18 lines
735 B
Bash
18 lines
735 B
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|
|
|
log "Installing OpenSSH server..."
|
|
sudo pacman -S --noconfirm --needed openssh
|
|
|
|
log "Hardening SSH config (disable root login, enforce key auth)..."
|
|
SSHD_CONF=/etc/ssh/sshd_config
|
|
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONF"
|
|
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONF"
|
|
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONF"
|
|
|
|
log "Enabling sshd service..."
|
|
sudo systemctl enable sshd.service
|
|
log "SSH server installed and enabled (key auth only, root login disabled)."
|
|
warn "Add your public key to ~/.ssh/authorized_keys before first use."
|