baseline.sh

#!/bin/bash

# assumes a fairly recent Ubuntu - may work on Debian or others but needs testing
# assumes you have your .ssh/config setup to specify a user and key for the host

HOST=$1

ssh root@${HOST} "sed -i .backup -e 's/PermitRootLogin\syes/PermitRootLogin no/' /etc/ssh/sshd_config"
ssh root@${HOST} "sed -i .backup -e 's/#PasswordAuthentication\syes/PasswordAuthentication no/' /etc/ssh/sshd_config"
ssh root@${HOST} "sed -i .backup -e 's/X11Forwarding\syes/X11Forwarding no/' /etc/ssh/sshd_config"
ssh root@${HOST} "mkdir -p /root/.ssh"
ssh root@${HOST} "chmod 700 /root/.ssh"
ssh root@${HOST} "cat /root/.ssh/ops.key >> /root/.ssh/authorized_keys"
ssh root@${HOST} "chown root:root /root/.ssh/authorized_keys"
ssh root@${HOST} "chmod 600 /root/.ssh/authorized_keys"

scp ~/.ssh/ops.key root@${HOST}:/root/.ssh/

ssh root@${HOST} "useradd -m -c ops -s /bin/bash ops"
ssh root@${HOST} "mkdir -p /home/ops/.ssh"
ssh root@${HOST} "chmod 700 /home/ops/.ssh"
ssh root@${HOST} "cat /root/.ssh/ops.key >> /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "chown ops:ops /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "chmod 600 /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "cat 'ops ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers"