starred/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2026-04-26 10:35:51 +03:00
Code Issues 1 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #54] Fails at SSH Hardening #2

New issue
Closed
opened 2026-03-02 02:59:16 +03:00 by kerem · 9 comments
kerem commented 2026-03-02 02:59:16 +03:00
Owner
Copy link

Originally created by @chrostino on GitHub (Oct 6, 2025).
Original GitHub issue: https://github.com/buildplan/du_setup/issues/54

Originally assigned to: @buildplan on GitHub.

On a fresh install of Debian 13, running the script as root

▓▓▓ SSH Hardening ▓▓▓
═════════════════════════════════════════════════════════════════
ℹ Using SSH service: sshd.service
ℹ No local key provided. Generating new SSH key...
Saving key "/home/admin/.ssh/id_ed25519" failed: Permission denied
✗ An error occurred. Rolling back SSH changes to port 22...
ℹ Rolling back SSH configuration changes to port 22...
⚠ SSH service ssh.service not found, falling back to ssh.service.
✗ Backup file not found at .
ℹ Action: Manually configure /etc/ssh/sshd_config to use port 22 and verify with 'sshd -t'.
Originally created by @chrostino on GitHub (Oct 6, 2025). Original GitHub issue: https://github.com/buildplan/du_setup/issues/54 Originally assigned to: @buildplan on GitHub. On a fresh install of Debian 13, running the script as root ```bash ▓▓▓ SSH Hardening ▓▓▓ ═════════════════════════════════════════════════════════════════ ℹ Using SSH service: sshd.service ℹ No local key provided. Generating new SSH key... Saving key "/home/admin/.ssh/id_ed25519" failed: Permission denied ✗ An error occurred. Rolling back SSH changes to port 22... ℹ Rolling back SSH configuration changes to port 22... ⚠ SSH service ssh.service not found, falling back to ssh.service. ✗ Backup file not found at . ℹ Action: Manually configure /etc/ssh/sshd_config to use port 22 and verify with 'sshd -t'. ```
kerem 2026-03-02 02:59:16 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

I am having a hard time reproducing this error. Your error indicates that the key was not saved because of permission issues. If the script was executed as the root user, then there should not have been any permission issues....

If you still have issues help me reproduce this and if this was on a VPS which provider you were using.

<!-- gh-comment-id:3396347319 --> @buildplan commented on GitHub (Oct 13, 2025): I am having a hard time reproducing this error. Your error indicates that the key was not saved because of permission issues. If the script was executed as the root user, then there should not have been any permission issues.... If you still have issues help me reproduce this and if this was on a VPS which provider you were using.
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@chrostino commented on GitHub (Oct 13, 2025):

I am sure I've ran the script multiple times, both as root and as a sudo user with sudo -E. I even reinstalled debian thinking it was an issue with my installation, maybe later I'll try installing debian 13 in a vm on my main machine and try again.
Also I tried to run the script in an ubuntu server installation and it worked with no issue

<!-- gh-comment-id:3396471373 --> @chrostino commented on GitHub (Oct 13, 2025): I am sure I've ran the script multiple times, both as root and as a sudo user with `sudo -E`. I even reinstalled debian thinking it was an issue with my installation, maybe later I'll try installing debian 13 in a vm on my main machine and try again. Also I tried to run the script in an ubuntu server installation and it worked with no issue
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

I will try to test this tonight a few times with different options to see where it is failing. If you find any more clues please share. Thanks for checking.

<!-- gh-comment-id:3396526214 --> @buildplan commented on GitHub (Oct 13, 2025): I will try to test this tonight a few times with different options to see where it is failing. If you find any more clues please share. Thanks for checking.
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

I think I know whats happening - I looked at the logic and see that when I copy the genrated key to admin user in the script, script copies this as admin user and not root. So I need to add a step for .ssh dir. for admin user to be owned by admin if that makes any sense - I will fix this thanks for reporting .

<!-- gh-comment-id:3396584508 --> @buildplan commented on GitHub (Oct 13, 2025): I think I know whats happening - I looked at the logic and see that when I copy the genrated key to admin user in the script, script copies this as admin user and not root. So I need to add a step for .ssh dir. for admin user to be owned by admin if that makes any sense - I will fix this thanks for reporting .
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@chrostino commented on GitHub (Oct 13, 2025):

Weird that it works on ubuntu server and not in debian tho (if I understood the issue)

<!-- gh-comment-id:3396753658 --> @chrostino commented on GitHub (Oct 13, 2025): Weird that it works on ubuntu server and not in debian tho (if I understood the issue)
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

That's a good observation, and this helped me figure it out. So in Ubuntu when a new user is created I think it automatically created .ssh directory for that user but in Debian directory is only created after use generates a ssh key or creates it manually

<!-- gh-comment-id:3396858508 --> @buildplan commented on GitHub (Oct 13, 2025): That's a good observation, and this helped me figure it out. So in Ubuntu when a new user is created I think it automatically created `.ssh` directory for that user but in Debian directory is only created after use generates a ssh key or creates it manually
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

If you have time you could check the revised version and see if it behaves on Debian - I will push this to main branch after checking tonight

wget https://github.com/buildplan/du_setup/raw/refs/heads/ownership_fix/du_setup.sh

<!-- gh-comment-id:3396871893 --> @buildplan commented on GitHub (Oct 13, 2025): If you have time you could check the revised version and see if it behaves on Debian - I will push this to main branch after checking tonight `wget https://github.com/buildplan/du_setup/raw/refs/heads/ownership_fix/du_setup.sh`
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@chrostino commented on GitHub (Oct 13, 2025):

seems to have worked out fine in a vm

<!-- gh-comment-id:3397832111 --> @chrostino commented on GitHub (Oct 13, 2025): seems to have worked out fine in a vm
kerem commented 2026-03-02 02:59:17 +03:00
Author
Owner
Copy link

@buildplan commented on GitHub (Oct 13, 2025):

Thanks for checking.

<!-- gh-comment-id:3398044673 --> @buildplan commented on GitHub (Oct 13, 2025): Thanks for checking.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
modular_wip
v0.80.5
v0.80.4
v0.80.3
v0.80.2
v0.80.1
v0.80.0
v0.79.1
v0.79.0
v0.78.5
v0.78.4
v0.78.3
v0.78.2
v0.78.1
v0.78
v0.77.2
v0.77.1
v0.77
v0.76
v0.75
v0.74
v0.73
v0.72
v0.71
v0.70.1
v0.70
v0.69
v0.68
v0.67
v0.66
v0.65
v0.64
v0.63
v0.62
v0.61
v0.60
v0.59
v0.58
v0.57
v0.56
v0.55
v0.54
v0.53
0.53
v0.52
v0.51
v0.50
v4.3
v4.2
v4.1
v4.0
v3.13
v3.12
v3.11
v3.10
v3.9
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
enhancement
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/du_setup#2
No description provided.