Merge pull request #10 from buildplan/main

Sync

README.md

@@ -1,6 +1,6 @@
 # Debian & Ubuntu Server Setup & Hardening Script
 
-**Version:** 3.11
+**Version:** 3.12
 
 **Last Updated:** 2025-06-27
 

setup_harden_debian_ubuntu.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 3.11 | 2025-06-27
+# Version: 3.12 | 2025-06-27
 # Compatible with: Debian 12 (Bookworm), Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS. 24.10 (experimental)
 # Tested on Debian 12, Ubuntu 24.04 and 24.10 at DigitalOcean, Oracle Cloud, Netcup, Hetzner and local VMs
 #
@@ -80,7 +80,8 @@ print_header() {
     echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
     echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                     v3.11 | 2025-06-27                          ║${NC}"
+    echo -e "${CYAN}║                     v3.12 | 2025-06-27                          ║${NC}"
+    echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
     echo
 }
@@ -387,27 +388,32 @@ setup_user() {
         SSH_DIR="$USER_HOME/.ssh"
         AUTH_KEYS="$SSH_DIR/authorized_keys"
 
-        if confirm "Add an SSH public key from your local machine now?"; then
+        if confirm "Add SSH public key(s) from your local machine now?"; then
-            while true; do
+        while true; do # Loop to allow adding multiple keys
-                read -rp "$(echo -e "${CYAN}Paste your full SSH public key: ${NC}")" SSH_PUBLIC_KEY
+            local SSH_PUBLIC_KEY # Declare locally to avoid issues
-                if validate_ssh_key "$SSH_PUBLIC_KEY"; then
+            read -rp "$(echo -e "${CYAN}Paste your full SSH public key: ${NC}")" SSH_PUBLIC_KEY
-                    mkdir -p "$SSH_DIR"
+
-                    chmod 700 "$SSH_DIR"
+            if validate_ssh_key "$SSH_PUBLIC_KEY"; then
-                    echo "$SSH_PUBLIC_KEY" >> "$AUTH_KEYS"
+                mkdir -p "$SSH_DIR"
-                    # De-duplicate keys
+                chmod 700 "$SSH_DIR"
-                    awk '!seen[$0]++' "$AUTH_KEYS" > "$AUTH_KEYS.tmp" && mv "$AUTH_KEYS.tmp" "$AUTH_KEYS"
+                echo "$SSH_PUBLIC_KEY" >> "$AUTH_KEYS"
-                    chmod 600 "$AUTH_KEYS"
+                # De-duplicate keys after adding the new one
-                    chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
+                awk '!seen[$0]++' "$AUTH_KEYS" > "$AUTH_KEYS.tmp" && mv "$AUTH_KEYS.tmp" "$AUTH_KEYS"
-                    print_success "SSH public key added."
+                chmod 600 "$AUTH_KEYS"
-                    log "Added SSH public key for '$USERNAME'."
+                chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
-                    LOCAL_KEY_ADDED=true
+                print_success "SSH public key added."
-                    break
+                log "Added SSH public key for '$USERNAME'."
-                else
+                LOCAL_KEY_ADDED=true # Set this flag to true since at least one key was added
-                    print_error "Invalid SSH key format. It should start with 'ssh-rsa', 'ecdsa-*', or 'ssh-ed25519'."
+            else
-                    if ! confirm "Try again?"; then print_info "Skipping SSH key addition."; break; fi
+                print_error "Invalid SSH key format. It should start with 'ssh-rsa', 'ecdsa-*', or 'ssh-ed25519'."
-                fi
+            fi
-            done
+
-        fi
+            if ! confirm "Do you have another SSH public key to add?" "n"; then
+                print_info "Finished adding SSH keys."
+                break # User answered 'n', break the loop
+            fi
+        done
+    fi
         print_success "User '$USERNAME' created."
     else
         print_info "Using existing user: $USERNAME"
@@ -604,7 +610,7 @@ EOF
         chmod 644 /etc/ssh/sshd_config.d/99-hardening.conf
         tee /etc/issue.net > /dev/null <<'EOF'
 ******************************************************************************
-                        AUTHORIZED ACCESS ONLY
+                       🔒AUTHORIZED ACCESS ONLY
             ════ all attempts are logged and reviewed ════
 ******************************************************************************
 EOF