ssh config доработка

This commit is contained in:
2025-08-24 06:53:07 +03:00
parent 319afeff1b
commit f87f488a13
+18 -5
View File
@@ -121,11 +121,24 @@ create_user() {
} }
configure_ssh() { configure_ssh() {
run "Configuring SSH access" bash -c "install -d -m 700 /home/$USERNAME/.ssh && cat >/home/$USERNAME/.ssh/authorized_keys <<'KEY' run "Configuring SSH access" bash -c '
$SSH_KEY install -d -m 700 -o "$USERNAME" -g "$USERNAME" "/home/$USERNAME/.ssh"
KEY printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
chmod 600 /home/$USERNAME/.ssh/authorized_keys && chown -R '$USERNAME':'$USERNAME' /home/$USERNAME/.ssh && sed -i 's/^#\\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sed -i 's/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf && sed -i '/^[[:space:]]*PasswordAuthentication[[:space:]]\+yes[[:space:]]*$/d' /etc/ssh/sshd_config.d/*.conf && systemctl restart ssh" chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
run "Checking SSH configuration" bash -c "ssh -T | grep -q '^passwordauthentication no' && ssh -T | grep -q '^permitrootlogin no'" chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
sed -i -E "s/^[[:space:]]*#?[[:space:]]*PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i -E "s/^[[:space:]]*#?[[:space:]]*(KbdInteractiveAuthentication|ChallengeResponseAuthentication).*/KbdInteractiveAuthentication no/" /etc/ssh/sshd_config
if [ -d /etc/ssh/sshd_config.d ]; then
rm -f /etc/ssh/sshd_config.d/*-cloud-init.conf
find /etc/ssh/sshd_config.d -maxdepth 1 -type f -name "*.conf" \
-exec sed -i "/^[[:space:]]*PasswordAuthentication[[:space:]]\\+yes[[:space:]]*$/d" {} +
fi
sshd -t
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
'
run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no$' && sshd -T | grep -q '^permitrootlogin no$' && sshd -T | grep -q '^kbdinteractiveauthentication no$'"
} }
configure_ufw() { configure_ufw() {