Last active
December 5, 2022 19:11
-
-
Save thetillhoff/f235212d541e866bf68225c3989e47dd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Prerequisites | |
# - install debian netinst iso in non-graphical mode | |
# - deselect all packages that are advertised at the end of the installer - EXCEPT the SSH server and the standard system utilities | |
# - logged in as non-root user, then `su root` and follow the `Usage`. | |
# Usage | |
# `wget -O - "https://gist.githubusercontent.com/thetillhoff/38b109abe1782708c0059f7f99e1426f/raw/setup-debian-server.sh" | sh` | |
# or | |
# `wget -O - "https://link.thetillhoff.de/debian-server" | sh` | |
# Result | |
# - minimal server, with hardened ssh enabled | |
# update packages | |
apt-get update && apt-get upgrade -y | |
# install sudo | |
apt-get install -y sudo | |
# add user to sudoers ($USER even works when `su`-ing to root) | |
/sbin/usermod -aG sudo $USER | |
# [optional] log out and in again to apply group settings | |
# install basic tools | |
apt-get install -y git wget curl coreutils ntp rsync | |
# - coreutils contains tools like cat md5sum, head, tail ,... | |
# set timezone (optional - is taken over from initially set up timezone) | |
timedatectl set-timezone Europe/Berlin | |
# Get ssh public key from github | |
mkdir -p /home/$USER/.ssh | |
wget https://github.com/thetillhoff.keys -O /home/$USER/.ssh/authorized_keys | |
chmod 600 /home/$USER/.ssh/authorized_keys | |
chmod 700 /home/$USER/.ssh | |
chown -R $USER:$USER /home/$USER/.ssh | |
# ssh hardening | |
sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config | |
sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config | |
sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config | |
sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config | |
sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config | |
systemctl restart sshd | |
# install hyperv tooling | |
# wget https://raw.githubusercontent.com/Hinara/linux-vm-tools/ubuntu20-04/ubuntu/20.04/install.sh | |
# chmod -x ./install.sh | |
# ./install.sh # this script needs to be run twice - with a reboot in between |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment