-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathssh.sh
50 lines (39 loc) · 964 Bytes
/
ssh.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
# !!! Run after setting ssh keys on server !!!
# The script disables password login and root login only allows auth with ssh keys.
# Backup
sudo cp /etc/ssh/sshd_config /var/backups/etc_ssh_sshd_config-backup-$(date +%s)
# Clear all
echo "Include /etc/ssh/sshd_config.d/*.conf" > /etc/ssh/sshd_config
# Create
echo "
# Port
Port 22
# Only ipv4
ListenAddress 0.0.0.0
# Ssh keys
PubkeyAuthentication yes
# Disable root login
PermitRootLogin no
# Allow user check
UsePAM yes
# Disable password login
PasswordAuthentication no
ChallengeResponseAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
# Disable rest
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
GatewayPorts no
PermitTunnel no
PrintMotd no
UseDNS no
# Allow sftp client
Subsystem sftp /usr/lib/openssh/sftp-server
" > /etc/ssh/sshd_config.d/debian.conf
# Restart
sudo service sshd restart
sudo service ssh restart