lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/sysadmin-ii-sys265/linux/centos7/secure-ssh.sh
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

72 lines
2 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
#
# secure-ssh.sh
# author: charlottecroce
#
# creates a new SSH user using $1 parameter
# adds a public key from the local repo or curled from the remote repo
# removes roots ability to SSH in
#
#
# Requirements:
# must run as root
# $1 = username of new user
#
# check if script is run as root
if [ $EUID -ne 0 ]; then
echo "run as root"
exit 1
fi
# check if username was provided
if [ -z $1 ]; then
echo "Usage: $0 <username>"
exit 1
fi
# vars
USERNAME=$1
AUTHORIZED_KEYS_DIR="/home/$USERNAME/.ssh"
AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIR/authorized_keys"
# create user
useradd -m -d /home/$USERNAME -s /bin/bash $USERNAME
echo "user: <$USERNAME> created"
# create .ssh directory, give perms to user
mkdir -p $AUTHORIZED_KEYS_DIR
chmod 700 $AUTHORIZED_KEYS_DIR
# try to get SSH pubkey from local repo
if [ -f "/home/charlotte/champlaintechjournals/sysadmin-ii-sys265/linux/public-keys/id_rsa.pub" ]; then
echo "key found in local repo"
cat /home/charlotte/champlaintechjournals/sysadmin-ii-sys265/linux/public-keys/id_rsa.pub >> $AUTHORIZED_KEYS_FILE
else
# if local key doesn't exist, get from github repo...
echo "no key found in local repo, cloning from github..."
git clone https://git.charlotte.sh/lotte/ChamplainTechJournals /home/$USERNAME
echo "retreived key from github repo"
cat /home/$USERNAME/champlaintechjournals/sysadmin-ii-sys265/linux/public-keys/id_rsa.pub >> $AUTHORIZED_KEYS_FILE
fi
echo "added key to $AUTHORIZED_KEYS_FILE"
# set perms, set new user as directory owner
chmod 600 $AUTHORIZED_KEYS_FILE
chown -R $USERNAME:$USERNAME $AUTHORIZED_KEYS_DIR
# disable root SSH login
sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
echo "Root SSH access has been disabled"
# disable password authentication
sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
echo "Password authentication has been disabled"
# Restart SSH service
echo "restarting ssh..."
systemctl restart sshd
echo "complete!"
View git blame Copy permalink