Untitled

#!/bin/bash
echo 'Non-root username:'
read user
echo 'Non-root users password:'
read pwd
echo 'New ssh tunnels port:'
read port
# Adding non-root user and copying verification
useradd -m -s $(which bash) -G sudo $user
/usr/bin/passwd $user <<EOF
$pwd
$pwd
EOF
/usr/bin/expect << EOF
spawn ssh-copy-id -i /root/.ssh/id_rsa $user@146.71.76.161
expect {
    "continue" { send "yes\n"; exp_continue }
    "Password:" { send "$pwd\n"; }
}
EOF
# Rewriting content of the ssh config
echo -n "Port $port
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel SILENT
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes" > /etc/ssh/sshd_config
apt-get update && apt-get upgrade -qq
# Cleaning logs
find /var/log -type f -delete
find /var/log -type f -regex ".*\.gz$"
find /var/log -type f -regex ".*\.[0-9]$"
# Adding firewall
apt-get install ufw -qq
ufw allow $port/tcp
echo "y" | ufw enable
reboot