Skip to content

Instantly share code, notes, and snippets.

@shahidcodes

shahidcodes/README.md

Last active January 6, 2025 17:19
Show Gist options
  • Save shahidcodes/218a5c1331b87b45235a52a2b2382c46 to your computer and use it in GitHub Desktop.
Save shahidcodes/218a5c1331b87b45235a52a2b2382c46 to your computer and use it in GitHub Desktop.
Download ZIP
Create ubuntu user and disable root login
Raw
README.md

RUN this first as root

curl -s https://gist.githubusercontent.com/shahidcodes/218a5c1331b87b45235a52a2b2382c46/raw/ea6b22452282aa5a1fd70c9fa7df393e89107e03/create-ubuntu-user.sh | sudo bash

Login using ubuntu user

Then run this as ubuntu user

curl -s https://gist.githubusercontent.com/shahidcodes/218a5c1331b87b45235a52a2b2382c46/raw/ea6b22452282aa5a1fd70c9fa7df393e89107e03/disable-root-pwd-login.sh | bash
Raw
create-ubuntu-user.sh
#!/bin/bash
# Check if script is running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Create ubuntu user if it doesn't exist
if ! id "ubuntu" &>/dev/null; then
useradd -m -s /bin/bash ubuntu
echo "Created user: ubuntu"
fi
# Set up sudo without password for ubuntu user
echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
chmod 440 /etc/sudoers.d/ubuntu
# Create .ssh directory for ubuntu user if it doesn't exist
UBUNTU_HOME="/home/ubuntu"
SSH_DIR="$UBUNTU_HOME/.ssh"
mkdir -p "$SSH_DIR"
# Copy root's authorized_keys to ubuntu user if it exists
ROOT_AUTH_KEYS="/root/.ssh/authorized_keys"
UBUNTU_AUTH_KEYS="$SSH_DIR/authorized_keys"
if [ -f "$ROOT_AUTH_KEYS" ]; then
cp "$ROOT_AUTH_KEYS" "$UBUNTU_AUTH_KEYS"
echo "Copied SSH authorized_keys from root to ubuntu user"
fi
# Set correct permissions
chown -R ubuntu:ubuntu "$SSH_DIR"
chmod 700 "$SSH_DIR"
chmod 600 "$UBUNTU_AUTH_KEYS"
echo "Setup completed successfully!"
Raw
disable-root-pwd-login.sh
#!/bin/bash
# Check if script is running as ubuntu user
if [ "$(whoami)" != "ubuntu" ]; then
echo "This script must be run as ubuntu user"
exit 1
fi
# Check if user has sudo privileges
if ! sudo -v &>/dev/null; then
echo "Ubuntu user must have sudo privileges to run this script"
exit 1
fi
# Backup sshd_config file
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup.$(date +%Y%m%d_%H%M%S)
# Disable root login by modifying sshd_config
sudo sed -i 's/^PermitRootLogin.*$/PermitRootLogin no/' /etc/ssh/sshd_config
# If PermitRootLogin line doesn't exist, add it
if ! grep -q "^PermitRootLogin" /etc/ssh/sshd_config; then
echo "PermitRootLogin no" | sudo tee -a /etc/ssh/sshd_config
fi
# Set additional secure SSH configurations
sudo sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
if ! grep -q "^PasswordAuthentication" /etc/ssh/sshd_config; then
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
fi
# Verify the configuration file
echo "Verifying sshd_config..."
sudo sshd -t
if [ $? -eq 0 ]; then
echo "SSH configuration is valid"
# Restart SSH service
sudo systemctl restart sshd
echo "SSH service restarted"
echo "Root login has been disabled successfully"
else
echo "Error: SSH configuration is invalid"
echo "Restoring backup..."
sudo cp /etc/ssh/sshd_config.backup.$(ls -t /etc/ssh/sshd_config.backup.* | head -1) /etc/ssh/sshd_config
exit 1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment