-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssh-secure.sh
122 lines (108 loc) · 3.42 KB
/
ssh-secure.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
red='\033[0;31m'
bblue='\033[0;34m'
yellow='\033[0;33m'
green='\033[0;32m'
plain='\033[0m'
red(){ echo -e "\033[31m\033[01m$1\033[0m";}
green(){ echo -e "\033[32m\033[01m$1\033[0m";}
yellow(){ echo -e "\033[33m\033[01m$1\033[0m";}
blue(){ echo -e "\033[36m\033[01m$1\033[0m";}
white(){ echo -e "\033[37m\033[01m$1\033[0m";}
bblue(){ echo -e "\033[34m\033[01m$1\033[0m";}
rred(){ echo -e "\033[35m\033[01m$1\033[0m";}
readtp(){ read -t5 -n26 -p "$(yellow "$1")" $2;}
readp(){ read -p "$(yellow "$1")" $2;}
check_fail2ban_installed() {
sudo systemctl is-active --quiet fail2ban
return $?
}
install_fail2ban() {
sudo apt-get update
sudo apt-get install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
green "fail2ban Installed"
}
configure_fail2ban() {
yellow "Configuring fail2ban"
# sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo cat << EOF > "/etc/fail2ban/jail.local"
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 360000
EOF
sudo systemctl restart fail2ban
}
check_fail2ban_status() {
sudo systemctl status fail2ban
}
configure_ssh() {
sshd_config="/etc/ssh/sshd_config"
if grep -q '^#PubkeyAuthentication no' $sshd_config; then
sudo sed -i 's/^#PubkeyAuthentication no/PubkeyAuthentication yes/' $sshd_config
elif grep -q '^#PubkeyAuthentication yes' $sshd_config; then
sudo sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' $sshd_config
elif grep -q '^PubkeyAuthentication no' $sshd_config; then
sudo sed -i 's/^PubkeyAuthentication no/PubkeyAuthentication yes/' $sshd_config
elif ! grep -q '^PubkeyAuthentication' $sshd_config; then
echo "PubkeyAuthentication yes" | sudo tee -a $sshd_config
fi
# Other SSH configuration changes
sudo sed -i 's/^PasswordAuthentication .*/PasswordAuthentication no/' $sshd_config
sudo sed -i 's/^ChallengeResponseAuthentication .*/ChallengeResponseAuthentication no/' $sshd_config
sudo sed -i 's/^UsePAM .*/UsePAM no/' $sshd_config
sudo systemctl restart ssh
}
create_and_copy_ssh_key() {
yellow "Let's get you a key!"
if [ -f ~/.ssh/id_rsa.pub ]; then
yellow "SSH key already exists. Using existing key."
else
yellow "Creating SSH key"
ssh-keygen -t rsa -b 2048
fi
readp "Enter the server-side username: " user
readp "Enter the server IP: " server_ip
readp "Enter the SSH port (default is 22): " ssh_port
ssh_port=${ssh_port:-22}
ssh-copy-id -p $ssh_port $user@$server_ip
}
echo
echo
red "------------------Choose an option--------------------"
green "1. Local Machine (Generate SSH key and copy to server)"
green "2. Server (Install Fail2Ban and configure SSH)"
white "3. Exit"
red "------------------------------------------------------"
readp "Enter your choice (1, 2, or 3): " choice
case $choice in
1)
create_and_copy_ssh_key
;;
2)
if ! check_fail2ban_installed; then
yellow "Installing Fail2Ban..."
install_fail2ban
configure_fail2ban
else
yellow "Fail2Ban is already installed."
configure_fail2ban
check_fail2ban_status
fi
yellow "Configuring SSH..."
configure_ssh
;;
3)
bblue "Exiting."
exit 0
;;
*)
red "Invalid choice. Exiting."
exit 1
;;
esac