Description
Sets a meaningful configuration for SSH:
- enables key authentication
- disables password authentication
- sets a custom banner
- keeps only meaningful MOTDs
Important
- create yourself an ASCII Banner and replace the default one
- run as
rootuser
#!/bin/bash
#
# Description:
# This script sets certain parameters in /etc/ssh/sshd_config.
#
# What should it do?
# * Check whether a /etc/ssh/sshd_config file exists
# * Create a backup of this file
# * Edit the file to set certain parameters
# * Reload the sshd configuration
# To enable debugging mode remove '#' from the following line
#set -x
# Variables
file="$1"
param[1]="PermitRootLogin"
param[2]="PubkeyAuthentication"
param[3]="ChallengeResponseAuthentication"
param[4]="PasswordAuthentication"
param[5]="Banner"
# Functions
usage(){
cat << EOF
usage: $0 ARG1
ARG1 Name of the sshd_config file to edit.
In case ARG1 is empty, /etc/ssh/sshd_config will be used as default.
Description:
This script sets certain parameters in /etc/ssh/sshd_config.
What should it do?
* Check whether a /etc/ssh/sshd_config file exists
* Create a backup of this file
* Edit the file to set certain parameters
EOF
}
backup_sshd_config(){
if [ -f ${file} ]
then
/usr/bin/cp ${file} ${file}.1
else
/usr/bin/echo "File ${file} not found."
exit 1
fi
}
edit_sshd_config(){
for PARAM in ${param[@]}
do
/usr/bin/sed -i '/^'"${PARAM}"'/d' ${file}
/usr/bin/echo "All lines beginning with '${PARAM}' were deleted from ${file}."
done
/usr/bin/echo "${param[1]} yes" >> ${file}
/usr/bin/echo "'${param[1]} yes' was added to ${file}."
/usr/bin/echo "${param[2]} yes" >> ${file}
/usr/bin/echo "'${param[2]} yes' was added to ${file}."
/usr/bin/echo "${param[3]} no" >> ${file}
/usr/bin/echo "'${param[3]} no' was added to ${file}"
/usr/bin/echo "${param[4]} no" >> ${file}
/usr/bin/echo "'${param[4]} no' was added to ${file}"
/usr/bin/echo "${param[5]} /etc/ssh/banner" >> ${file}
/usr/bin/echo "'${param[5]} /etc/ssh/banner' was added to ${file}"
}
reload_sshd(){
/usr/bin/systemctl reload sshd.service
}
add_banner() {
sudo echo "
" > /etc/ssh/banner
}
remove_spam_motd() {
sudo rm -rf /etc/update-motd.d/10-help-text
sudo rm -rf /etc/update-motd.d/50-motd-news
sudo sed -i 's/Welcome to //' /etc/update-motd.d/00-header
}
# main
while getopts .h. OPTION
do
case $OPTION in
h)
usage
exit;;
?)
usage
exit;;
esac
done
if [ -z "${file}" ]
then
file="/etc/ssh/sshd_config"
fi
backup_sshd_config
edit_sshd_config
add_banner
remove_spam_motd
reload_sshd
echo "👍 Meaningful SSH configuration has been set!"
Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!
