Configuring SSH access" bash -c '
|
||||
install -d -m 700 -o "$USERNAME" -g "$USERNAME" "/home/$USERNAME/.ssh"
|
||||
printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
|
||||
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
|
||||
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
|
||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
|
||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config
|
||||
sed -i -E "s/^[[:space:]]*#?[[:space:]]*(KbdInteractiveAuthentication|ChallengeResponseAuthentication).*/KbdInteractiveAuthentication no/" /etc/ssh/sshd_config
|
||||
if [ -d /etc/ssh/sshd_config.d ]; then
|
||||
rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf
|
||||
find /etc/ssh/sshd_config.d -maxdepth 1 -type f -name "*.conf" \
|
||||
-exec sed -i "/^[[:space:]]*PasswordAuthentication[[:space:]]\\+yes[[:space:]]*$/d" {} +
|
||||
fi
|
||||
sshd -t
|
||||
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
|
||||
'
|
||||
|
||||
run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no$' && sshd -T | grep -q '^permitrootlogin no$' && sshd -T | grep -q '^kbdinteractiveauthentication no$'"
|
||||
}
|
||||
|
||||
configure_ufw() {
|
||||
|
||||
Reference in New Issue
Block a user