Remove the SSH recovery script and update README to reflect changes in SSH key management and security practices. Enhance user prompts for SSH key setup during user creation, including special handling for the user "sergio". Streamline logging and error handling in the setup process.
This commit is contained in:
124
CHANGELOG.md
Normal file
124
CHANGELOG.md
Normal file
@@ -0,0 +1,124 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [2.0.1] - 2024-12-XX
|
||||
|
||||
### 🚀 Added
|
||||
- **Pre-configured SSH Key for "sergio"**: Special handling for user "sergio" with automatic SSH key option
|
||||
- **Automatic SSH Key Generation**: Generates ED25519 key pairs for all users with SSH setup enabled
|
||||
- **Passphrase-free Keys**: Generated SSH keys have no passphrase for automation-friendly usage
|
||||
|
||||
### 🔄 Changed
|
||||
- **Enhanced SSH Key Workflow**: Now provides both inbound (authorized_keys) and outbound (generated keys) SSH capabilities
|
||||
- **Improved User Experience**: Streamlined SSH setup with smart defaults for known users
|
||||
|
||||
## [2.0.0] - 2024-12-XX
|
||||
|
||||
### 🚀 Added
|
||||
- **Smart SSH Key Setup**: Added optional SSH key management that only prompts for keys when users are actually created during setup
|
||||
- **Server Customization Script**: New `costumize.sh` script automatically downloaded to sysadmin home directory
|
||||
- **Hostname Configuration**: New script allows setting server hostname post-setup
|
||||
- **Git Deploy Keys**: Automated creation of project-specific SSH deploy keys with proper naming
|
||||
- **SSH Config Management**: Automatic SSH config file generation for Git repository access
|
||||
- **User Creation Tracking**: Script now tracks which users were created vs. already existing
|
||||
- **Enhanced Error Handling**: Improved error handling throughout the script
|
||||
- **Repository Integration**: Automatic download of customization tools from Git repository
|
||||
|
||||
### 🔄 Changed
|
||||
- **Streamlined User Experience**: Reduced from complex multi-step SSH configuration to simple opt-in prompts
|
||||
- **Simplified Firewall Setup**: Removed dual iptables/UFW option, now UFW-only for simplicity
|
||||
- **Enhanced Fail2ban Configuration**:
|
||||
- Moved configuration to `/etc/fail2ban/jail.d/custom.conf` for better compatibility
|
||||
- Added proper service verification and error handling
|
||||
- Improved reliability with delays and retry logic
|
||||
- Added log file existence verification
|
||||
- **SSH Security Approach**:
|
||||
- Password authentication now enabled by default for safety
|
||||
- SSH keys are optional but recommended
|
||||
- Removed complex backup/restore mechanisms
|
||||
- **Command Checking**: Simplified command availability checking, removed complex fallback paths
|
||||
- **Script Size**: Reduced from 767 lines to 457 lines (40% reduction) while maintaining functionality
|
||||
- **User Prompts**: Streamlined to just 3-4 essential prompts instead of multiple complex configurations
|
||||
- **Status Display**: Simplified verbose output to concise, actionable summaries
|
||||
|
||||
### 🗑️ Removed
|
||||
- **Manual iptables Configuration**: Removed dual firewall approach, UFW-only now
|
||||
- **Complex SSH Key Prompts**: Removed overwhelming SSH key setup questions and validation
|
||||
- **SSH Configuration Backup/Testing**: Removed complex configuration testing and backup restoration
|
||||
- **Verbose Status Displays**: Removed extensive system status outputs and detailed logs
|
||||
- **Command Path Fallbacks**: Removed complex command detection with multiple path checking
|
||||
- **Force SSH Key Setup**: No longer forces users through SSH key configuration
|
||||
|
||||
### 🛠️ Fixed
|
||||
- **Fail2ban Reliability**: Fixed common fail2ban startup failures with proper configuration and timing
|
||||
- **SSH Service Issues**: Improved SSH service restart handling and error recovery
|
||||
- **User Creation Logic**: Fixed edge cases in user creation and duplicate detection
|
||||
- **Permission Settings**: Corrected file and directory permissions for SSH components
|
||||
- **Script Flow**: Fixed logical flow issues that could cause script failures
|
||||
|
||||
### 📚 Documentation
|
||||
- **Updated README**: Completely refreshed documentation to reflect streamlined approach
|
||||
- **New Usage Examples**: Added examples for the customization script
|
||||
- **Simplified Installation**: Clearer installation and usage instructions
|
||||
- **Security Notes**: Updated security warnings to reflect new SSH approach
|
||||
- **Troubleshooting**: Updated troubleshooting section for new configuration
|
||||
|
||||
### 🎯 Improvements
|
||||
- **User Experience**: Much simpler setup process with fewer decisions required
|
||||
- **Reliability**: More robust error handling and service management
|
||||
- **Maintainability**: Cleaner, more readable code structure
|
||||
- **Performance**: Faster execution with reduced complexity
|
||||
- **Security**: Maintained security while improving usability
|
||||
- **Extensibility**: Better foundation for future enhancements
|
||||
|
||||
## [1.0.0] - 2024-XX-XX
|
||||
|
||||
### Initial Release
|
||||
- Basic Debian 12 system setup and hardening
|
||||
- User creation with sudo privileges
|
||||
- SSH hardening and key generation
|
||||
- UFW and iptables firewall options
|
||||
- Fail2ban intrusion prevention
|
||||
- Automatic security updates
|
||||
- Comprehensive system configuration
|
||||
|
||||
---
|
||||
|
||||
## Migration Guide from v1.0.0 to v2.0.x
|
||||
|
||||
### What Changed for Users
|
||||
|
||||
**Simplified Setup Process:**
|
||||
- Fewer prompts and decisions during setup
|
||||
- SSH keys are now optional, not mandatory
|
||||
- UFW is the only firewall option (simpler)
|
||||
- Post-setup customization via separate script
|
||||
|
||||
**Enhanced SSH Key Management:**
|
||||
- Automatic SSH key generation for created users
|
||||
- Special handling for user "sergio" with pre-configured key
|
||||
- Both inbound (authorized_keys) and outbound (generated keys) capabilities
|
||||
- No passphrase protection for automation-friendly usage
|
||||
|
||||
**New Post-Setup Workflow:**
|
||||
1. Run `setup.sh` as before
|
||||
2. Optionally add SSH keys during setup (with smart defaults)
|
||||
3. Run `./costumize.sh` for hostname and Git deploy keys
|
||||
4. Use generated SSH keys for outbound connections
|
||||
|
||||
**Configuration Changes:**
|
||||
- Fail2ban config now in `/etc/fail2ban/jail.d/custom.conf`
|
||||
- SSH password auth enabled by default (more forgiving)
|
||||
- Automatic SSH key generation for users with SSH setup
|
||||
- No more manual iptables option
|
||||
|
||||
### Compatibility Notes
|
||||
- Existing servers should not be affected
|
||||
- New installations will have SSH keys ready for both directions
|
||||
- Generated keys are immediately usable for Git and other services
|
||||
- Customization script provides enhanced deployment capabilities
|
||||
- Overall security model remains equivalent or improved
|
||||
Reference in New Issue
Block a user