Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- echo 'Non-root username:'
- read user
- echo 'Non-root users password:'
- read pwd
- echo 'New ssh tunnels port:'
- read port
- # Adding non-root user and copying verification
- useradd -m -s $(which bash) -G sudo $user
- /usr/bin/passwd $user <<EOF
- $pwd
- $pwd
- EOF
- /usr/bin/expect << EOF
- spawn ssh-copy-id -i /root/.ssh/id_rsa $user@146.71.76.161
- expect {
- "continue" { send "yes\n"; exp_continue }
- "Password:" { send "$pwd\n"; }
- }
- EOF
- # Rewriting content of the ssh config
- echo -n "Port $port
- Protocol 2
- HostKey /etc/ssh/ssh_host_rsa_key
- HostKey /etc/ssh/ssh_host_dsa_key
- HostKey /etc/ssh/ssh_host_ecdsa_key
- UsePrivilegeSeparation yes
- KeyRegenerationInterval 3600
- ServerKeyBits 1024
- SyslogFacility AUTH
- LogLevel SILENT
- LoginGraceTime 30
- PermitRootLogin no
- StrictModes yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- IgnoreRhosts yes
- RhostsRSAAuthentication no
- HostbasedAuthentication no
- PermitEmptyPasswords no
- ChallengeResponseAuthentication no
- X11Forwarding yes
- X11DisplayOffset 10
- PrintMotd no
- PrintLastLog yes
- TCPKeepAlive yes
- AcceptEnv LANG LC_*
- Subsystem sftp /usr/lib/openssh/sftp-server
- UsePAM yes" > /etc/ssh/sshd_config
- apt-get update && apt-get upgrade -qq
- # Cleaning logs
- find /var/log -type f -delete
- find /var/log -type f -regex ".*\.gz$"
- find /var/log -type f -regex ".*\.[0-9]$"
- # Adding firewall
- apt-get install ufw -qq
- ufw allow $port/tcp
- echo "y" | ufw enable
- reboot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement