From e68e771592fc2df9500bbfb17371f51cca724a3c Mon Sep 17 00:00:00 2001
From: Damian Myrda <monkey.damianek@gmail.com>
Date: Sat, 7 Sep 2024 17:38:35 -0500
Subject: [PATCH] Harden ssh

---
 README.md |  2 +-
 setup.sh  | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0b5183d..e2095a3 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Run `sh <(curl -s https://raw.githubusercontent.com/moncheeta/p8d/master/downloa
 
 # setup
 
-Run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
+First of all, make sure you copied your ssh public key on the server. If not, you can use the `ssh-copy-id` command. Next, run `setup.sh` to properly setup all the services. Afterwards, it's recommended to restart the server.
 
 # run
 
diff --git a/setup.sh b/setup.sh
index 446caf5..bac50be 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,5 +1,15 @@
 #!/bin/sh
 
+echo "securing ssh"
+PORT=2222
+sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
+            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
+            -e 's/^#\?UsePAM .*/UsePAM no/' \
+            -e 's/^#\?Port .*/Port $PORT/' \
+            /etc/ssh/sshd_config
+echo "switched port to $PORT"
+sudo systemctl restart sshd
+
 echo "setting up services"
 docker compose build
 docker compose up mail -d
-- 
2.43.4