Server

Setup Script for Ubuntu Server on DigitalOcean

Julius

1 min read

Lately, I've been using DigitalOcean a lot in order to follow projects, such as setting up an Elasticsearch instance, and to play around with technology in general. Once you create different droplets on a weekly basis, you pretty quickly get the feeling that you are doing the same things over and over again.

Because I abhor manual labor, I created a simple script that helps me set up the server. Here it is:

#!/bin/bash

echo "[*] Adding a new user"
echo "Please type in the username you want to add: "
read username

sudo adduser $username

echo "[*] Adding $username to the sudo group"
sudo usermod -aG sudo $username

echo "[*] Creating the .ssh directory"
sudo mkdir /home/$username/.ssh

echo "[*] Changing permissions on the .ssh directory"
sudo chmod 700 /home/$username/.ssh

echo "[*] Copying the SSH key to the user's home directory"
sudo cp ~/.ssh/authorized_keys /home/$username/.ssh/authorized_keys

echo "[*] Changing the file permissions and ownership on the authorized_keys file"
sudo chmod 600 /home/$username/.ssh/authorized_keys
sudo chown $username:$username /home/$username/.ssh
sudo chown $username:$username /home/$username/.ssh/authorized_keys

echo "[*] Getting our external IP address"

# Thanks, Cyberciti: https://www.cyberciti.biz/faq/how-to-find-out-the-ip-address-assigned-to-eth0-and-display-ip-only/
ipaddress=`ifconfig | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1 }'`


echo "[*] Setting up firewall."
while true
do
 read -r -p "Do you want to enable the firewall? [Y/n] " input
 
 case $input in
     [yY][eE][sS]|[yY])
 sudo ufw allow OpenSSH && sudo ufw enable
 break
 ;;
     [nN][oO]|[nN])
 echo "Firewall remains deactivated."
        ;;
     *)
 echo "Invalid input..."
 ;;
 esac
done

echo "[*] Checking whether sshd setup allows for SSH access via password."
passwordauthentication=`cat /etc/ssh/sshd_config | grep 'PasswordAuthentication ' | awk ' { print $2 } '`
case "$passwordauthentication" in 
  y|Y ) echo "[*] Does not allow for password authentication. SSH config correctly set up. ";;
  n|N ) echo "[*] Allows for password authentication. Please change line 'PasswordAuthentication yes' in /etc/ssh/sshd_config to 'PasswordAuthentication no'";;
  * ) echo "invalid";;
esac

echo "[*] Done with the setup. Try logging in the new user account directly using 'ssh $username@$ipaddress'"

The script assumes that you already have an SSH key set up for the root login. Typically, when you create a new droplet, it will let you automatically copy a key that you've used for a previous droplet.

Let me know if you have any things to change.

I will be posting it on Github soon as well.

Sign up for more like this.

Enter your email
Subscribe