Update debian/debian-secure.sh

debian/debian-secure.sh

@@ -28,7 +28,7 @@ fi
 CLIENT_IP=$(echo "$CLIENT_IP" | cut -d"/" -f1)
 SERVER_IP=$(echo "$SERVER_IP" | cut -d"/" -f1)
 
-WG_LISTEN_PORT=${WG_LISTEN_PORT:-$(jot -r 1 49152 65535)}
+WG_LISTEN_PORT=${WG_LISTEN_PORT:-$(shuf -i 49152-65535 -n 1)}
 WG_PRESHARED_KEY=${WG_PRESHARED_KEY:-$(wg genpsk)}
 
 WG_LOCAL_PRIVKEY=$(wg genkey)
@@ -45,7 +45,7 @@ PublicKey = $WIREGUARD_PUBKEY
 PresharedKey = $WG_PRESHARED_KEY
 AllowedIPs = $CLIENT_IP/$HOST_MASK
 EOF
-chmod -R 700 /etc/wireguard
+chmod 600 /etc/wireguard/vmh-ssh-vpn.conf
 
 systemctl enable --now wg-quick@vmh-ssh-vpn
 
@@ -56,9 +56,9 @@ chown $USERNAME:$USERNAME /home/$USERNAME/.ssh
 echo "$MY_SSH_KEY" > /home/$USERNAME/.ssh/authorized_keys
 chown $USERNAME:$USERNAME /home/$USERNAME/.ssh/authorized_keys
 chmod 600 /home/$USERNAME/.ssh/authorized_keys
-chmod 700 /home/$USERNAME/.ssh
+chmod 600 /home/$USERNAME/.ssh
 
-cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
+cat <<EOF > /etc/ssh/sshd_config.d/10-vmh-ssh.conf
 X11Forwarding no
 PasswordAuthentication no
 PubkeyAuthentication yes