-
Notifications
You must be signed in to change notification settings - Fork 0
/
easyssh.sh
executable file
·126 lines (108 loc) · 3.82 KB
/
easyssh.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
printf "\n"
printf "\n"
sleep 0.8
cat << EOF
███████╗ █████╗ ███████╗██╗ ██╗███████╗███████╗██╗ ██╗
██╔════╝██╔══██╗██╔════╝╚██╗ ██╔╝██╔════╝██╔════╝██║ ██║
█████╗ ███████║███████╗ ╚████╔╝ ███████╗███████╗███████║
██╔══╝ ██╔══██║╚════██║ ╚██╔╝ ╚════██║╚════██║██╔══██║
███████╗██║ ██║███████║ ██║ ███████║███████║██║ ██║
╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝
Easy SSH File Transfer Script
EOF
printf "\n"
printf "Author: sidious \n"
printf "Contributor: pimvandenbroek \n"
sleep 0.8
printf "Version 1.2 \n"
printf "\n"
error(){
echo >&2 "$(tput bold; tput setaf 1)[-] ERROR: ${*}$(tput sgr0)"
}
msg(){
echo "$(tput bold; tput setaf 2)[+] ${*}$(tput sgr0)"
}
rootperm(){
if [ "$(id -u)" -ne 0 ]; then
error "You must be root"
exit 1
fi
}
sshinstall(){
msg "Installing openssh-server"; apt update > /dev/null 2>&1; apt install openssh-server --yes > /dev/null 2>&1; msg "Installation and hardening successful"
}
sshdcop(){
cp /etc/ssh/sshd_config /etc/ssh/backup.sshd_config
cat <<EOT >/etc/ssh/sshd_config
Protocol 2
IgnoreRhosts yes
HostbasedAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
X11Forwarding no
MaxAuthTries 5
ClientAliveInterval 900
ClientAliveCountMax 0
Subsystem sftp internal-sftp
UsePAM yes
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
EOT
/etc/init.d/ssh restart > /dev/null 2>&1
if [ $? -eq 0 ]; then
msg "The SSH docker port is forwarded to: 2107"
else
error "sshd_config file could not be hardened, check user permissions.. exiting.." && exit 1
fi
}
setperm(){
chown root:root /etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
chown root:root /etc/anacrontab
chmod og-rwx /etc/anacrontab
chown root:root /etc/crontab
chmod og-rwx /etc/crontab
chown root:root /etc/cron.hourly
chmod og-rwx /etc/cron.hourly
chown root:root /etc/cron.daily
chmod og-rwx /etc/cron.daily
chown root:root /etc/cron.weekly
chmod og-rwx /etc/cron.weekly
chown root:root /etc/cron.monthly
chmod og-rwx /etc/cron.monthly
chown root:root /etc/cron.d
chmod og-rwx /etc/cron.d
chown root:root /etc/passwd
chmod 644 /etc/passwd
chown root:root /etc/group
chmod 644 /etc/group
chown root:root /etc/shadow
chmod 600 /etc/shadow
chown root:root /etc/gshadow
chmod 600 /etc/gshadow
}
createuser(){
USNA="$(date +%s | md5sum | head -c 4; echo)"
useradd -m -s /bin/bash $USNA
DAT="$(date +%s | sha256sum | base64 | head -c 32 ; echo)"
echo $USNA:$DAT | chpasswd
}
rootperm
sshinstall
sshdcop
setperm > /dev/null 2>&1
createuser
NORMAL="\033[0;39m"
printf "$NORMAL-----------------------------------------------\n"
msg "username: $USNA"
msg "password: $DAT"
printf "$NORMAL-----------------------------------------------\n"
printf "\n"
printf "Don't forget to make the appropiate firewall or port forwarding changes.. \n"
printf "\n"
printf "[+] PRESS CTRL-C TO END THE LOG_STREAM [+]\n"
printf "\n"