Created
October 26, 2023 14:34
-
-
Save ThinkSalat/45df60ea37d0bb19f53b8489f9a4b179 to your computer and use it in GitHub Desktop.
VPS Quick setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # The idea behind this script is to setup a non root user to act as the main admin, allow use of sudo | |
| # and set up SSH keys | |
| # Function to add a user and configure sudo access | |
| add_admin_user() { | |
| read -p "Enter the admin username: " username | |
| echo "Admin username: $username" | |
| while true; do | |
| read -s -p "Enter the admin password: " password | |
| echo | |
| read -s -p "Confirm the admin password: " password_confirm | |
| echo | |
| if [ "$password" != "$password_confirm" ]; then | |
| echo "Passwords do not match. Please try again." | |
| else | |
| break | |
| fi | |
| done | |
| # Create the admin user | |
| useradd -m "$username" | |
| # Set the admin user's password | |
| echo "$username:$password" | chpasswd | |
| # Determine sudo group based on the distribution | |
| if command -v dpkg &> /dev/null; then | |
| sudo_group="sudo" | |
| elif command -v rpm &> /dev/null; then | |
| sudo_group="wheel" | |
| else | |
| echo "Unsupported distribution. Manually configure sudoers." | |
| fi | |
| # Add the user to the sudo or wheel group | |
| usermod -aG "$sudo_group" "$username" | |
| echo "Admin user '$username' created and added to the '$sudo_group' group." | |
| } | |
| # Function to configure SSH | |
| configure_ssh() { | |
| echo "Configuring SSH" | |
| # Prompt to create or paste SSH keys | |
| while true; do | |
| read -p "Do you want to generate SSH keys (g), paste public keys (p), or generate later (l)? " ssh_choice | |
| if [ "$ssh_choice" = "g" ]; then | |
| ssh-keygen | |
| break | |
| elif [ "$ssh_choice" = "p" ]; then | |
| echo "Paste your public key(s) to add to authorized_keys. Type 'done' when you're finished:" | |
| authorized_keys="" | |
| while read -r key; do | |
| if [ "$key" = "done" ]; then | |
| break | |
| fi | |
| authorized_keys="$authorized_keys$key"$'\n' | |
| done | |
| echo "$authorized_keys" > /home/"$username"/.ssh/authorized_keys | |
| chmod 700 /home/"$username"/.ssh | |
| chmod 600 /home/"$username"/.ssh/authorized_keys | |
| break | |
| elif [ "$ssh_choice" = "l" ]; then | |
| echo "You can generate SSH keys later. Exiting SSH configuration." | |
| break | |
| else | |
| echo "Invalid choice. Please choose 'g' to generate keys, 'p' to paste public keys, or 'l' to generate later." | |
| fi | |
| done | |
| # Disable password authentication | |
| read -p "Do you want to disable password authentication (y/n, default is yes)? " disable_password_auth | |
| disable_password_auth="${disable_password_auth:-y}" | |
| if [ "$disable_password_auth" = "y" ]; then | |
| sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| fi | |
| # Prompt to change SSH port | |
| read -p "Do you want to change the SSH port (default is 22)? " change_port | |
| if [ "$change_port" = "y" ]; then | |
| read -p "Enter the new SSH port: " ssh_port | |
| sed -i "s/#Port 22/Port $ssh_port/" /etc/ssh/sshd_config | |
| fi | |
| # Disable root login | |
| read -p "Do you want to disable root login (y/n, default is yes)? " disable_root_login | |
| disable_root_login="${disable_root_login:-y}" | |
| if [ "$disable_root_login" = "y" ]; then | |
| sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| fi | |
| # Restart SSH service | |
| service ssh restart | |
| } | |
| # Main script | |
| add_admin_user | |
| configure_ssh | |
| echo "Setup complete." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment