louis/server-scripts
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

scripts added

Browse Source
This commit is contained in:
Louis Gutenschwager
2026-05-31 13:09:54 -05:00
parent 67a332c96b
commit 25dcc9ce7e
2 changed files with 207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
sshupdate.sh Normal file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
set -e
echo "==============================="
echo " SSH Configuration Script"
echo "==============================="
SSHD_CONFIG="/etc/ssh/sshd_config"
# -------------------------------
# Install SSH Key
# -------------------------------
echo "Installing SSH key..."
SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDosb5jR9eu4Avc0HmMzR8HQDYOGRSxwRYgprpDuggDG eddsa-key-20260531"
mkdir -p ~/.ssh
chmod 700 ~/.ssh
grep -qxF "$SSH_KEY" ~/.ssh/authorized_keys 2>/dev/null || echo "$SSH_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
echo "✅ Key installed"
# -------------------------------
# Backup config
# -------------------------------
cp ${SSHD_CONFIG} ${SSHD_CONFIG}.bak.$(date +%s)
# -------------------------------
# SSH SETTINGS
# -------------------------------
echo "Updating SSH settings..."
# Pubkey
if grep -q "^PubkeyAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^PubkeyAuthentication.*/PubkeyAuthentication yes/" "$SSHD_CONFIG"
else
echo "PubkeyAuthentication yes" >> "$SSHD_CONFIG"
fi
# Password (initially enabled for safety)
if grep -q "^PasswordAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/" "$SSHD_CONFIG"
else
echo "PasswordAuthentication yes" >> "$SSHD_CONFIG"
fi
# KbdInteractive ✅
if grep -q "^KbdInteractiveAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" "$SSHD_CONFIG"
else
echo "KbdInteractiveAuthentication yes" >> "$SSHD_CONFIG"
fi
# ChallengeResponse
if grep -q "^ChallengeResponseAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" "$SSHD_CONFIG"
else
echo "ChallengeResponseAuthentication yes" >> "$SSHD_CONFIG"
fi
systemctl restart ssh
echo "✅ SSH restarted"
# -------------------------------
# Optional Lockdown
# -------------------------------
read -p "Disable password login? (y/N): " DISABLE_PASS
if [[ "$DISABLE_PASS" =~ ^[Yy]$ ]]; then
sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication no/" "$SSHD_CONFIG"
systemctl restart ssh
echo "✅ Password login disabled"
fi
read -p "Disable root login? (y/N): " DISABLE_ROOT
if [[ "$DISABLE_ROOT" =~ ^[Yy]$ ]]; then
sed -i "s/^#*PermitRootLogin.*/PermitRootLogin no/" "$SSHD_CONFIG"
systemctl restart ssh
echo "✅ Root login disabled"
fi
echo ""
echo "==============================="
echo " ✅ SSH CONFIG COMPLETE"
echo "==============================="
echo "⚠️ Test SSH access before closing your session"