fix: disable password auth on ssh connections + avoid replacing main sshd file

user/ssh_config.sh

@@ -23,17 +23,33 @@ function config_ssh() {
     echo "[ SSH ]: No public key provided, skipping..."
   fi
 
-  echo "[ SSH ]: Disabling root login"
+  # Create SSH configuration file instead of modifying main sshd_config
-  sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+  config_file="/etc/ssh/sshd_config.d/server-initializer.conf"
-  echo "[ SSH ]: Root login disabled"
 
-  echo "[ SSH ]: Adding $username to allowed users"
+  echo "[ SSH ]: Creating SSH configuration file"
-  if grep -q "^AllowUsers" /etc/ssh/sshd_config; then
+  sudo mkdir -p /etc/ssh/sshd_config.d
-    sudo sed -i "s/^AllowUsers.*/& $username/" /etc/ssh/sshd_config
+
-  else
+  # Create the configuration file with security settings
-    echo "AllowUsers $username" | sudo tee -a /etc/ssh/sshd_config >/dev/null
+  sudo tee "$config_file" >/dev/null <<EOF
-  fi
+# Server Initializer SSH Configuration
-  echo "[ SSH ]: User added to allowed users"
+# This file is managed by @elAgala/server-initializer
+
+# Disable root login
+PermitRootLogin no
+
+# Disable password authentication
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM no
+
+# Only allow specific users
+AllowUsers $username
+EOF
+
+  echo "[ SSH ]: SSH configuration file created at $config_file"
+  echo "[ SSH ]: Root login disabled"
+  echo "[ SSH ]: Password authentication disabled"
+  echo "[ SSH ]: User $username added to allowed users"
 
   sudo systemctl restart sshd
   echo "[ SSH ]: Finished succesfully!"