Skip to content

Instantly share code, notes, and snippets.

@bskjon

bskjon/restrict-ssh.sh

Created July 9, 2022 19:13
Show Gist options
  • Save bskjon/22d7431e11b28bc7ba8fcf7f56ad80e3 to your computer and use it in GitHub Desktop.
Save bskjon/22d7431e11b28bc7ba8fcf7f56ad80e3 to your computer and use it in GitHub Desktop.
Download ZIP
Restrict SSH
Raw
restrict-ssh.sh
#!/bin/bash
warning() {
sudo wall -n "[WARNING] SSH Configuration is about to change!"
echo -e "
\033[0;31m
.++++++.
:@@+==+@@:
-@@: :@@-
=@%. .%@=
*@# #@*
#@* *@#
.%@= =@%.
.%@- .++. -@%.
:@@: -@@- :@@:
=@%. -@@- .%@=
+@# :@@: #@+
*@* @@ *@*
#@+ @@ +@#
.%@- #% -@%.
:@@: .. :@@:
-@%. :%%: .%@-
=@# -- #@=
*@* *@*
#@* *@#
*@#======================================#@*
=++++++++++++++++++++++++++++++++++++++++=
\033[0m
WARNING
Changing SSH configuration
Please ensure that SSH-Keys are installed!
Once services has been reloaded, access will be restricted
"
echo -e "\033[1;33mChanges to SSH Configuration \033[0m \n"
diff /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
echo -e "\n\n"
}
finalize() {
echo "Reloading services"
sudo systemctl reload ssh
sudo systemctl reload sshd
echo "\n\nDone!"
}
restrict() {
cp -n /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i '/^UsePAM/s/yes/no/' /etc/ssh/sshd_config
sed -i '/^ChallengeResponseAuthentication/s/yes/no/' /etc/ssh/sshd_config
sed -i '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
warning
read -p "Are you sure? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
finalize
else
revert
fi
}
revert() {
echo -e "\033[1;33m\n\nReverting changes \033[0m \n"
cp -f /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
echo "\n\nDone!"
}
trap revert INT
restrict
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment