bear/baseline.sh

## baseline.sh
#!/bin/bash

# assumes a fairly recent Ubuntu - may work on Debian or others but needs testing
# assumes you have your .ssh/config setup to specify a user and key for the host

HOST=$1
KEY=$2

if [ "${HOST}" == "" ]; then
  echo "you must provide a hostname"
  exit 1
fi
if [ "${KEY}" == "" ]; then
  echo "you must provide the full path and ssh public key"
  exit 2
fi

ssh root@${HOST} "sed -i.backup -e 's/PermitRootLogin\syes/PermitRootLogin no/' /etc/ssh/sshd_config"
ssh root@${HOST} "sed -i''      -e 's/#PasswordAuthentication\syes/PasswordAuthentication no/' /etc/ssh/sshd_config"
ssh root@${HOST} "sed -i''      -e 's/X11Forwarding\syes/X11Forwarding no/' /etc/ssh/sshd_config"
ssh root@${HOST} "mkdir -p /root/.ssh"
ssh root@${HOST} "chmod 700 /root/.ssh"

scp ${KEY} root@${HOST}:/root/.ssh/baseline.key

ssh root@${HOST} "cat /root/.ssh/baseline.key >> /root/.ssh/authorized_keys"
ssh root@${HOST} "chown root:root /root/.ssh/authorized_keys"
ssh root@${HOST} "chmod 600 /root/.ssh/authorized_keys"

ssh root@${HOST} "useradd -m -c ops -s /bin/bash ops"
ssh root@${HOST} "mkdir -p /home/ops/.ssh"
ssh root@${HOST} "chmod 700 /home/ops/.ssh"
ssh root@${HOST} "cat /root/.ssh/baseline.key >> /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "chown ops:ops /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "chmod 600 /home/ops/.ssh/authorized_keys"
ssh root@${HOST} "echo 'ops ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers"
	#!/bin/bash

	# assumes a fairly recent Ubuntu - may work on Debian or others but needs testing
	# assumes you have your .ssh/config setup to specify a user and key for the host

	HOST=$1
	KEY=$2

	if [ "${HOST}" == "" ]; then
	echo "you must provide a hostname"
	exit 1
	fi
	if [ "${KEY}" == "" ]; then
	echo "you must provide the full path and ssh public key"
	exit 2
	fi

	ssh root@${HOST} "sed -i.backup -e 's/PermitRootLogin\syes/PermitRootLogin no/' /etc/ssh/sshd_config"
	ssh root@${HOST} "sed -i'' -e 's/#PasswordAuthentication\syes/PasswordAuthentication no/' /etc/ssh/sshd_config"
	ssh root@${HOST} "sed -i'' -e 's/X11Forwarding\syes/X11Forwarding no/' /etc/ssh/sshd_config"
	ssh root@${HOST} "mkdir -p /root/.ssh"
	ssh root@${HOST} "chmod 700 /root/.ssh"

	scp ${KEY} root@${HOST}:/root/.ssh/baseline.key

	ssh root@${HOST} "cat /root/.ssh/baseline.key >> /root/.ssh/authorized_keys"
	ssh root@${HOST} "chown root:root /root/.ssh/authorized_keys"
	ssh root@${HOST} "chmod 600 /root/.ssh/authorized_keys"

	ssh root@${HOST} "useradd -m -c ops -s /bin/bash ops"
	ssh root@${HOST} "mkdir -p /home/ops/.ssh"
	ssh root@${HOST} "chmod 700 /home/ops/.ssh"
	ssh root@${HOST} "cat /root/.ssh/baseline.key >> /home/ops/.ssh/authorized_keys"
	ssh root@${HOST} "chown ops:ops /home/ops/.ssh/authorized_keys"
	ssh root@${HOST} "chmod 600 /home/ops/.ssh/authorized_keys"
	ssh root@${HOST} "echo 'ops ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers"