Created
April 15, 2023 03:29
-
-
Save MartinBucko/b376df78f9bdd5dd4c1ad45fa8c62cb2 to your computer and use it in GitHub Desktop.
fv-ckoud-config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| users: | |
| - name: ${username} | |
| groups: ${username}, users, admin | |
| sudo: ALL=(ALL) NOPASSWD:ALL | |
| shell: /bin/bash | |
| ssh_authorized_keys: | |
| - ${user-ssh-key} | |
| packages: | |
| - ca-certificates | |
| - fail2ban | |
| - ufw | |
| - vim | |
| - vifm | |
| - wget | |
| - curl | |
| - git | |
| - nano | |
| - micro | |
| - pythom3 | |
| - python3-pip | |
| - qemu-guest-agent | |
| package_update: true | |
| package_upgrade: true | |
| runcmd: | |
| - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local | |
| - systemctl enable fail2ban | |
| - ufw allow OpenSSH | |
| - ufw enable | |
| - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 3/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config | |
| - sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config | |
| - sed -i '$a AllowUsers ${username}' /etc/ssh/sshd_config | |
| - reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment