starred/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2026-04-26 10:35:51 +03:00
Code Issues 1 Projects Releases 5 Packages Wiki Activity

[PR #102] [MERGED] SSH hardening safety nets #99

New issue
Closed
opened 2026-03-02 02:59:49 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 02:59:49 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/buildplan/du_setup/pull/102
Author: @buildplan
Created: 2/28/2026
Status: Merged
Merged: 2/28/2026
Merged by: @buildplan

Base: mainHead: dev

📝 Commits (9)

  • 27ded15 feat(confirm): add optional timeout for confirmation prompts
  • 4a8670b feat(ssh): update version to 0.80.1 and add SSH key improvements
  • 135462c feat(ssh): enhance SSH port detection to include socket and exclude specific ports
  • b1bf089 feat(ssh): SSH port configuration and hardening in single drop-in files
  • 10416b2 feat(ssh): update SSH socket configuration to bind to both IPv4 and IPv6 addresses
  • 46eae38 prompt formatting
  • 4066654 feat(port-validation): enhance port validation
  • 2adb555 checksum for v0.80.1
  • 3a38d69 chore: update version and checksum

📊 Changes

3 files changed (+172 additions, -133 deletions)

View changed files

📝 README.md (+4 -4)
📝 du_setup.sh (+167 -128)
📝 du_setup.sh.sha256 (+1 -1)

📄 Description

Fallback protections suggested in #100 to prevent accidental lockouts.

Connection timeout: Added a 5-minute timeout to the SSH and 2FA connection tests so they auto-revert if the user's session drops.

Existing user key validation: The script now strictly requires existing users to provide or generate a valid SSH key before disabling password auth.

Config lexical ordering: Renamed the SSH drop-in to 10-hardening.conf so our hardening rules evaluate before provider defaults (like cloud-init).

Fixed an issue where roll-back only binds to IPv6 if a system has IPv6 enabled.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/buildplan/du_setup/pull/102 **Author:** [@buildplan](https://github.com/buildplan) **Created:** 2/28/2026 **Status:** ✅ Merged **Merged:** 2/28/2026 **Merged by:** [@buildplan](https://github.com/buildplan) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (9) - [`27ded15`](https://github.com/buildplan/du_setup/commit/27ded15e21f4921af47f6b542c4e4fd200d1124a) feat(confirm): add optional timeout for confirmation prompts - [`4a8670b`](https://github.com/buildplan/du_setup/commit/4a8670b2e69ff4b7f190394d5c210fc417dc046b) feat(ssh): update version to 0.80.1 and add SSH key improvements - [`135462c`](https://github.com/buildplan/du_setup/commit/135462c95b8e5e7835769710902ebf8ab21dc57c) feat(ssh): enhance SSH port detection to include socket and exclude specific ports - [`b1bf089`](https://github.com/buildplan/du_setup/commit/b1bf0899837cb8a3e344417f7c7e206068ae8dca) feat(ssh): SSH port configuration and hardening in single drop-in files - [`10416b2`](https://github.com/buildplan/du_setup/commit/10416b2d948232f729944c3d9db01d4c5d9e4c0b) feat(ssh): update SSH socket configuration to bind to both IPv4 and IPv6 addresses - [`46eae38`](https://github.com/buildplan/du_setup/commit/46eae38bbab429b3701d6b8b91c5194595a333ea) prompt formatting - [`4066654`](https://github.com/buildplan/du_setup/commit/4066654037cea3ec4d78ba1a53a5acacf8a6cc52) feat(port-validation): enhance port validation - [`2adb555`](https://github.com/buildplan/du_setup/commit/2adb555859dcdbb8ebff0846b20e81023a87fd8d) checksum for v0.80.1 - [`3a38d69`](https://github.com/buildplan/du_setup/commit/3a38d6908bd8a0412f0aa9b926cd7c989e723928) chore: update version and checksum ### 📊 Changes **3 files changed** (+172 additions, -133 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+4 -4) 📝 `du_setup.sh` (+167 -128) 📝 `du_setup.sh.sha256` (+1 -1) </details> ### 📄 Description Fallback protections suggested in #100 to prevent accidental lockouts. Connection timeout: Added a 5-minute timeout to the SSH and 2FA connection tests so they auto-revert if the user's session drops. Existing user key validation: The script now strictly requires existing users to provide or generate a valid SSH key before disabling password auth. Config lexical ordering: Renamed the SSH drop-in to 10-hardening.conf so our hardening rules evaluate before provider defaults (like cloud-init). Fixed an issue where roll-back only binds to IPv6 if a system has IPv6 enabled. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 02:59:49 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
modular_wip
v0.80.5
v0.80.4
v0.80.3
v0.80.2
v0.80.1
v0.80.0
v0.79.1
v0.79.0
v0.78.5
v0.78.4
v0.78.3
v0.78.2
v0.78.1
v0.78
v0.77.2
v0.77.1
v0.77
v0.76
v0.75
v0.74
v0.73
v0.72
v0.71
v0.70.1
v0.70
v0.69
v0.68
v0.67
v0.66
v0.65
v0.64
v0.63
v0.62
v0.61
v0.60
v0.59
v0.58
v0.57
v0.56
v0.55
v0.54
v0.53
0.53
v0.52
v0.51
v0.50
v4.3
v4.2
v4.1
v4.0
v3.13
v3.12
v3.11
v3.10
v3.9
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
enhancement
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/du_setup#99
No description provided.