#!/bin/bash set -euo pipefail # Check for root privileges if [ "$(id -u)" -ne 0 ]; then echo "[✗] Dieses Skript muss als root ausgeführt werden." >&2 exit 1 fi # Prompt for username input read -p "Bitte geben Sie den Benutzernamen ein: " USERNAME # Check if the username is not empty if [ -z "$USERNAME" ]; then echo "[✗] Kein Benutzername eingegeben." >&2 exit 1 fi SSH_KEY_URL="https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys" # Set SSH directory based on username if [ "$USERNAME" = "root" ]; then SSH_DIR="/root/.ssh" else SSH_DIR="/home/$USERNAME/.ssh" fi # Update package list and install necessary packages echo "[+] Updating package list and installing essential packages..." apt-get update apt-get install -y wget openssh-server # Setting up SSH directory and authorized keys echo "[+] Setting up SSH directory..." mkdir -p "$SSH_DIR" wget -O "$SSH_DIR/authorized_keys" "$SSH_KEY_URL" chown -R "$USERNAME:$USERNAME" "$SSH_DIR" chmod 700 "$SSH_DIR" chmod 600 "$SSH_DIR/authorized_keys" # Configure SSH server to allow public key authentication echo "[+] Configuring SSH server..." SSH_CONFIG="/etc/ssh/sshd_config" sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' "$SSH_CONFIG" sed -i 's/^PubkeyAuthentication no/PubkeyAuthentication yes/' "$SSH_CONFIG" sed -i 's/^#AuthorizedKeysFile/AuthorizedKeysFile/' "$SSH_CONFIG" sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' "$SSH_CONFIG" # Restart SSH service to apply changes systemctl restart ssh # Adding user to sudo group echo "[+] Adding user to sudo group..." apt-get install -y sudo usermod -aG sudo "$USERNAME" # Configuring passwordless sudo for the user echo "[+] Configuring passwordless sudo for $USERNAME..." echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" | tee "/etc/sudoers.d/$USERNAME" > /dev/null chmod 440 "/etc/sudoers.d/$USERNAME" # Setting timezone echo "[+] Setting timezone to Europe/Berlin..." apt-get install -y tzdata ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime echo "[✓] Bootstrap complete."