# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [2.0.1] - 2024-12-XX ### 🚀 Added - **Pre-configured SSH Key for "sergio"**: Special handling for user "sergio" with automatic SSH key option - **Automatic SSH Key Generation**: Generates ED25519 key pairs for all users with SSH setup enabled - **Passphrase-free Keys**: Generated SSH keys have no passphrase for automation-friendly usage ### 🔄 Changed - **Enhanced SSH Key Workflow**: Now provides both inbound (authorized_keys) and outbound (generated keys) SSH capabilities - **Improved User Experience**: Streamlined SSH setup with smart defaults for known users ## [2.0.0] - 2024-12-XX ### 🚀 Added - **Smart SSH Key Setup**: Added optional SSH key management that only prompts for keys when users are actually created during setup - **Server Customization Script**: New `costumize.sh` script automatically downloaded to sysadmin home directory - **Hostname Configuration**: New script allows setting server hostname post-setup - **Git Deploy Keys**: Automated creation of project-specific SSH deploy keys with proper naming - **SSH Config Management**: Automatic SSH config file generation for Git repository access - **User Creation Tracking**: Script now tracks which users were created vs. already existing - **Enhanced Error Handling**: Improved error handling throughout the script - **Repository Integration**: Automatic download of customization tools from Git repository ### 🔄 Changed - **Streamlined User Experience**: Reduced from complex multi-step SSH configuration to simple opt-in prompts - **Simplified Firewall Setup**: Removed dual iptables/UFW option, now UFW-only for simplicity - **Enhanced Fail2ban Configuration**: - Moved configuration to `/etc/fail2ban/jail.d/custom.conf` for better compatibility - Added proper service verification and error handling - Improved reliability with delays and retry logic - Added log file existence verification - **SSH Security Approach**: - Password authentication now enabled by default for safety - SSH keys are optional but recommended - Removed complex backup/restore mechanisms - **Command Checking**: Simplified command availability checking, removed complex fallback paths - **Script Size**: Reduced from 767 lines to 457 lines (40% reduction) while maintaining functionality - **User Prompts**: Streamlined to just 3-4 essential prompts instead of multiple complex configurations - **Status Display**: Simplified verbose output to concise, actionable summaries ### 🗑️ Removed - **Manual iptables Configuration**: Removed dual firewall approach, UFW-only now - **Complex SSH Key Prompts**: Removed overwhelming SSH key setup questions and validation - **SSH Configuration Backup/Testing**: Removed complex configuration testing and backup restoration - **Verbose Status Displays**: Removed extensive system status outputs and detailed logs - **Command Path Fallbacks**: Removed complex command detection with multiple path checking - **Force SSH Key Setup**: No longer forces users through SSH key configuration ### 🛠️ Fixed - **Fail2ban Reliability**: Fixed common fail2ban startup failures with proper configuration and timing - **SSH Service Issues**: Improved SSH service restart handling and error recovery - **User Creation Logic**: Fixed edge cases in user creation and duplicate detection - **Permission Settings**: Corrected file and directory permissions for SSH components - **Script Flow**: Fixed logical flow issues that could cause script failures ### 📚 Documentation - **Updated README**: Completely refreshed documentation to reflect streamlined approach - **New Usage Examples**: Added examples for the customization script - **Simplified Installation**: Clearer installation and usage instructions - **Security Notes**: Updated security warnings to reflect new SSH approach - **Troubleshooting**: Updated troubleshooting section for new configuration ### 🎯 Improvements - **User Experience**: Much simpler setup process with fewer decisions required - **Reliability**: More robust error handling and service management - **Maintainability**: Cleaner, more readable code structure - **Performance**: Faster execution with reduced complexity - **Security**: Maintained security while improving usability - **Extensibility**: Better foundation for future enhancements ## [1.0.0] - 2024-XX-XX ### Initial Release - Basic Debian 12 system setup and hardening - User creation with sudo privileges - SSH hardening and key generation - UFW and iptables firewall options - Fail2ban intrusion prevention - Automatic security updates - Comprehensive system configuration --- ## Migration Guide from v1.0.0 to v2.0.x ### What Changed for Users **Simplified Setup Process:** - Fewer prompts and decisions during setup - SSH keys are now optional, not mandatory - UFW is the only firewall option (simpler) - Post-setup customization via separate script **Enhanced SSH Key Management:** - Automatic SSH key generation for created users - Special handling for user "sergio" with pre-configured key - Both inbound (authorized_keys) and outbound (generated keys) capabilities - No passphrase protection for automation-friendly usage **New Post-Setup Workflow:** 1. Run `setup.sh` as before 2. Optionally add SSH keys during setup (with smart defaults) 3. Run `./costumize.sh` for hostname and Git deploy keys 4. Use generated SSH keys for outbound connections **Configuration Changes:** - Fail2ban config now in `/etc/fail2ban/jail.d/custom.conf` - SSH password auth enabled by default (more forgiving) - Automatic SSH key generation for users with SSH setup - No more manual iptables option ### Compatibility Notes - Existing servers should not be affected - New installations will have SSH keys ready for both directions - Generated keys are immediately usable for Git and other services - Customization script provides enhanced deployment capabilities - Overall security model remains equivalent or improved