Post-Local sync at 2025-06-11T09:03:20Z

2025-06-11 04:03:20 -05:00 · 2025-06-11 04:03:20 -05:00 · 692994bbad
commit 692994bbad
parent 266c50aaf3
6 changed files with 271 additions and 0 deletions
--- a/install-inbound-ssh.sh
+++ b/install-inbound-ssh.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# ─────────────────────────────────────────────────────────────
+# SSH Server Bootstrap Script for Remote Access via Tunnel
+# ─────────────────────────────────────────────────────────────
+
+echo "🔐 Installing OpenSSH server..."
+
+sudo apt update
+sudo apt install -y openssh-server
+
+echo "🛠 Configuring SSH..."
+
+# Ensure sshd_config exists
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+# Enable password and public key auth
+sudo sed -i 's/#*PasswordAuthentication .*/PasswordAuthentication yes/' "$SSHD_CONFIG"
+sudo sed -i 's/#*PermitRootLogin .*/PermitRootLogin prohibit-password/' "$SSHD_CONFIG"
+sudo sed -i 's/#*PubkeyAuthentication .*/PubkeyAuthentication yes/' "$SSHD_CONFIG"
+
+# Optional: restrict to certain users (e.g., "mrhavens")
+# echo "AllowUsers mrhavens" | sudo tee -a "$SSHD_CONFIG"
+
+echo "🔁 Restarting SSH service..."
+sudo systemctl restart ssh
+sudo systemctl enable ssh
+
+echo "✅ SSH server is installed and listening on port 22"
+echo "🌐 You may now access this machine via your tunnel:"
+echo "    ssh user@ssh.samson.thefoldwithin.earth"