Before running the script, create a key pair and place the public key in the file /.ssh/authorized_keys .
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa
SSH password authorization will be disabled and the port will change to 2222, if you have chosen SSH, NFT optimization or Everything
apt install -y sudo wget
sudo -i
wget "https://raw.githubusercontent.com/Onair-santa/Debian-Optimizer/main/optimizer.sh" -O optimizer.sh && chmod +x optimizer.sh && bash optimizer.sh
- Check and append 127.0.1.1 and server hostname to
/etc/hosts. Originalhostsfile is backed up at/etc/hosts.bak. - Append
8.8.8.8and8.8.4.4to/etc/resolv.conf. Originaldnsfile is backed up at/etc/resolv.conf.bak.
- Update
- AutoRemove
- AutoClean
curl htop jq nftables wget speedtest-cli
- Enable BBRv3.
- CloudFlare TCP Optimizations.
- More Details: https://xanmod.org
- Swap Path:
"/swapfile" - Swap Size:
1Gb
-
Optimize
SWAP. -
Optimize Network Settings.
-
Activate
BBR. -
Optimize the Kernel.
Original file is backed up at
/etc/sysctl.conf.bak.
- Port 2222 (change 22 → 2222)
- Remove PasswordAuthentication
- Enable PubkeyAuthentication
- Back up the original
sshd_configfile. - Disable DNS lookups for connecting clients.
- Remove less efficient encryption ciphers.
- Enable and Configure TCP keep-alive messages.
- Allow agent & TCP forwarding.
- Enable gateway ports, Tunneling and compression.
- Enable X11 Forwarding.
Original file is backed up at
/etc/ssh/sshd_config.bak.
- Soft and Hard ulimit
-c -d -f -i -l -n -q -s -u -v -xoptimizations.
- Open port 2222 for SSH
- Open ports TCP 80 443
- More Details: https://github.com/crowdsecurity/crowdsec
- Linux, SSH, Firewall bouncers
-
More Details: https://github.com/fail2ban/fail2ban
-
Jail enabled: sshd(port=2222), recidive(allport (settings in file jail.local)
-
Status command:
fail2ban-client status fail2ban-client status sshd fail2ban-client status recidive
This script is provided as-is, without any warranty or guarantee. Use it at your own risk.