debian-first-boot-setup/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[2.0.1] - 2024-12-XX

🚀 Added

• Pre-configured SSH Key for "sergio": Special handling for user "sergio" with automatic SSH key option
• Automatic SSH Key Generation: Generates ED25519 key pairs for all users with SSH setup enabled
• Passphrase-free Keys: Generated SSH keys have no passphrase for automation-friendly usage

🔄 Changed

• Enhanced SSH Key Workflow: Now provides both inbound (authorized_keys) and outbound (generated keys) SSH capabilities
• Improved User Experience: Streamlined SSH setup with smart defaults for known users

[2.0.0] - 2024-12-XX

🚀 Added

• Smart SSH Key Setup: Added optional SSH key management that only prompts for keys when users are actually created during setup
• Server Customization Script: New costumize.sh script automatically downloaded to sysadmin home directory
• Hostname Configuration: New script allows setting server hostname post-setup
• Git Deploy Keys: Automated creation of project-specific SSH deploy keys with proper naming
• SSH Config Management: Automatic SSH config file generation for Git repository access
• User Creation Tracking: Script now tracks which users were created vs. already existing
• Enhanced Error Handling: Improved error handling throughout the script
• Repository Integration: Automatic download of customization tools from Git repository

🔄 Changed

• Streamlined User Experience: Reduced from complex multi-step SSH configuration to simple opt-in prompts
• Simplified Firewall Setup: Removed dual iptables/UFW option, now UFW-only for simplicity
• Enhanced Fail2ban Configuration:
  • Moved configuration to /etc/fail2ban/jail.d/custom.conf for better compatibility
  • Added proper service verification and error handling
  • Improved reliability with delays and retry logic
  • Added log file existence verification
• SSH Security Approach:
  • Password authentication now enabled by default for safety
  • SSH keys are optional but recommended
  • Removed complex backup/restore mechanisms
• Command Checking: Simplified command availability checking, removed complex fallback paths
• Script Size: Reduced from 767 lines to 457 lines (40% reduction) while maintaining functionality
• User Prompts: Streamlined to just 3-4 essential prompts instead of multiple complex configurations
• Status Display: Simplified verbose output to concise, actionable summaries

🗑️ Removed

• Manual iptables Configuration: Removed dual firewall approach, UFW-only now
• Complex SSH Key Prompts: Removed overwhelming SSH key setup questions and validation
• SSH Configuration Backup/Testing: Removed complex configuration testing and backup restoration
• Verbose Status Displays: Removed extensive system status outputs and detailed logs
• Command Path Fallbacks: Removed complex command detection with multiple path checking
• Force SSH Key Setup: No longer forces users through SSH key configuration

🛠️ Fixed

• Fail2ban Reliability: Fixed common fail2ban startup failures with proper configuration and timing
• SSH Service Issues: Improved SSH service restart handling and error recovery
• User Creation Logic: Fixed edge cases in user creation and duplicate detection
• Permission Settings: Corrected file and directory permissions for SSH components
• Script Flow: Fixed logical flow issues that could cause script failures

📚 Documentation

• Updated README: Completely refreshed documentation to reflect streamlined approach
• New Usage Examples: Added examples for the customization script
• Simplified Installation: Clearer installation and usage instructions
• Security Notes: Updated security warnings to reflect new SSH approach
• Troubleshooting: Updated troubleshooting section for new configuration

🎯 Improvements

• User Experience: Much simpler setup process with fewer decisions required
• Reliability: More robust error handling and service management
• Maintainability: Cleaner, more readable code structure
• Performance: Faster execution with reduced complexity
• Security: Maintained security while improving usability
• Extensibility: Better foundation for future enhancements

[1.0.0] - 2024-XX-XX

Initial Release

• Basic Debian 12 system setup and hardening
• User creation with sudo privileges
• SSH hardening and key generation
• UFW and iptables firewall options
• Fail2ban intrusion prevention
• Automatic security updates
• Comprehensive system configuration

---

Migration Guide from v1.0.0 to v2.0.x

What Changed for Users

Simplified Setup Process:

• Fewer prompts and decisions during setup
• SSH keys are now optional, not mandatory
• UFW is the only firewall option (simpler)
• Post-setup customization via separate script

Enhanced SSH Key Management:

• Automatic SSH key generation for created users
• Special handling for user "sergio" with pre-configured key
• Both inbound (authorized_keys) and outbound (generated keys) capabilities
• No passphrase protection for automation-friendly usage

New Post-Setup Workflow:

1. Run setup.sh as before
2. Optionally add SSH keys during setup (with smart defaults)
3. Run ./costumize.sh for hostname and Git deploy keys
4. Use generated SSH keys for outbound connections

Configuration Changes:

• Fail2ban config now in /etc/fail2ban/jail.d/custom.conf
• SSH password auth enabled by default (more forgiving)
• Automatic SSH key generation for users with SSH setup
• No more manual iptables option

Compatibility Notes

• Existing servers should not be affected
• New installations will have SSH keys ready for both directions
• Generated keys are immediately usable for Git and other services
• Customization script provides enhanced deployment capabilities
• Overall security model remains equivalent or improved