Created
July 9, 2022 19:13
-
-
Save bskjon/22d7431e11b28bc7ba8fcf7f56ad80e3 to your computer and use it in GitHub Desktop.
Restrict SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
warning() { | |
sudo wall -n "[WARNING] SSH Configuration is about to change!" | |
echo -e " | |
\033[0;31m | |
.++++++. | |
:@@+==+@@: | |
-@@: :@@- | |
=@%. .%@= | |
*@# #@* | |
#@* *@# | |
.%@= =@%. | |
.%@- .++. -@%. | |
:@@: -@@- :@@: | |
=@%. -@@- .%@= | |
+@# :@@: #@+ | |
*@* @@ *@* | |
#@+ @@ +@# | |
.%@- #% -@%. | |
:@@: .. :@@: | |
-@%. :%%: .%@- | |
=@# -- #@= | |
*@* *@* | |
#@* *@# | |
*@#======================================#@* | |
=++++++++++++++++++++++++++++++++++++++++= | |
\033[0m | |
WARNING | |
Changing SSH configuration | |
Please ensure that SSH-Keys are installed! | |
Once services has been reloaded, access will be restricted | |
" | |
echo -e "\033[1;33mChanges to SSH Configuration \033[0m \n" | |
diff /etc/ssh/sshd_config /etc/ssh/sshd_config.bak | |
echo -e "\n\n" | |
} | |
finalize() { | |
echo "Reloading services" | |
sudo systemctl reload ssh | |
sudo systemctl reload sshd | |
echo "\n\nDone!" | |
} | |
restrict() { | |
cp -n /etc/ssh/sshd_config /etc/ssh/sshd_config.bak | |
sed -i '/^UsePAM/s/yes/no/' /etc/ssh/sshd_config | |
sed -i '/^ChallengeResponseAuthentication/s/yes/no/' /etc/ssh/sshd_config | |
sed -i '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config | |
sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config | |
warning | |
read -p "Are you sure? " -n 1 -r | |
echo # (optional) move to a new line | |
if [[ $REPLY =~ ^[Yy]$ ]] | |
then | |
finalize | |
else | |
revert | |
fi | |
} | |
revert() { | |
echo -e "\033[1;33m\n\nReverting changes \033[0m \n" | |
cp -f /etc/ssh/sshd_config.bak /etc/ssh/sshd_config | |
echo "\n\nDone!" | |
} | |
trap revert INT | |
restrict |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment