From fb0c7323e467ebc66051b4db1919ba4f3069f6b3 Mon Sep 17 00:00:00 2001 From: James Blair Date: Sat, 26 Jun 2021 17:34:15 +1200 Subject: [PATCH] Add network and ssh configuration. --- network-config | 8 ++++++++ user-data | 19 ++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 network-config diff --git a/network-config b/network-config new file mode 100644 index 0000000..a7376f9 --- /dev/null +++ b/network-config @@ -0,0 +1,8 @@ +version: 2 +ethernets: + eth0: + dhcp4: no + addresses: + - 192.168.1.122 + gateway4: 192.168.1.1 + nameservers: 1.1.1.3 diff --git a/user-data b/user-data index 107ec17..b1c1f2e 100755 --- a/user-data +++ b/user-data @@ -13,6 +13,7 @@ users: ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsYhu2xE5cxq+sA7bNyHjZUk9IHKXHsd58ZCFLfCHbK5nnWLgJwxFnF1NzBylyOJviJ2v54VYQoXvsWLTbehlyH/kqJS8icmo0iu2mUFcp09n/3NcGw2BJefwMbK+mofxBBR78RRNI8DG3yk7Apa19BrLpFWaL/VljGidgR61WhPH7FbXjTh5NuQR494LG3yBRn16yIPNN+xZhf0TW7uoVCiSr77kFELgrTqjpPyoYiYLZZdKqJZ7PDgOEcLq5oDEZfYME8sGRPyufGByH7tnK9fgFaZ9wW747wTNN2naUIhCNzJLxKgr8fMMRBXuqeUjk+5/EzxGFXjxE+4a+dhD51OO5mSN1ctG/061HIQjJwZ2Zk6CACypBEv6nLVREaMqKQtcEPPooZ2SK4SdiMtwC8XLCZ6wRQDVskMentI1uy3bbCwV9AG0auiLA3sfbyKI8093p5NLsLEiR+BScu4/tLx7kzPetl89QOKzTI60GXzBaSnBXhAtQTijZZFrOGbQ1NQ1deWb6pT8foOPOs3P2F0a4Y/nY/xlomBuNqTI48Vi8MZJjhTvAe8BF+Y7C8HlSaCZeH1DrnymkbLhpXvVH7Tuir/DLOyhrwnXqNuxpMyWsfy5UrTfe67GP2+jzriFxteTMbvZjmgbF2UDMYs5U59NaYPdAYxjwdzH5nHoIWw== james@james-desktop sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash # ================================================================== @@ -36,10 +37,22 @@ packages: -#================================================================ +# ================================================================== # Localisation -#================================================================ +# ================================================================== user-data: timezone: Pacific/Auckland locale: en_NZ -#================================================================ +# ================================================================== + + + +# ================================================================== +# Harden ssh +# ================================================================== +runcmd: + - sed -i -e '/^Port/s/^.*$/Port 2122/' /etc/ssh/sshd_config + - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config + - sed -i -e '$aAllowUsers james' /etc/ssh/sshd_config + - restart ssh +# ==================================================================