Instantly secure VPS session

New script (gitlab version):

wget -N http://git.droidzone.in/joel/securessh/raw/master/secure_server -O secure_server && bash secure_server

Bitbucket version (a bit old)

apt-get update && apt-get -y install git 
git clone https://[email protected]/droidzone/securessh.git && securessh/secure_server

If you dont want to install git:

wget http://droidzone.in/securessh/secure_server -O secure_server --no-check-certificate && bash ./secure_server

The script cleans up temporary keys, and installs just one public key

What I do is (Old method for non git version):

bash <(wget -qO- http://droidzone.in/keys/secure_server --no-check-certificate)

The script has this:

#cat secure_server
#!/bin/bash
# Generate a random password
#   = number of characters; defaults to 32
#   = include special characters; 1 = yes, 0 = no; defaults to 1
function randpass() {
  [ "" == "0" ] &amp;&amp; CHAR="[:alnum:]" || CHAR="[:graph:]"
    cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
    echo
}

AUTH_KEY="http://droidzone.in/keys/myauthkey.pub"
AUTH_KEYNAME="myauthkey.pub"
echo Removing bash history
rm /root/.bash_history
rm /root/.mysql_history

echo Done
echo
echo Securing ssh keys...
echo Downloading new authorized public key...
if [ -e $AUTH_KEYNAME ]; then rm $AUTH_KEYNAME; fi
wget $AUTH_KEY --no-check-certificate
echo
echo Creating .ssh if it doesnt exist...
if [ ! -d /root/.ssh ]; then mkdir /root/.ssh; fi
echo Cleaning up .ssh/
chattr -i .ssh/*
rm /root/.ssh/*
echo Installing new public key..
cat $AUTH_KEYNAME &gt; /root/.ssh/authorized_keys
echo Setting proper permissions on .ssh and its contents
chmod -R go= /root/.ssh
echo Setting immuatable bit...
chattr +i /root/.ssh/authorized_keys
echo Deleting downloaded key
rm $AUTH_KEYNAME
echo
echo "Here's a random password for your use:"
randpass 32 1
echo "It's recommended to change your password now. "
echo " Type: passwd"

It deletes bash history, removes id_rsa keys in .ssh (I’m sure you havent deleted generated keys!), installs a custom public key from http://droidzone.in/keys/myauthkey.pub

The only thing you have to remember is to try logging in with your new private key to check that it works!