New script (gitlab version):

wget -N -O secure_server && bash secure_server

Bitbucket version (a bit old)

apt-get update && apt-get -y install git 
git clone https://[email protected]/droidzone/securessh.git && securessh/secure_server

If you dont want to install git:

wget -O secure_server --no-check-certificate && bash ./secure_server

The script cleans up temporary keys, and installs just one public key

What I do is (Old method for non git version):

bash <(wget -qO- --no-check-certificate)

The script has this:

#cat secure_server
# Generate a random password
#   = number of characters; defaults to 32
#   = include special characters; 1 = yes, 0 = no; defaults to 1
function randpass() {
  [ "" == "0" ] &amp;&amp; CHAR="[:alnum:]" || CHAR="[:graph:]"
    cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}

echo Removing bash history
rm /root/.bash_history
rm /root/.mysql_history

echo Done
echo Securing ssh keys...
echo Downloading new authorized public key...
if [ -e $AUTH_KEYNAME ]; then rm $AUTH_KEYNAME; fi
wget $AUTH_KEY --no-check-certificate
echo Creating .ssh if it doesnt exist...
if [ ! -d /root/.ssh ]; then mkdir /root/.ssh; fi
echo Cleaning up .ssh/
chattr -i .ssh/*
rm /root/.ssh/*
echo Installing new public key..
cat $AUTH_KEYNAME &gt; /root/.ssh/authorized_keys
echo Setting proper permissions on .ssh and its contents
chmod -R go= /root/.ssh
echo Setting immuatable bit...
chattr +i /root/.ssh/authorized_keys
echo Deleting downloaded key
echo "Here's a random password for your use:"
randpass 32 1
echo "It's recommended to change your password now. "
echo " Type: passwd"

It deletes bash history, removes id_rsa keys in .ssh (I’m sure you havent deleted generated keys!), installs a custom public key from

The only thing you have to remember is to try logging in with your new private key to check that it works!