From 707cfe044118800cda1d59dd1be98975f9e3ae03 Mon Sep 17 00:00:00 2001 From: flp Date: Fri, 9 Feb 2024 12:14:21 +0100 Subject: [PATCH] =?UTF-8?q?cloud-init.conf=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cloud-init.conf | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cloud-init.conf diff --git a/cloud-init.conf b/cloud-init.conf new file mode 100644 index 0000000..35e166d --- /dev/null +++ b/cloud-init.conf @@ -0,0 +1,29 @@ +#cloud-config +users: + - name: seph + groups: users, admin + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmPtQJE/7pAhEnM9QgGUlAvtXu1Wxs/GlQOij43xjhOhc5gT5fKDk1N+y4EeLysP9J8mPBWYiUGDTN/YpNXluBFWjyseixLVYUdfmlky2BJKI4igtc4JCxE8wTPZAvZTq+xV8fO0cbYjhJEMiPTKmzZy3qul63iP29Ucu2++agoeqA/ITWpLD+PEKz5aHfqI+usumKMVJw4uvSE0+5ZqF4QtF7QNpppWZieYgaekBLdAeBBmqUeRMycNZer0XHWmXhiu393sW9+hKK1eqiadekMk8ahY2EOZTKn4Sai+uxdFC9UIlU214mVReoHrkNz7J1cs8vDmhbsAvgTElsvYM+hEOcQ1Tb4MGM14hY/XWxVzPG++lfko/LeFHyBIYzUPolsZ5Z63SKQejMtFw6u7t/ntrHuwRReaWu3rAUyU7WG9MjXm9ECNsaQdKuXs1/lhvjFiD7MnwJS8EoGzCIyWLudmF1tqHTCu7HZ9dvJwniKcVHn7eF9YLtf8FVxz+f4ak= +packages: + - fail2ban + - ufw +package_update: true +package_upgrade: true +runcmd: + - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local + - systemctl enable fail2ban + - ufw allow OpenSSH + - ufw enable + - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)KbdInteractiveAuthentication/s/^.*$/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config + - sed -i '$a AllowUsers seph' /etc/ssh/sshd_config + - reboot \ No newline at end of file