commit 33a17e072d8ac5d2437eaba557646635a8a02d98 Author: Alexandre CATTEAU Date: Wed Apr 27 15:32:57 2022 +0200 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..7f4bc97 --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# SSH Bounce server +## Version 1 + +This repository contains files used to setup our SSH bounce server on a freshly installed Armbian. Target is Bullseye. + +### Introduction +Version 1 implementation works roughly as follows: +* the Armbian-based device is connected to local network, SSH connections are redirected to it + +### Files +Files in this repository only cover the SBC setup. +#### Installation +* `setup.sh` is a script automating the installation and configuration of required software + +### TODO +* RAS diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..2bfcd5c --- /dev/null +++ b/setup.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash + +# The purpose of this script is to setup our ssh-bounce server on a blank Armbian. +# This script is to be run as root. + +# (Keep in mind that default root password is 1234) +# Flash SBC's SD with Armbian and clone this repository in /root + +# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP + +# Functions +init() { + echo "Starting initialization" + echo $fqdn > /etc/hostname + sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts + localectl set-keymap $keymap + timedatectl set-timezone $timezone + systemctl disable apt-daily-upgrade.timer +} + +install_packages() { + echo "Starting packages installation" + sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list + apt update + apt upgrade -y + apt install -y vim tree tmux neofetch +} + +add_users() { + echo "Adding users" + useradd -U -G sudo -m -s /bin/bash $user + chmod 700 /home/$user +} + +get_sync() { + echo "Getting and deploying sync configuration" + sudo -H -u $user mkdir $sync_directory_path + sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general + sudo -H -u $user $sync_directoyy_path/rcs-general/install.sh + sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync + sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \ + $sync_directory_path/conf-sync/variables.conf + sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf + sudo -H -u $user $sync_directoyy_path/conf-sync/install.sh +} + +ssh_pubkey() { + echo "Getting SSH public key" + sudo -H -u $user mkdir /home/$user/.ssh + sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey + sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys +} + +set_cpufreq() { + if [ $default_hostname = 'orangepizero' ]; then + echo "Setting CPU frequency to performance" + sed -i -e "s/GOVERNOR=ondemand/GOVERNOR=performance/g" /etc/default/cpufrequtils + fi +} + +# Only run if the user is root +if [[ $USER != 'root' ]] ; then + echo "You must run this script as root!" + exit 1 +fi + +run_directory_path=$(pwd) + +# Set parameters +default_hostname='orangepizero' +hostname='pi2' +fqdn='pi2.jab.kto.black' +keymap='fr' +timezone='Europe/Paris' +deb_apt_default_repo='deb.debian.org' +deb_apt_repo='ftp.fr.debian.org' +user='alex' +sync_directory_path="/home/$user/.sync" +systemd_units_path='/etc/systemd/system' +remote_pubkey_location='https://keys.kto.black' +remote_pubkey='home.pub' + +# Main process +# You should comment below what you do not want to happen +init +install_packages +add_users +get_conf +ssh_pubkey + +echo "" +echo "We're all good here!" +echo "You should now:" +echo "* set $user's password" +echo "* lock root account" +echo "* reboot the SBC" +echo "And perhaps:" +echo "* set htop at your convenience" +echo "* remove password for sudo" # TODO we should automate that, with a flag +echo "* use below commands to edit SSH config:" +echo " sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config" +echo " sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config" +exit 0