#!/bin/bash set -e SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrc2BRE6hkdSyyQMykQin/5HCaLyzRuOvSgei9LJ2yE nikoa@Niko-hp-gamingpc-1" SSH_DIR="/root/.ssh" AUTHORIZED_KEYS="$SSH_DIR/authorized_keys" # Ensure script is run as root if [ "$(id -u)" -ne 0 ]; then echo "[!] This script must be run as root." exit 1 fi echo "[1/7] Updating system..." apt update && apt upgrade -y echo "[2/7] Installing required packages..." apt install -y sudo curl echo "[3/7] Installing Docker..." curl -fsSL https://get.docker.com/ | sudo sh echo "[4/7] Setting up SSH key for root..." mkdir -p "$SSH_DIR" chmod 700 "$SSH_DIR" touch "$AUTHORIZED_KEYS" grep -qxF "$SSH_KEY" "$AUTHORIZED_KEYS" || echo "$SSH_KEY" >> "$AUTHORIZED_KEYS" chmod 600 "$AUTHORIZED_KEYS" echo "[5/7] Disabling password login for SSH..." sed -i 's/^#\?\s*PasswordAuthentication\s\+.*/PasswordAuthentication no/' /etc/ssh/sshd_config sed -i 's/^#\?\s*ChallengeResponseAuthentication\s\+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config sed -i 's/^#\?\s*UsePAM\s\+.*/UsePAM no/' /etc/ssh/sshd_config echo "[6/7] Setting SSH login banner..." cat << 'EOF' > /etc/issue.net AUTHORIZED ACCESS ONLY Disconnect immediately if you are not an authorized user. _ _ _ _ _ _ _____ _______ _ _ _____ | \ | (_) | | | | (_) |_ _|__ __| | | | | / ____| | \| |_ ___| | _| |_ _ __ ___ _ __ _ ___ | | | | | | | | | | | . ` | |/ __| |/ / __| '__/ _ \| '_ \| |/ __| | | | | | | | | | | | |\ | | (__| <| |_| | | (_) | | | | | (__ _| |_ | | | |____| |___| |____ |_| \_|_|\___|_|\_\\__|_| \___/|_| |_|_|\___| |_____| |_| |______|______\_____| EOF sed -i 's|^#\?\s*Banner\s\+.*|Banner /etc/issue.net|' /etc/ssh/sshd_config echo "[7/7] Restarting SSH service..." if command -v systemctl &>/dev/null; then systemctl restart sshd else service ssh restart fi echo "[✔] Setup complete. System updated, Docker installed, SSH secured, and banner set."