louis/server-scripts
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

scripts added

Browse Source
This commit is contained in:
Louis Gutenschwager
2026-05-31 13:09:54 -05:00
parent 67a332c96b
commit 25dcc9ce7e
2 changed files with 207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
serverprep.sh Normal file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
set -e
# ===============================
# CONFIG VALUES (EDIT HERE)
# ===============================
SSH_PORT="48291"
echo "==============================="
echo " Server Prep Script"
echo "==============================="
# -------------------------------
# Prompt for hostname
# -------------------------------
read -p "Enter new hostname (FQDN recommended): " NEW_HOSTNAME
if [ -z "$NEW_HOSTNAME" ]; then
echo "Hostname cannot be empty"
exit 1
fi
hostnamectl set-hostname "$NEW_HOSTNAME"
# -------------------------------
# Timezone
# -------------------------------
read -p "Enter timezone [default: America/Chicago]: " NEW_TZ
NEW_TZ=${NEW_TZ:-America/Chicago}
timedatectl set-timezone "$NEW_TZ"
timedatectl set-ntp true
# -------------------------------
# System update
# -------------------------------
apt update && apt upgrade -y
# -------------------------------
# Base packages
# -------------------------------
apt install -y \
curl \
ca-certificates \
gnupg \
lsb-release \
apt-transport-https \
software-properties-common \
fail2ban \
net-tools \
unzip \
jq
# -------------------------------
# SSH CONFIG (MODERN - socket)
# -------------------------------
echo "Configuring SSH socket on port ${SSH_PORT}..."
mkdir -p /etc/systemd/system/ssh.socket.d
cat > /etc/systemd/system/ssh.socket.d/override.conf <<EOF
[Socket]
ListenStream=
ListenStream=${SSH_PORT}
EOF
# Keep sshd_config aligned
sed -i "s/^#*Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config
# SSH auth settings
sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication yes/" /etc/ssh/sshd_config
if ! grep -q "^KbdInteractiveAuthentication" /etc/ssh/sshd_config; then
echo "KbdInteractiveAuthentication yes" >> /etc/ssh/sshd_config
else
sed -i "s/^KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" /etc/ssh/sshd_config
fi
if ! grep -q "^ChallengeResponseAuthentication" /etc/ssh/sshd_config; then
echo "ChallengeResponseAuthentication yes" >> /etc/ssh/sshd_config
else
sed -i "s/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config
fi
systemctl daemon-reexec
systemctl daemon-reload
systemctl restart ssh.socket
systemctl restart ssh
# -------------------------------
# SSH KEY INSTALL
# -------------------------------
echo "Installing SSH key..."
SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDosb5jR9eu4Avc0HmMzR8HQDYOGRSxwRYgprpDuggDG eddsa-key-20260531"
mkdir -p ~/.ssh
chmod 700 ~/.ssh
grep -qxF "$SSH_KEY" ~/.ssh/authorized_keys 2>/dev/null || echo "$SSH_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
echo "✅ SSH key added"
# -------------------------------
# Firewall
# -------------------------------
read -p "Disable UFW? (Y/n): " DISABLE_UFW
if [[ ! "$DISABLE_UFW" =~ ^[Nn]$ ]]; then
systemctl stop ufw || true
systemctl disable ufw || true
else
ufw allow ${SSH_PORT}/tcp
ufw allow 80/tcp

91
sshupdate.sh Normal file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
set -e
echo "==============================="
echo " SSH Configuration Script"
echo "==============================="
SSHD_CONFIG="/etc/ssh/sshd_config"
# -------------------------------
# Install SSH Key
# -------------------------------
echo "Installing SSH key..."
SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDosb5jR9eu4Avc0HmMzR8HQDYOGRSxwRYgprpDuggDG eddsa-key-20260531"
mkdir -p ~/.ssh
chmod 700 ~/.ssh
grep -qxF "$SSH_KEY" ~/.ssh/authorized_keys 2>/dev/null || echo "$SSH_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
echo "✅ Key installed"
# -------------------------------
# Backup config
# -------------------------------
cp ${SSHD_CONFIG} ${SSHD_CONFIG}.bak.$(date +%s)
# -------------------------------
# SSH SETTINGS
# -------------------------------
echo "Updating SSH settings..."
# Pubkey
if grep -q "^PubkeyAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^PubkeyAuthentication.*/PubkeyAuthentication yes/" "$SSHD_CONFIG"
else
echo "PubkeyAuthentication yes" >> "$SSHD_CONFIG"
fi
# Password (initially enabled for safety)
if grep -q "^PasswordAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/" "$SSHD_CONFIG"
else
echo "PasswordAuthentication yes" >> "$SSHD_CONFIG"
fi
# KbdInteractive ✅
if grep -q "^KbdInteractiveAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" "$SSHD_CONFIG"
else
echo "KbdInteractiveAuthentication yes" >> "$SSHD_CONFIG"
fi
# ChallengeResponse
if grep -q "^ChallengeResponseAuthentication" "$SSHD_CONFIG"; then
sed -i "s/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" "$SSHD_CONFIG"
else
echo "ChallengeResponseAuthentication yes" >> "$SSHD_CONFIG"
fi
systemctl restart ssh
echo "✅ SSH restarted"
# -------------------------------
# Optional Lockdown
# -------------------------------
read -p "Disable password login? (y/N): " DISABLE_PASS
if [[ "$DISABLE_PASS" =~ ^[Yy]$ ]]; then
sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication no/" "$SSHD_CONFIG"
systemctl restart ssh
echo "✅ Password login disabled"
fi
read -p "Disable root login? (y/N): " DISABLE_ROOT
if [[ "$DISABLE_ROOT" =~ ^[Yy]$ ]]; then
sed -i "s/^#*PermitRootLogin.*/PermitRootLogin no/" "$SSHD_CONFIG"
systemctl restart ssh
echo "✅ Root login disabled"
fi
echo ""
echo "==============================="
echo " ✅ SSH CONFIG COMPLETE"
echo "==============================="
echo "⚠️ Test SSH access before closing your session"