From a12023ed2cf6262251f74de54409fb3b2208eadb Mon Sep 17 00:00:00 2001
From: "N.Andreopoulos" <niko@nicktronic.com>
Date: Mon, 4 Aug 2025 23:45:10 -0400
Subject: [PATCH] Update Setup.sh

---
 Setup.sh | 36 +++++++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/Setup.sh b/Setup.sh
index 0f83d72..6239811 100644
--- a/Setup.sh
+++ b/Setup.sh
@@ -6,35 +6,53 @@ SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrc2BRE6hkdSyyQMykQin/5HCaLyzRuOvS
 SSH_DIR="/root/.ssh"
 AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"
 
+# Ensure script is run as root
 if [ "$(id -u)" -ne 0 ]; then
     echo "[!] This script must be run as root."
     exit 1
 fi
 
-echo "[1/5] Updating system..."
+echo "[1/6] Updating system..."
 apt update && apt upgrade -y
 
-echo "[2/5] Installing sudo and curl..."
+echo "[2/6] Installing required packages..."
 apt install -y sudo curl
 
-echo "[3/5] Creating /root/.ssh if needed..."
+echo "[3/6] Setting up SSH key for root..."
 mkdir -p "$SSH_DIR"
 chmod 700 "$SSH_DIR"
-
-echo "[4/5] Adding SSH key to /root/.ssh/authorized_keys..."
 touch "$AUTHORIZED_KEYS"
 grep -qxF "$SSH_KEY" "$AUTHORIZED_KEYS" || echo "$SSH_KEY" >> "$AUTHORIZED_KEYS"
 chmod 600 "$AUTHORIZED_KEYS"
 
-echo "[5/5] Disabling SSH password authentication..."
+echo "[4/6] Disabling password login for SSH..."
 sed -i 's/^#\?\s*PasswordAuthentication\s\+.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 sed -i 's/^#\?\s*ChallengeResponseAuthentication\s\+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/^#\?\s*UsePAM\s\+.*/UsePAM no/' /etc/ssh/sshd_config
 
-echo "[✓] Restarting SSH service..."
-if command -v systemctl >/dev/null 2>&1; then
+echo "[5/6] Setting SSH login banner..."
+cat << 'EOF' > /etc/issue.net
+\033[1;34m
+AUTHORIZED ACCESS ONLY
+Disconnect immediately if you are not an authorized user.
+
+  _   _ _      _    _                   _        _____ _______   _      _      _____ 
+ | \ | (_)    | |  | |                 (_)      |_   _|__   __| | |    | |    / ____|
+ |  \| |_  ___| | _| |_ _ __ ___  _ __  _  ___    | |    | |    | |    | |   | |     
+ | . ` | |/ __| |/ / __| '__/ _ \| '_ \| |/ __|   | |    | |    | |    | |   | |     
+ | |\  | | (__|   <| |_| | | (_) | | | | | (__   _| |_   | |    | |____| |___| |____ 
+ |_| \_|_|\___|_|\_\\__|_|  \___/|_| |_|_|\___| |_____|  |_|    |______|______\_____|
+
+\033[0m
+EOF
+
+sed -i 's|^#\?\s*Banner\s\+.*|Banner /etc/issue.net|' /etc/ssh/sshd_config
+
+echo "[6/6] Restarting SSH service..."
+if command -v systemctl &>/dev/null; then
     systemctl restart sshd
 else
     service ssh restart
 fi
 
-echo "[✔] Setup complete. Root login via SSH key is enabled. Password login is disabled."
\ No newline at end of file
+echo "[✔] Setup complete. System updated, SSH secured, and banner set."