From: Damian Myrda <monkey.damianek@gmail.com>
Date: Sat, 7 Sep 2024 22:38:35 +0000 (-0500)
Subject: Harden ssh
X-Git-Url: http://git.prime8.dev/?a=commitdiff_plain;h=e68e771592fc2df9500bbfb17371f51cca724a3c;p=p8d.git

Harden ssh
---

diff --git a/README.md b/README.md
index 0b5183d..e2095a3 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Run `sh <(curl -s https://raw.githubusercontent.com/moncheeta/p8d/master/downloa
 
 # setup
 
-Run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
+First of all, make sure you copied your ssh public key on the server. If not, you can use the `ssh-copy-id` command. Next, run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
 
 # run
 
diff --git a/setup.sh b/setup.sh
index 446caf5..bac50be 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,5 +1,15 @@
 #!/bin/sh
 
+echo "securing ssh"
+PORT=2222
+sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
+            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
+            -e 's/^#\?UsePAM .*/UsePAM no/' \
+            -e 's/^#\?Port .*/Port $PORT/' \
+            /etc/ssh/sshd_config
+echo "switched port to $PORT"
+sudo systemctl restart sshd
+
 echo "setting up services"
 docker compose build
 docker compose up mail -d