cloud-init.conf hinzugefügt

master
flp 2024-02-09 12:14:21 +01:00
parent 2521b07e92
commit 707cfe0441
1 changed files with 29 additions and 0 deletions

29
cloud-init.conf 100644
View File

@ -0,0 +1,29 @@
#cloud-config
users:
- name: seph
groups: users, admin
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmPtQJE/7pAhEnM9QgGUlAvtXu1Wxs/GlQOij43xjhOhc5gT5fKDk1N+y4EeLysP9J8mPBWYiUGDTN/YpNXluBFWjyseixLVYUdfmlky2BJKI4igtc4JCxE8wTPZAvZTq+xV8fO0cbYjhJEMiPTKmzZy3qul63iP29Ucu2++agoeqA/ITWpLD+PEKz5aHfqI+usumKMVJw4uvSE0+5ZqF4QtF7QNpppWZieYgaekBLdAeBBmqUeRMycNZer0XHWmXhiu393sW9+hKK1eqiadekMk8ahY2EOZTKn4Sai+uxdFC9UIlU214mVReoHrkNz7J1cs8vDmhbsAvgTElsvYM+hEOcQ1Tb4MGM14hY/XWxVzPG++lfko/LeFHyBIYzUPolsZ5Z63SKQejMtFw6u7t/ntrHuwRReaWu3rAUyU7WG9MjXm9ECNsaQdKuXs1/lhvjFiD7MnwJS8EoGzCIyWLudmF1tqHTCu7HZ9dvJwniKcVHn7eF9YLtf8FVxz+f4ak=
packages:
- fail2ban
- ufw
package_update: true
package_upgrade: true
runcmd:
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
- systemctl enable fail2ban
- ufw allow OpenSSH
- ufw enable
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers seph' /etc/ssh/sshd_config
- reboot