Enable SSH on a Server Running a Debian Live ISO from https://www.debian.org/distrib/

debian-live-ssh-setup.sh

#!/bin/bash
# SPDX-License-Identifier: Unlicense
#
# debian-live-ssh-setup.sh
#
# Purpose: Configure SSH access on Debian live instances
# Author: [email protected]
# Created: February 26, 2025
#
# Usage: sudo ./debian-live-ssh-setup.sh
#
# IMPORTANT: Edit the NETWORK_RANGE variable below before running!
# Example: "192.168.1.0/24" for a typical home network
#

# EDIT THIS! Set to your actual network range before running!
NETWORK_RANGE="UNCONFIGURED"

# Blow up if network range is unconfigured
if [ "$NETWORK_RANGE" = "UNCONFIGURED" ]; then
    echo "ERROR: You must configure the NETWORK_RANGE variable before running this script!"
    echo "Example: NETWORK_RANGE=\"192.168.1.0/24\""
    exit 1
fi

# -----------------------------------------------------------------------------
# Sanity checks
# -----------------------------------------------------------------------------

# We need root, because we fiddle with services and configs
if [ "$(id -u)" -ne 0 ]; then
    echo "ERROR: This script must be run as root. Try using sudo."
    exit 1
fi

# -----------------------------------------------------------------------------
# Functions
# -----------------------------------------------------------------------------

# Print a nice heading
heading() {
    echo "----------------------------------------------------------------------"
    echo "$1"
    echo "----------------------------------------------------------------------"
}

# -----------------------------------------------------------------------------
# Main script
# -----------------------------------------------------------------------------

heading "Debian Live SSH Setup"

# Make sure openssh-server is installed
if ! dpkg -l | grep -q openssh-server; then
    echo "* Installing OpenSSH Server..."
    apt-get update
    apt-get install -y openssh-server
else
    echo "* OpenSSH Server is already installed"
fi

# Start and enable SSH service 
if ! systemctl is-active --quiet ssh; then
    echo "* Starting SSH service..."
    systemctl start ssh
    systemctl enable ssh
else
    echo "* SSH service is already running"
fi

# Configure SSH to listen on all interfaces
echo "* Configuring SSH to listen on all interfaces..."
if grep -q "^#ListenAddress 0.0.0.0" /etc/ssh/sshd_config; then
    sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/' /etc/ssh/sshd_config
elif ! grep -q "^ListenAddress 0.0.0.0" /etc/ssh/sshd_config; then
    echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
fi

# Setup firewall to allow SSH from specified network range
echo "* Configuring firewall to allow SSH from $NETWORK_RANGE..."

# Need iptables for firewall rules
if ! command -v iptables >/dev/null 2>&1; then
    echo "* Installing iptables..."
    apt-get install -y iptables
fi

# Allow SSH from your network range
iptables -A INPUT -p tcp --dport 22 -s $NETWORK_RANGE -j ACCEPT

# Save iptables rules for persistence across reboots
if command -v iptables-save >/dev/null 2>&1; then
    echo "* Saving iptables rules..."
    iptables-save > /etc/iptables.rules
    
    # Create systemd service for loading rules at boot
    cat > /etc/systemd/system/iptables-restore.service << EOL
[Unit]
Description=Restore iptables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore < /etc/iptables.rules
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOL

    systemctl enable iptables-restore.service
fi

# Generate SSH key if none exists (makes life easier)
if [ ! -f /root/.ssh/id_rsa ]; then
    echo "* Generating SSH key..."
    mkdir -p /root/.ssh
    ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
    cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
    chmod 600 /root/.ssh/authorized_keys
fi

# Finally, restart SSH service to apply all changes
systemctl restart ssh

# Show connection info so the user knows what to do next
HOST_IP=$(hostname -I | awk '{print $1}')
heading "SSH Setup Complete!"
echo "Connect from another machine using:"
echo "  ssh root@$HOST_IP"
echo ""
echo "If needed, copy this public key to other machines:"
cat /root/.ssh/id_rsa.pub
echo ""

exit 0

# -----------------------------------------------------------------------------
# LICENSE
# -----------------------------------------------------------------------------
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
# binary, for any purpose, commercial or non-commercial, and by any
# means.
#
# In jurisdictions that recognize copyright laws, the author or authors
# of this software dedicate any and all copyright interest in the
# software to the public domain. We make this dedication for the benefit
# of the public at large and to the detriment of our heirs and
# successors. We intend this dedication to be an overt act of
# relinquishment in perpetuity of all present and future rights to this
# software under copyright law.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
# For more information, please refer to <https://unlicense.org>