diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100644
index 0000000..027db51
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+if [[ $EUID -ne 0 ]]; then
+  echo "This script must be run as root."
+  exit 1
+fi
+
+echo "Updating SSH configuration..."
+
+# Backup once
+if [[ ! -f "${SSHD_CONFIG}.bak" ]]; then
+  cp "$SSHD_CONFIG" "${SSHD_CONFIG}.bak"
+fi
+
+# Ensure PermitRootLogin yes
+if grep -qE '^\s*PermitRootLogin' "$SSHD_CONFIG"; then
+  sed -i 's/^\s*PermitRootLogin.*/PermitRootLogin yes/' "$SSHD_CONFIG"
+else
+  echo "PermitRootLogin yes" >> "$SSHD_CONFIG"
+fi
+
+# Ensure PasswordAuthentication yes
+if grep -qE '^\s*PasswordAuthentication' "$SSHD_CONFIG"; then
+  sed -i 's/^\s*PasswordAuthentication.*/PasswordAuthentication yes/' "$SSHD_CONFIG"
+else
+  echo "PasswordAuthentication yes" >> "$SSHD_CONFIG"
+fi
+
+echo "Restarting SSH service..."
+if systemctl is-active --quiet sshd; then
+  systemctl restart sshd
+elif systemctl is-active --quiet ssh; then
+  systemctl restart ssh
+else
+  echo "SSH service not found via systemd"
+fi
+
+echo "Rebooting system now..."
+reboot