Instantly secure VPS session

New script (gitlab version):

wget -N -O secure_server && bash secure_server

Bitbucket version (a bit old)

apt-get update && apt-get -y install git 
git clone https:[email protected]/droidzone/securessh.git && securessh/secure_server

If you dont want to install git:

wget -O secure_server --no-check-certificate && bash ./secure_server

The script cleans up temporary keys, and installs just one public key

What I do is (Old method for non git version):

bash <(wget -qO- --no-check-certificate)

The script has this:

#cat secure_server
# Generate a random password
#   = number of characters; defaults to 32
#   = include special characters; 1 = yes, 0 = no; defaults to 1
function randpass() {
  [ "" == "0" ] &amp;&amp; CHAR="[:alnum:]" || CHAR="[:graph:]"
    cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}

echo Removing bash history
rm /root/.bash_history
rm /root/.mysql_history

echo Done
echo Securing ssh keys...
echo Downloading new authorized public key...
if [ -e $AUTH_KEYNAME ]; then rm $AUTH_KEYNAME; fi
wget $AUTH_KEY --no-check-certificate
echo Creating .ssh if it doesnt exist...
if [ ! -d /root/.ssh ]; then mkdir /root/.ssh; fi
echo Cleaning up .ssh/
chattr -i .ssh/*
rm /root/.ssh/*
echo Installing new public key..
cat $AUTH_KEYNAME &gt; /root/.ssh/authorized_keys
echo Setting proper permissions on .ssh and its contents
chmod -R go= /root/.ssh
echo Setting immuatable bit...
chattr +i /root/.ssh/authorized_keys
echo Deleting downloaded key
echo "Here's a random password for your use:"
randpass 32 1
echo "It's recommended to change your password now. "
echo " Type: passwd"

It deletes bash history, removes id_rsa keys in .ssh (I’m sure you havent deleted generated keys!), installs a custom public key from

The only thing you have to remember is to try logging in with your new private key to check that it works!

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.