Update Linux/SSH/secure_ssh.sh

2025-05-07 19:30:17 +00:00
parent 6d9348fc13
commit fcefd46285
1 changed files with 3 additions and 5 deletions
--- a/Linux/SSH/secure_ssh.sh
+++ b/Linux/SSH/secure_ssh.sh
@@ -18,6 +18,7 @@ printf "\033c"   # Clear terminal
 SSH_CONFIG_DIR="/etc/ssh/sshd_config.d"
 SSH_MAIN_CONFIG="/etc/ssh/sshd_config"
 SSH_CONFIG_FILE="$SSH_CONFIG_DIR/secure.conf"
+SSH_GROUP="ssh-access"
 ED25519_KEY="/etc/ssh/ssh_host_ed25519_key"

 # ─── ANSI Colors ─────────────────────────────────────────────────────────────
@@ -76,7 +77,6 @@ command -v sshd &>/dev/null || install_package openssh-server
 }

 # ─── Benutzer/Gruppen-Abfrage ──────────────────────────────────────────────
-read -rp $'\e[1;34mAllowed SSH users (space-separated): \e[0m' SSH_USERS
 read -rp $'\e[1;34mAllowed SSH group (leave empty if unused): \e[0m' SSH_GROUP

 # ─── Konfigurationsdatei erstellen ─────────────────────────────────────────
@@ -93,8 +93,7 @@ PermitEmptyPasswords no
 HostKey $ED25519_KEY

 # ─── Access Control ───────────────────────────────────────────────────────
-AllowUsers ${SSH_USERS}
-${SSH_GROUP:+AllowGroups $SSH_GROUP}  # Nur gesetzt, wenn Gruppe existiert
+AllowGroups ${SSH_GROUP}
 DenyUsers root admin administrator

 # ─── Authentication ───────────────────────────────────────────────────────
@@ -136,7 +135,6 @@ sudo sshd -t || { error "Invalid SSH config. Fix errors before restarting."; exi
 restart_ssh_service $(basename "$(command -v sshd)") || exit 1

 log "Hardened SSH setup complete!"
-echo -e "\n${WHITE}→ Allowed users: ${SSH_USERS}${RESET}"
-[ -n "$SSH_GROUP" ] && echo -e "${WHITE}→ Allowed group: ${SSH_GROUP}${RESET}"
+echo -e "\n${WHITE}→ Allowed Groups: ${SSH_GROUP}${RESET}"
 echo -e "${WHITE}→ Active settings:${RESET}"
 sudo sshd -T | grep -Ei "allowusers|allowgroups|permitroot|maxauthtries|clientalive"