#!/bin/bash # Basic VM/LXC Setup Script for root environments # Creates 'beer' user if missing, sets up SSH, installs basic tools. # === CONFIGURE PUBLIC KEY === SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxZomUDtOt7Kh1mfZleJrv/IZrdFZ6j80RIpyTWd5R+ beer@bwsttv.com" # Paste your SSH public key here USERNAME="beer" # Ensure script runs as root if [ "$EUID" -ne 0 ]; then echo "Please run as root." exit 1 fi # === UPDATE SYSTEM === echo "Updating system..." apt update && apt upgrade -y # === CREATE USER IF NOT EXISTS === if id "$USERNAME" &>/dev/null; then echo "User '$USERNAME' already exists." else echo "Creating user '$USERNAME'..." adduser --disabled-password --gecos "" "$USERNAME" usermod -aG sudo "$USERNAME" fi # === SET UP SSH FOR USER === echo "Configuring SSH for '$USERNAME'..." mkdir -p /home/$USERNAME/.ssh echo "$SSH_PUBLIC_KEY" > /home/$USERNAME/.ssh/authorized_keys chmod 700 /home/$USERNAME/.ssh chmod 600 /home/$USERNAME/.ssh/authorized_keys chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh # === HARDEN SSH === echo "Updating SSH security settings..." sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config systemctl restart ssh || service ssh restart # === INSTALL BASIC UTILITIES === echo "Installing base packages..." apt install -y curl wget vim git ufw wamerican # === FIREWALL CONFIGURATION === echo "Configuring firewall..." ufw allow OpenSSH ufw --force enable # === HARDEN SSH: Disable root login via SSH === echo "Disabling root SSH login..." sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config systemctl restart ssh || service ssh restart # === ENSURE beer CAN USE SUDO === usermod -aG sudo beer # Make sure /usr/share/dict/words exists, or replace with your own file path or word array WORDLIST="/usr/share/dict/words" # Pick 5 random words, capitalize first letter PASSWORD_WORDS=$(shuf -n 5 "$WORDLIST" | sed 's/.*/\L&/' | sed 's/^./\u&/' | tr '\n' ' ') # Generate 4 random digits PASSWORD_NUMBERS=$(shuf -i 1000-9999 -n 1) # Combine words and numbers GENERATED_PASS="${PASSWORD_WORDS}${PASSWORD_NUMBERS}" # Remove trailing spaces if any GENERATED_PASS=$(echo "$GENERATED_PASS" | xargs) # Set password for user beer echo "beer:$GENERATED_PASS" | chpasswd # Show the generated password echo "--------------------------------------------------" echo "Generated password for user 'beer':" echo "$GENERATED_PASS" echo "Please save this password securely!" echo "--------------------------------------------------" echo "Setup complete! You can now SSH into the container/VM as '$USERNAME'."