Last active
June 10, 2024 22:57
-
-
Save 0x1618/6f1cdf5e70e8adba408e67297b06df20 to your computer and use it in GitHub Desktop.
My script for configuring a new Ubuntu Proxmox VM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Function to generate a random port number excluding common ports | |
generate_random_port() { | |
local port | |
local common_ports=(22 80 443 8080 3306 5432 25 110 995 993 21 20 23 161 162 5060 5061) | |
while true; do | |
port=$((RANDOM % 65535 + 1)) | |
if [[ ! " ${common_ports[@]} " =~ " ${port} " ]]; then | |
echo $port | |
return | |
fi | |
done | |
} | |
# Ask for username input | |
read -p "Enter username: " username | |
# Check if user already exists | |
if id "$username" &>/dev/null; then | |
echo "User $username already exists." | |
else | |
# Add user with home directory | |
sudo useradd -m $username | |
# Change password for user | |
sudo passwd $username | |
# Add user to sudo group | |
sudo usermod -aG sudo $username | |
# Change terminal to bash | |
sudo chsh -s /bin/bash $username | |
fi | |
# Create .ssh folder in user's home directory with proper permissions if it doesn't exist | |
if [ ! -d "/home/$username/.ssh" ]; then | |
sudo mkdir -p /home/$username/.ssh | |
sudo chmod 0700 /home/$username/.ssh | |
fi | |
# Create authorized_keys file with proper permissions if it doesn't exist | |
if [ ! -f "/home/$username/.ssh/authorized_keys" ]; then | |
sudo touch /home/$username/.ssh/authorized_keys | |
sudo chmod 0600 /home/$username/.ssh/authorized_keys | |
fi | |
# Ask for public key and append it to authorized_keys | |
read -p "Enter public SSH key: " ssh_key | |
echo $ssh_key | sudo tee -a /home/$username/.ssh/authorized_keys | |
# Generate a random port number excluding common ports | |
new_port=$(generate_random_port) | |
# Modify /etc/ssh/sshd_config | |
sudo sed -i 's/#\?Port 22/Port '"$new_port"'/g' /etc/ssh/sshd_config | |
sudo sed -i 's/#\?PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config | |
sudo sed -i 's/#\?PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config | |
sudo sed -i 's/#\?PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config | |
# Find .conf file in /etc/ssh/sshd_config.d/ and edit PasswordAuthentication to no | |
sudo find /etc/ssh/sshd_config.d/ -name "*.conf" -exec sudo sed -i 's/#\?PasswordAuthentication.*/PasswordAuthentication no/g' {} \; | |
# Restart SSH service to apply changes | |
sudo service sshd restart | |
# Ask for new VM IP, VM MAC address, and Parent IP | |
read -p "Enter new VM IP: " vm_new_ip | |
read -p "Enter VM MAC address: " vm_macaddress | |
read -p "Enter Hypervisor IP: " parent_ip | |
# Remove the last octet of the parent IP | |
parent_ip_base=$(echo $parent_ip | sed 's/\.[0-9]*$//') | |
# Create the network configuration content | |
network_config=$(cat <<EOF | |
network: | |
ethernets: | |
ens18: | |
dhcp4: true | |
match: | |
macaddress: $vm_macaddress | |
set-name: ens18 | |
addresses: | |
- $vm_new_ip/32 | |
nameservers: | |
addresses: | |
- 1.1.1.1 | |
- 8.8.8.8 | |
search: [] | |
routes: | |
- to: 0.0.0.0/0 | |
via: $parent_ip_base.254 | |
on-link: true | |
optional: true | |
version: 2 | |
EOF | |
) | |
# Output the network configuration to a file | |
network_config_file="/etc/netplan/00-installer-config.yaml" | |
echo "$network_config" | sudo tee $network_config_file | |
# Apply the new network configuration | |
sudo netplan apply | |
# Output the new SSH port | |
echo "The new SSH port is: $new_port" | |
echo "User $username has been created and configured." | |
echo "SSH configuration has been updated and SSH service restarted." | |
echo "Network configuration has been updated and applied." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment