ssh restrict access

image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99defaults

@@ -49,9 +49,26 @@ commit system
 /etc/init.d/system restart
 
 # Configure ssh dropbear
-uci set dropbear.@dropbear[0].PasswordAuth="1"
-#uci set dropbear.@dropbear[0].GatewayPorts='on'
-commit dropbear
+USER_NAME="admin"
+USER_SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220"
+USER_SHELL="/bin/ash"
+SUDO_USER="root"
+SUDO_GROUP="sudo"
+groupadd -r "${SUDO_GROUP}"
+useradd -m -G "${SUDO_GROUP}" -s "${USER_SHELL}" "${USER_NAME}"
+passwd -l "${SUDO_USER}"
+cat << EOI > /etc/sudoers.d/00-custom
+%${SUDO_GROUP} ALL=(ALL) ALL
+EOI
+USER_HOME="$(eval echo ~"${USER_NAME}")"
+mkdir -p "${USER_HOME}"/.ssh
+cat << EOI > "${USER_HOME}"/.ssh/authorized_keys
+${USER_SSHPUB}
+EOI
+uci set dropbear.@dropbear[0].PasswordAuth="0"
+uci set dropbear.@dropbear[0].RootPasswordAuth="0"
+uci set dropbear.@dropbear[0].GatewayPorts='on'
+uci commit dropbear
 /etc/init.d/dropbear restart
 
 # Configure uhttpd
@@ -64,7 +81,7 @@ commit uhttpd
 uci set dhcp.lan.ignore="$dhcpsrv"
 uci add host
 uci set dhcp.@host[-1].name='jeka-office'
-uci set dhcp.@host[-1].mac=''4c:cc:6a:01:5d:30'
+uci set dhcp.@host[-1].mac='4c:cc:6a:01:5d:30'
 uci set dhcp.@host[-1].ip='192.168.77.35'
 uci add host
 uci set dhcp.@host[-1].name='fs1370dn'
@@ -96,4 +113,3 @@ uci commit dhcp
 /etc/init.d/firewall restart
 
 echo "All done!"
-