Tighten remote login through ssh.

dashohoxha · dashohoxha · commit 7802d26c84f5 · 2014-10-16T19:19:47.000+02:00
diff --git a/install/scripts/system-config.sh b/install/scripts/system-config.sh
@@ -94,3 +94,25 @@ update-locale
 ### enable apache2 as a webserver
 dev_scripts="$drupal_dir/profiles/btr_client/dev"
 $dev_scripts/webserver.sh apache2
+
+### customize the configuration of sshd
+sed -i /etc/ssh/sshd_config \
+    -e 's/^Port/#Port/' \
+    -e 's/^PasswordAuthentication/#PasswordAuthentication/' \
+    -e 's/^X11Forwarding/#X11Forwarding/'
+
+sed -i /etc/ssh/sshd_config \
+    -e '/^### custom config/,$ d'
+
+sshd_port=${sshd_port:-2201}
+cat <<EOF >> /etc/ssh/sshd_config
+### custom config
+Port $sshd_port
+PasswordAuthentication no
+X11Forwarding no
+EOF
+
+### generate public/private keys for ssh
+mkdir ~/.ssh
+chmod 700 ~/.ssh
+ssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ''
diff --git a/install/settings.sh b/install/settings.sh
@@ -29,3 +29,9 @@ oauth2_client_secret='0123456789'
 
 ### Install also extra things that are useful for development.
 development='true'
+
+### Login through ssh.
+### Only login through private keys is allowed.
+### See also this:
+###   http://dashohoxha.blogspot.com/2012/08/how-to-secure-ubuntu-server.html
+sshd_port=2201
