mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
ssh config доработка
This commit is contained in:
@@ -121,11 +121,24 @@ create_user() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
configure_ssh() {
|
configure_ssh() {
|
||||||
run "Configuring SSH access" bash -c "install -d -m 700 /home/$USERNAME/.ssh && cat >/home/$USERNAME/.ssh/authorized_keys <<'KEY'
|
run "Configuring SSH access" bash -c '
|
||||||
$SSH_KEY
|
install -d -m 700 -o "$USERNAME" -g "$USERNAME" "/home/$USERNAME/.ssh"
|
||||||
KEY
|
printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
|
||||||
chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf && sed -i '/^[[:space:]]*PasswordAuthentication[[:space:]]\+yes[[:space:]]*$/d' /etc/ssh/sshd_config.d/*.conf && systemctl restart ssh"
|
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
|
||||||
run "Checking SSH configuration" bash -c "ssh -T | grep -q '^passwordauthentication no' && ssh -T | grep -q '^permitrootlogin no'"
|
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
|
||||||
|
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
|
||||||
|
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config
|
||||||
|
sed -i -E "s/^[[:space:]]*#?[[:space:]]*(KbdInteractiveAuthentication|ChallengeResponseAuthentication).*/KbdInteractiveAuthentication no/" /etc/ssh/sshd_config
|
||||||
|
if [ -d /etc/ssh/sshd_config.d ]; then
|
||||||
|
rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf
|
||||||
|
find /etc/ssh/sshd_config.d -maxdepth 1 -type f -name "*.conf" \
|
||||||
|
-exec sed -i "/^[[:space:]]*PasswordAuthentication[[:space:]]\\+yes[[:space:]]*$/d" {} +
|
||||||
|
fi
|
||||||
|
sshd -t
|
||||||
|
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
|
||||||
|
'
|
||||||
|
|
||||||
|
run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no$' && sshd -T | grep -q '^permitrootlogin no$' && sshd -T | grep -q '^kbdinteractiveauthentication no$'"
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_ufw() {
|
configure_ufw() {
|
||||||
|
|||||||
Reference in New Issue
Block a user