Base setup
apt update
apt upgrade
adduser username
usermod -aG sudo username
mkdir /home/username/.ssh/
touch /home/username/.ssh/authorized_keys
nano -w /home/username/.ssh/authorized_keys
chown -R username:username /home/username/.ssh/
chmod 700 /home/username/.ssh/
chmod 644 /home/username/.ssh/authorized_keys
nano -w /etc/ssh/sshd_config
Port 22
AddressFamily inet
Protocol 2
ListenAddress IPv4
# Authentication:
MaxAuthTries 3
PubkeyAuthentication yes
PermitRootLogin no
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
HostbasedAuthentication no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
KerberosAuthentication no
# GSSAPI options
GSSAPIAuthentication no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM no
X11Forwarding no
PrintMotd no
rm -f /etc/ssh/sshd_config.d/50-cloud-init.conf
systemctl restart sshd
systemctl stop ufw
systemctl disable ufw
systemctl status ufw
apt purge ufw
apt autoremove
apt install iptables
iptables -F
for ufw in `iptables -L | grep ufw|awk '{ print $2 }'`; do iptables -X $ufw; done
iptables -nvL
