API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 28th, 2017
495
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.94 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. ##
  3. # update and upgrade server
  4. ##
  5. apt-get update
  6. apt-get upgrade -y
  7. apt-get dist-upgrade -y
  8. apt-get autoremove -y
  9.  
  10. ##
  11. # create new user to admin server via ssh
  12. ##
  13. USER="YourName"
  14. PASSWORD="GiveMeYourPassBaby"
  15. HOME="/home/$USER"
  16. HOSTNAME="www.example.com"
  17. SSH_KEY="PasteYourSSHKeyHere"
  18. ###############################################################################
  19. # HOW TO GENERATE SSH_KEY === >
  20. # on your local machine open terminal and type:
  21. # ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  22. # Now appears the text: generating public/private rsa key pair.
  23. # Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
  24. # Enter passphrase (empty for no passphrase): [Type a passphrase]
  25. # Enter same passphrase again: [Type passphrase again]
  26. # cat ~/.ssh/id_rsa.pub copy and paste in SSH_KEY !!!
  27. ###############################################################################
  28. # quietly add a user without password
  29. adduser --system --quiet --shell=/bin/bash --home=$HOME --gecos '$USER' --group $USER
  30. usermod -aG sudo $USER
  31. # set password
  32. echo "$USER:$PASSWORD" | chpasswd
  33.  
  34. ##
  35. # create authorized_keys access on the server
  36. ##
  37. # create authorized_keys access on the server
  38. mkdir -p $HOME/.ssh
  39. chmod 700 $HOME/.ssh
  40. echo "$SSH_KEY" >> $HOME/.ssh/authorized_keys
  41. chown $USER:$USER $HOME/.ssh*
  42. chown $USER:$USER $HOME/.ssh/authorized_keys
  43. chmod 600 $HOME/.ssh/authorized_keys
  44. rm /etc/ssh/sshd_config
  45. cat <<EOF > /etc/ssh/sshd_config
  46. # Package generated configuration file
  47. # See the sshd_config(5) manpage for details
  48.  
  49. # What ports, IPs and protocols we listen for
  50. Port 22
  51. # Use these options to restrict which interfaces/protocols sshd will bind to
  52. #ListenAddress ::
  53. #ListenAddress 0.0.0.0
  54. Protocol 2
  55. # HostKeys for protocol version 2
  56. HostKey /etc/ssh/ssh_host_rsa_key
  57. HostKey /etc/ssh/ssh_host_dsa_key
  58. HostKey /etc/ssh/ssh_host_ecdsa_key
  59. HostKey /etc/ssh/ssh_host_ed25519_key
  60. #Privilege Separation is turned on for security
  61. UsePrivilegeSeparation yes
  62.  
  63. # Lifetime and size of ephemeral version 1 server key
  64. KeyRegenerationInterval 3600
  65. ServerKeyBits 1024
  66.  
  67. # Logging
  68. SyslogFacility AUTH
  69. LogLevel INFO
  70.  
  71. # Authentication:
  72. LoginGraceTime 120
  73. PermitRootLogin no
  74. StrictModes yes
  75.  
  76. RSAAuthentication yes
  77. PubkeyAuthentication yes
  78. AuthorizedKeysFile %h/.ssh/authorized_keys
  79.  
  80. # Don't read the user's ~/.rhosts and ~/.shosts files
  81. IgnoreRhosts yes
  82. # For this to work you will also need host keys in /etc/ssh_known_hosts
  83. RhostsRSAAuthentication no
  84. # similar for protocol version 2
  85. HostbasedAuthentication no
  86. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  87. #IgnoreUserKnownHosts yes
  88.  
  89. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  90. PermitEmptyPasswords no
  91.  
  92. # Change to yes to enable challenge-response passwords (beware issues with
  93. # some PAM modules and threads)
  94. ChallengeResponseAuthentication no
  95.  
  96. # Change to no to disable tunnelled clear text passwords
  97. PasswordAuthentication no
  98.  
  99. # Kerberos options
  100. #KerberosAuthentication no
  101. #KerberosGetAFSToken no
  102. #KerberosOrLocalPasswd yes
  103. #KerberosTicketCleanup yes
  104.  
  105. # GSSAPI options
  106. #GSSAPIAuthentication no
  107. #GSSAPICleanupCredentials yes
  108.  
  109. X11Forwarding yes
  110. X11DisplayOffset 10
  111. PrintMotd no
  112. PrintLastLog yes
  113. TCPKeepAlive yes
  114. #UseLogin no
  115.  
  116. #MaxStartups 10:30:60
  117. #Banner /etc/issue.net
  118.  
  119. # Allow client to pass locale environment variables
  120. AcceptEnv LANG LC_*
  121.  
  122. Subsystem sftp /usr/lib/openssh/sftp-server
  123.  
  124. # Set this to 'yes' to enable PAM authentication, account processing,
  125. # and session processing. If this is enabled, PAM authentication will
  126. # be allowed through the ChallengeResponseAuthentication and
  127. # PasswordAuthentication. Depending on your PAM configuration,
  128. # PAM authentication via ChallengeResponseAuthentication may bypass
  129. # the setting of "PermitRootLogin without-password".
  130. # If you just want the PAM account and session checks to run without
  131. # PAM authentication, then enable this but set PasswordAuthentication
  132. # and ChallengeResponseAuthentication to 'no'.
  133. UsePAM yes
  134. EOF
  135. systemctl reload sshd
  136. hostname $HOSTNAME
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!