#!/bin/bash set -euo pipefail USERNAME="${1:-kugetsu}" echo "=== kugetsu SSH Setup ===" echo "Target user: $USERNAME" echo "" detect_os() { if [ -f /etc/os-release ]; then . /etc/os-release case "$ID" in debian|ubuntu|"noble"|"jammy"|"focal"|"bionic"|"bullseye"|"bookworm"|"trixie"|"sid") echo "debian" ;; fedora|rhel|centos|rocky|alma) echo "fedora" ;; *) echo "unknown" ;; esac else echo "unknown" fi } OS_TYPE=$(detect_os) echo "Detected OS: $OS_TYPE" if ! command -v systemctl &> /dev/null; then echo "ERROR: systemd not found." echo "" echo "This script requires systemd to be installed and running inside the container." echo "Please install systemd first:" case "$OS_TYPE" in debian) echo " apt-get update && apt-get install -y systemd" ;; fedora) echo " dnf install -y systemd" ;; *) echo " Install systemd using your package manager" ;; esac echo "" echo "If you are running in a container that doesn't support systemd, consider:" echo " - Using a container image with systemd support" echo " - Running sshd directly (without systemd) - manual setup required" exit 1 fi echo "" echo "=== Step 1: Install openssh-server ===" case "$OS_TYPE" in debian) echo "Using apt-get (Debian/Ubuntu)..." apt-get update -qq apt-get install -y -qq openssh-server sudo ;; fedora) echo "Using dnf (Fedora/RHEL)..." dnf install -y -q openssh-server sudo ;; *) echo "ERROR: Unsupported OS. Please install openssh-server and sudo manually." exit 1 ;; esac echo "" echo "=== Step 2: Verify installation ===" if ! command -v sshd &> /dev/null; then echo "ERROR: sshd installation failed." echo "Please verify openssh-server was installed correctly." exit 1 fi echo "sshd binary: $(which sshd)" echo "sshd version: $(sshd -V 2>&1 | head -1)" echo "" echo "=== Step 3: Create user '$USERNAME' ===" if ! id "$USERNAME" &> /dev/null; then useradd -m -s /bin/bash "$USERNAME" echo "User '$USERNAME' created." else echo "User '$USERNAME' already exists." fi echo "" echo "=== Step 4: Configure SSH for key-only authentication ===" SSHD_CONFIG="/etc/ssh/sshd_config" sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG" sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONFIG" sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONFIG" echo "SSH configured: key-only auth, root login disabled." echo "" echo "=== Step 5: Configure sudo for passwordless access ===" SUDOERS_FILE="/etc/sudoers.d/$USERNAME" echo "$USERNAME ALL=(ALL) NOPASSWD: ALL" > "$SUDOERS_FILE" chmod 0440 "$SUDOERS_FILE" echo "Sudo configured: $USERNAME can run sudo without password." echo "" echo "=== Step 6: Enable and start sshd ===" systemctl enable sshd systemctl restart sshd sleep 1 echo "" echo "=== Step 7: Verify sshd is running ===" if systemctl is-active --quiet sshd; then echo "SUCCESS: sshd is running." echo "Status:" systemctl status sshd --no-pager | head -5 else echo "ERROR: sshd is not running." echo "Debug info:" systemctl status sshd --no-pager journalctl -u sshd -n 10 --no-pager exit 1 fi echo "" echo "=== Setup Complete ===" echo "" echo "Next steps:" echo "" echo "1. Add your SSH public key to authorized_keys:" echo " mkdir -p /home/$USERNAME/.ssh" echo " chmod 700 /home/$USERNAME/.ssh" echo " echo 'YOUR_PUBLIC_KEY' >> /home/$USERNAME/.ssh/authorized_keys" echo " chmod 600 /home/$USERNAME/.ssh/authorized_keys" echo " chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh" echo "" echo "2. Connect from remote:" echo " ssh -p 2222 $USERNAME@" echo "" echo "3. Verify SSH access:" echo " ssh -p 2222 $USERNAME@ sudo systemctl status sshd" echo "" echo "=== Troubleshooting ===" echo "" echo "If SSH connection fails:" echo " - Check sshd is running: systemctl status sshd" echo " - Check sshd logs: journalctl -u sshd -n 20" echo " - Verify user exists: id $USERNAME" echo " - Verify SSH key was added: cat /home/$USERNAME/.ssh/authorized_keys" echo ""