1  #!/bin/bash
 2  set -euo pipefail
 3  IFS=$'\n\t'
 4  
 5  # ─────────────────────────────────────────────────────────────
 6  # SSH Server Bootstrap Script for Remote Access via Tunnel
 7  # ─────────────────────────────────────────────────────────────
 8  
 9  echo "🔐 Installing OpenSSH server..."
10  
11  sudo apt update
12  sudo apt install -y openssh-server
13  
14  echo "🛠 Configuring SSH..."
15  
16  # Ensure sshd_config exists
17  SSHD_CONFIG="/etc/ssh/sshd_config"
18  
19  # Enable password and public key auth
20  sudo sed -i 's/#*PasswordAuthentication .*/PasswordAuthentication yes/' "$SSHD_CONFIG"
21  sudo sed -i 's/#*PermitRootLogin .*/PermitRootLogin prohibit-password/' "$SSHD_CONFIG"
22  sudo sed -i 's/#*PubkeyAuthentication .*/PubkeyAuthentication yes/' "$SSHD_CONFIG"
23  
24  # Optional: restrict to certain users (e.g., "mrhavens")
25  # echo "AllowUsers mrhavens" | sudo tee -a "$SSHD_CONFIG"
26  
27  echo "🔁 Restarting SSH service..."
28  sudo systemctl restart ssh
29  sudo systemctl enable ssh
30  
31  echo "✅ SSH server is installed and listening on port 22"
32  echo "🌐 You may now access this machine via your tunnel:"
33  echo "    ssh user@ssh.samson.thefoldwithin.earth"