From a99bc572a9b43bdb1284616bb59ab6fccf952b16 Mon Sep 17 00:00:00 2001 From: archos Date: Wed, 29 May 2024 07:41:05 +0200 Subject: [PATCH] =?UTF-8?q?Ze=20skriptu=20u=20p=C5=99=C3=ADkaz=C5=AF=20ods?= =?UTF-8?q?tran=C4=9Bno=20sudo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup_server.sh | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/setup_server.sh b/setup_server.sh index b879ed0..cc3a0f8 100644 --- a/setup_server.sh +++ b/setup_server.sh @@ -12,7 +12,7 @@ ################################################################################################################## # Aktualizace systému -sudo apt update && sudo apt upgrade -y +apt update && sudo apt upgrade -y # Zadejte uživatelské jméno pro nového uživatele read -p "Zadejte jméno nového uživatele: " USERNAME @@ -22,46 +22,46 @@ read -p "Zadejte nový SSH port (výchozí 2022): " SSH_PORT SSH_PORT=${SSH_PORT:-2022} # Vytvoření nového uživatele a přidání do skupiny sudo -sudo useradd -m -s /bin/bash $USERNAME -sudo usermod -aG sudo $USERNAME +useradd -m -s /bin/bash $USERNAME +usermod -aG sudo $USERNAME # Nastavení hesla pro nového uživatele echo "Nastavte heslo pro uživatele $USERNAME:" sudo passwd $USERNAME # Nastavení SSH klíčů pro nového uživatele -sudo mkdir -p /home/$USERNAME/.ssh -sudo chmod 700 /home/$USERNAME/.ssh +mkdir -p /home/$USERNAME/.ssh +chmod 700 /home/$USERNAME/.ssh read -p "Vložte veřejný klíč pro uživatele $USERNAME: " USER_SSH_KEY echo $USER_SSH_KEY | sudo tee /home/$USERNAME/.ssh/authorized_keys -sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys -sudo chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh +chmod 600 /home/$USERNAME/.ssh/authorized_keys +chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh # Nastavení firewallu (ufw) if ! command -v ufw &> /dev/null then - sudo apt update - sudo apt install ufw -y + apt update + apt install ufw -y fi -sudo ufw default deny incoming -sudo ufw default allow outgoing -sudo ufw allow $SSH_PORT/tcp -echo "y" | sudo ufw enable + ufw default deny incoming + ufw default allow outgoing + ufw allow $SSH_PORT/tcp +echo "y" | ufw enable # Změna SSH konfigurace -sudo sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config -sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config -sudo sed -i 's/PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config -sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config -sudo sed -i 's/PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config -sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config -sudo sed -i 's/PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config +sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config +sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config +sed -i 's/PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config +sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config +sed -i 's/PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config +sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config +sed -i 's/PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config # Restart SSH služby, aby se změny projevily if systemctl list-units --type=service | grep -q "ssh.service"; then - sudo systemctl restart ssh + systemctl restart ssh elif systemctl list-units --type=service | grep -q "sshd.service"; then - sudo systemctl restart sshd + systemctl restart sshd else echo "SSH služba nebyla nalezena. Zkontrolujte název služby." fi