Harden ssh

diff --git a/README.md b/README.md
index 0b5183d5c475fc00d629a7fa009fc2470b2a7f1c..e2095a38dc080f1df67f900e161f886b04606e95 100644 (file)
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Run `sh <(curl -s https://raw.githubusercontent.com/moncheeta/p8d/master/downloa
 
 # setup
 
-Run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
+First of all, make sure you copied your ssh public key on the server. If not, you can use the `ssh-copy-id` command. Next, run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
 
 # run
 

diff --git a/setup.sh b/setup.sh
index 446caf5c96ff209d829ef5517faf52177ee8df2d..bac50be53df31daeed5df31f1694935d400bc589 100755 (executable)
--- a/setup.sh
+++ b/setup.sh
@@ -1,5 +1,15 @@
 #!/bin/sh
 
+echo "securing ssh"
+PORT=2222
+sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
+            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
+            -e 's/^#\?UsePAM .*/UsePAM no/' \
+            -e 's/^#\?Port .*/Port $PORT/' \
+            /etc/ssh/sshd_config
+echo "switched port to $PORT"
+sudo systemctl restart sshd
+
 echo "setting up services"
 docker compose build
 docker compose up mail -d