From 74b9ec1e1d88c1d71b60984fdc839b91760854f3 Mon Sep 17 00:00:00 2001 From: Ali Date: Fri, 27 Jun 2025 14:53:54 +0100 Subject: [PATCH 1/3] Option to add more than one SSH key --- README.md | 2 +- setup_harden_debian_ubuntu.sh | 52 +++++++++++++++++++---------------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 597cc60..6dacb28 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Debian & Ubuntu Server Setup & Hardening Script -**Version:** 3.11 +**Version:** 3.12 **Last Updated:** 2025-06-27 diff --git a/setup_harden_debian_ubuntu.sh b/setup_harden_debian_ubuntu.sh index c14009b..3ead7f3 100644 --- a/setup_harden_debian_ubuntu.sh +++ b/setup_harden_debian_ubuntu.sh @@ -1,7 +1,7 @@ #!/bin/bash # Debian 12 and Ubuntu Server Hardening Interactive Script -# Version: 3.11 | 2025-06-27 +# Version: 3.12 | 2025-06-27 # Compatible with: Debian 12 (Bookworm), Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS. 24.10 (experimental) # Tested on Debian 12, Ubuntu 24.04 and 24.10 at DigitalOcean, Oracle Cloud, Netcup, Hetzner and local VMs # @@ -80,7 +80,8 @@ print_header() { echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" - echo -e "${CYAN}║ v3.11 | 2025-06-27 ║${NC}" + echo -e "${CYAN}║ v3.12 | 2025-06-27 ║${NC}" + echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo } @@ -387,27 +388,32 @@ setup_user() { SSH_DIR="$USER_HOME/.ssh" AUTH_KEYS="$SSH_DIR/authorized_keys" - if confirm "Add an SSH public key from your local machine now?"; then - while true; do - read -rp "$(echo -e "${CYAN}Paste your full SSH public key: ${NC}")" SSH_PUBLIC_KEY - if validate_ssh_key "$SSH_PUBLIC_KEY"; then - mkdir -p "$SSH_DIR" - chmod 700 "$SSH_DIR" - echo "$SSH_PUBLIC_KEY" >> "$AUTH_KEYS" - # De-duplicate keys - awk '!seen[$0]++' "$AUTH_KEYS" > "$AUTH_KEYS.tmp" && mv "$AUTH_KEYS.tmp" "$AUTH_KEYS" - chmod 600 "$AUTH_KEYS" - chown -R "$USERNAME:$USERNAME" "$SSH_DIR" - print_success "SSH public key added." - log "Added SSH public key for '$USERNAME'." - LOCAL_KEY_ADDED=true - break - else - print_error "Invalid SSH key format. It should start with 'ssh-rsa', 'ecdsa-*', or 'ssh-ed25519'." - if ! confirm "Try again?"; then print_info "Skipping SSH key addition."; break; fi - fi - done - fi + if confirm "Add SSH public key(s) from your local machine now?"; then + while true; do # Loop to allow adding multiple keys + local SSH_PUBLIC_KEY # Declare locally to avoid issues + read -rp "$(echo -e "${CYAN}Paste your full SSH public key: ${NC}")" SSH_PUBLIC_KEY + + if validate_ssh_key "$SSH_PUBLIC_KEY"; then + mkdir -p "$SSH_DIR" + chmod 700 "$SSH_DIR" + echo "$SSH_PUBLIC_KEY" >> "$AUTH_KEYS" + # De-duplicate keys after adding the new one + awk '!seen[$0]++' "$AUTH_KEYS" > "$AUTH_KEYS.tmp" && mv "$AUTH_KEYS.tmp" "$AUTH_KEYS" + chmod 600 "$AUTH_KEYS" + chown -R "$USERNAME:$USERNAME" "$SSH_DIR" + print_success "SSH public key added." + log "Added SSH public key for '$USERNAME'." + LOCAL_KEY_ADDED=true # Set this flag to true since at least one key was added + else + print_error "Invalid SSH key format. It should start with 'ssh-rsa', 'ecdsa-*', or 'ssh-ed25519'." + fi + + if ! confirm "Do you have another SSH public key to add?" "n"; then + print_info "Finished adding SSH keys." + break # User answered 'n', break the loop + fi + done + fi print_success "User '$USERNAME' created." else print_info "Using existing user: $USERNAME" From 37a6bd94fb552a358d7e0473c0e2415780d77c3f Mon Sep 17 00:00:00 2001 From: Ali Date: Fri, 27 Jun 2025 15:45:08 +0100 Subject: [PATCH 2/3] cosmatic chnages --- setup_harden_debian_ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup_harden_debian_ubuntu.sh b/setup_harden_debian_ubuntu.sh index 3ead7f3..5d3ac55 100644 --- a/setup_harden_debian_ubuntu.sh +++ b/setup_harden_debian_ubuntu.sh @@ -610,7 +610,7 @@ EOF chmod 644 /etc/ssh/sshd_config.d/99-hardening.conf tee /etc/issue.net > /dev/null <<'EOF' ****************************************************************************** - AUTHORIZED ACCESS ONLY + 🔒AUTHORIZED ACCESS ONLY ════ all attempts are logged and reviewed ════ ****************************************************************************** EOF From 16a3aec65ad853bb4b03e49ea2c1010a47b23c6c Mon Sep 17 00:00:00 2001 From: buildplan <170122315+buildplan@users.noreply.github.com> Date: Fri, 27 Jun 2025 15:50:40 +0100 Subject: [PATCH 3/3] Update setup_harden_debian_ubuntu.sh --- setup_harden_debian_ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup_harden_debian_ubuntu.sh b/setup_harden_debian_ubuntu.sh index 5d3ac55..123c612 100644 --- a/setup_harden_debian_ubuntu.sh +++ b/setup_harden_debian_ubuntu.sh @@ -610,7 +610,7 @@ EOF chmod 644 /etc/ssh/sshd_config.d/99-hardening.conf tee /etc/issue.net > /dev/null <<'EOF' ****************************************************************************** - 🔒AUTHORIZED ACCESS ONLY + 🔒AUTHORIZED ACCESS ONLY ════ all attempts are logged and reviewed ════ ****************************************************************************** EOF