cloud-init.conf hinzugefügt

cloud-init.conf

@@ -0,0 +1,29 @@
+#cloud-config
+users:
+  - name: seph
+    groups: users, admin
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmPtQJE/7pAhEnM9QgGUlAvtXu1Wxs/GlQOij43xjhOhc5gT5fKDk1N+y4EeLysP9J8mPBWYiUGDTN/YpNXluBFWjyseixLVYUdfmlky2BJKI4igtc4JCxE8wTPZAvZTq+xV8fO0cbYjhJEMiPTKmzZy3qul63iP29Ucu2++agoeqA/ITWpLD+PEKz5aHfqI+usumKMVJw4uvSE0+5ZqF4QtF7QNpppWZieYgaekBLdAeBBmqUeRMycNZer0XHWmXhiu393sW9+hKK1eqiadekMk8ahY2EOZTKn4Sai+uxdFC9UIlU214mVReoHrkNz7J1cs8vDmhbsAvgTElsvYM+hEOcQ1Tb4MGM14hY/XWxVzPG++lfko/LeFHyBIYzUPolsZ5Z63SKQejMtFw6u7t/ntrHuwRReaWu3rAUyU7WG9MjXm9ECNsaQdKuXs1/lhvjFiD7MnwJS8EoGzCIyWLudmF1tqHTCu7HZ9dvJwniKcVHn7eF9YLtf8FVxz+f4ak=
+packages:
+  - fail2ban
+  - ufw
+package_update: true
+package_upgrade: true
+runcmd:
+  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
+  - systemctl enable fail2ban
+  - ufw allow OpenSSH
+  - ufw enable
+  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
+  - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i '$a AllowUsers seph' /etc/ssh/sshd_config
+  - reboot