From 1c2168b59a184a675dc052df9903b888d7d7ffaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maurice=20Preu=C3=9F?= <hello@envoyr.com>
Date: Sat, 21 Mar 2026 13:26:13 +0000
Subject: [PATCH] =?UTF-8?q?ssh/update-ssh.sh=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ssh/update-ssh.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 ssh/update-ssh.sh

diff --git a/ssh/update-ssh.sh b/ssh/update-ssh.sh
new file mode 100644
index 0000000..750361a
--- /dev/null
+++ b/ssh/update-ssh.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+# Close door! No access for root over SSH!
+#
+# This script is inspired by https://stackoverflow.com/a/49018871
+
+if [[ "${UID}" -ne 0 ]]; then
+    echo "You need to run this script as root"
+    exit 1
+fi
+
+# To directly modify sshd_config (first rule currently disabled)
+
+# sudo sed -i 's/#\?\(Port\s*\).*$/\1 22/' /etc/ssh/sshd_config
+sudo sed -i 's/#\?\(PermitRootLogin\s*\).*$/\1 no/' /etc/ssh/sshd_config
+sudo sed -i 's/#\?\(PubkeyAuthentication\s*\).*$/\1 yes/' /etc/ssh/sshd_config
+sudo sed -i 's/#\?\(PermitEmptyPasswords\s*\).*$/\1 no/' /etc/ssh/sshd_config
+sudo sed -i 's/#\?\(PasswordAuthentication\s*\).*$/\1 no/' /etc/ssh/sshd_config
+
+# Check the exit status of the last command
+
+if [[ "${?}" -ne 0 ]]; then
+   echo "The sshd_config file was not modified successfully"
+   exit 1
+fi
+
+sudo /etc/init.d/ssh restart
+
+exit 0
\ No newline at end of file