build: deny root login via ssh

openoms · Jun 20, 2021 · fda5e21 · fda5e21
1 parent 57f4d34
commit fda5e21
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/build_joininbox.sh b/build_joininbox.sh
@@ -443,10 +443,24 @@ ufw --force enable
 systemctl enable ufw
 ufw status
 
-# make folder for authorized keys 
+# make a folder for authorized keys 
 sudo -u joinmarket mkdir -p /home/joinmarket/.ssh
 chmod -R 700 /home/joinmarket/.ssh
 
+# deny root login via ssh
+if grep -Eq "^PermitRootLogin" /etc/ssh/sshd_config; then
+  sed -i "s/^PermitRootLogin.*/PermitRootLogin  no/g" /etc/ssh/sshd_config
+else
+  echo "PermitRootLogin  no" >> /etc/ssh/sshd_config
+fi
+systemctl restart ssh
+
+echo 
+echo "##########"
+echo "# Extras #"
+echo "##########"
+echo 
+
 # install a command-line fuzzy finder (https://github.com/junegunn/fzf)
 apt -y install fzf
 bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> \