15 lines
601 B
Bash
15 lines
601 B
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
sudo pacman -S --noconfirm --needed openssh
|
|
|
|
# Harden defaults: disable root login, enforce key auth only
|
|
SSHD_CONF=/etc/ssh/sshd_config
|
|
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONF"
|
|
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONF"
|
|
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONF"
|
|
|
|
sudo systemctl enable sshd.service
|
|
echo "SSH server installed and enabled (key auth only, root login disabled)."
|
|
echo "Add your public key to ~/.ssh/authorized_keys before first use."
|