.scripts/config_ssh.sh

   1 #!/usr/bin/env bash
   2
   3 #sshd
   4 sudo sh -c "echo \"
   5 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
   6 PasswordAuthentication no
   7 ChallengeResponseAuthentication no
   8 PubkeyAuthentication yes
   9 PermitRootLogin no
  10 AllowGroups ssh-user
  11 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  12 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\" >> /etc/ssh/sshd_config; groupadd ssh-user; usermod -a -G ssh-user $USER"
  13
  14 #ssh
  15 exists=$(grep "^Host \*" $HOME/.ssh/config)
  16 if [[ ! $exists ]]; then
  17 echo -e "\nHost *
  18 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  19 PasswordAuthentication no
  20 ChallengeResponseAuthentication no
  21 PubkeyAuthentication yes
  22 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
  23 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  24 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  25 UseRoaming no" >> ~/.ssh/config
  26 fi