1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-09 11:41:33 -05:00

Compare commits

...

3 Commits

Author SHA1 Message Date
ff6e6a57e9
Fix ssh hardening 2023-09-07 15:27:02 -07:00
mce0
1925ef8026
fix typo in Ubuntu-22.04-Server.sh (#7)
Update Ubuntu-22.04-Server.sh

Signed-off-by: mce0 <contact@mce0.dev>
2023-09-07 15:23:34 -07:00
92b639fe9e
Change sshd override 2023-09-07 14:44:00 -07:00
4 changed files with 8 additions and 8 deletions

View File

@ -22,8 +22,8 @@ echo 'GSSAPIAuthentication no
VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
sudo sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config sudo sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
sudo mkdir -p /etc/systemd/system/sshd.service.d sudo mkdir -p /etc/systemd/system/ssh.service.d
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/local.conf sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/ssh.service.d/override.conf
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart sshd sudo systemctl restart sshd

View File

@ -13,8 +13,8 @@ VerifyHostKeyDNS yes' | tee /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
mkdir -p /etc/systemd/system/sshd.service.d mkdir -p /etc/systemd/system/ssh.service.d
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/local.conf curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/ssh.service.d/override.conf
systemctl daemon-reload systemctl daemon-reload
systemctl restart sshd systemctl restart sshd

View File

@ -22,7 +22,7 @@ sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
echo 'X11Forwarding no echo 'X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
PasswordAuthentication no' | sudo tee /etc/ssh/sshd_config.d/10-custom.conf PasswordAuthentication no' | sudo tee /etc/ssh/sshd_config.d/10-custom.conf
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/local.conf sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/override.conf
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart sshd sudo systemctl restart sshd

View File

@ -31,14 +31,14 @@ sudo ufw allow OpenSSH
echo 'GSSAPIAuthentication no echo 'GSSAPIAuthentication no
VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf VerifyHostKeyDNS yes' | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
sudo mkdir -p /etc/systemd/system/sshd.service.d sudo mkdir -p /etc/systemd/system/ssh.service.d
sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/sshd.service.d/local.conf sudo curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf -o /etc/systemd/system/ssh.service.d/override.conf
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl restart sshd sudo systemctl restart sshd
# Setup unbound # Setup unbound
sudp apt install -y unbound sudo apt install -y unbound
echo 'server: echo 'server:
trust-anchor-signaling: yes trust-anchor-signaling: yes