WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Linux/SSH/secure_ssh.sh

Browse Source
This commit is contained in:
Manuel Gläser
2025-05-07 19:30:17 +00:00
parent 6d9348fc13
commit fcefd46285
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Linux/SSH/secure_ssh.sh
View File

@@ -18,6 +18,7 @@ printf "\033c" # Clear terminal
SSH_CONFIG_DIR="/etc/ssh/sshd_config.d" SSH_CONFIG_DIR="/etc/ssh/sshd_config.d"
SSH_MAIN_CONFIG="/etc/ssh/sshd_config" SSH_MAIN_CONFIG="/etc/ssh/sshd_config"
SSH_CONFIG_FILE="$SSH_CONFIG_DIR/secure.conf" SSH_CONFIG_FILE="$SSH_CONFIG_DIR/secure.conf"
SSH_GROUP="ssh-access"
ED25519_KEY="/etc/ssh/ssh_host_ed25519_key" ED25519_KEY="/etc/ssh/ssh_host_ed25519_key"
# ─── ANSI Colors ───────────────────────────────────────────────────────────── # ─── ANSI Colors ─────────────────────────────────────────────────────────────
@@ -76,7 +77,6 @@ command -v sshd &>/dev/null || install_package openssh-server
} }
# ─── Benutzer/Gruppen-Abfrage ────────────────────────────────────────────── # ─── Benutzer/Gruppen-Abfrage ──────────────────────────────────────────────
read -rp $'\e[1;34mAllowed SSH users (space-separated): \e[0m' SSH_USERS
read -rp $'\e[1;34mAllowed SSH group (leave empty if unused): \e[0m' SSH_GROUP read -rp $'\e[1;34mAllowed SSH group (leave empty if unused): \e[0m' SSH_GROUP
# ─── Konfigurationsdatei erstellen ───────────────────────────────────────── # ─── Konfigurationsdatei erstellen ─────────────────────────────────────────
@@ -93,8 +93,7 @@ PermitEmptyPasswords no
HostKey $ED25519_KEY HostKey $ED25519_KEY
# ─── Access Control ─────────────────────────────────────────────────────── # ─── Access Control ───────────────────────────────────────────────────────
AllowUsers ${SSH_USERS} AllowGroups ${SSH_GROUP}
${SSH_GROUP:+AllowGroups $SSH_GROUP} # Nur gesetzt, wenn Gruppe existiert
DenyUsers root admin administrator DenyUsers root admin administrator
# ─── Authentication ─────────────────────────────────────────────────────── # ─── Authentication ───────────────────────────────────────────────────────
@@ -136,7 +135,6 @@ sudo sshd -t || { error "Invalid SSH config. Fix errors before restarting."; exi
restart_ssh_service $(basename "$(command -v sshd)") || exit 1 restart_ssh_service $(basename "$(command -v sshd)") || exit 1
log "Hardened SSH setup complete!" log "Hardened SSH setup complete!"
echo -e "\n${WHITE}→ Allowed users: ${SSH_USERS}${RESET}" echo -e "\n${WHITE}→ Allowed Groups: ${SSH_GROUP}${RESET}"
[ -n "$SSH_GROUP" ] && echo -e "${WHITE}→ Allowed group: ${SSH_GROUP}${RESET}"
echo -e "${WHITE}→ Active settings:${RESET}" echo -e "${WHITE}→ Active settings:${RESET}"
sudo sshd -T | grep -Ei "allowusers|allowgroups|permitroot|maxauthtries|clientalive" sudo sshd -T | grep -Ei "allowusers|allowgroups|permitroot|maxauthtries|clientalive"