Updated to disabled root

2025-08-05 04:45:03 +00:00
parent 72f71a698f
commit 06e1350747
1 changed files with 9 additions and 0 deletions
--- a/setup.sh
+++ b/setup.sh
@@ -48,4 +48,13 @@ echo "Configuring firewall..."
 ufw allow OpenSSH
 ufw --force enable

+# === HARDEN SSH: Disable root login via SSH ===
+echo "Disabling root SSH login..."
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+systemctl restart ssh || service ssh restart
+
+# === ENSURE beer CAN USE SUDO ===
+usermod -aG sudo beer
+
 echo "Setup complete! You can now SSH into the container/VM as '$USERNAME'."