check_cert_config

scripts/ssh-server-check.sh

@@ -9,6 +9,7 @@ YELLOW_BANG="\e[33m!\e[0m"
 #
 
 
+# This test loads the sshd config to see what values actually get parsed.
 ssh_config_val() {
     local field="$1"
     local val
@@ -21,9 +22,7 @@ ssh_config_val() {
     echo $(sshd -T 2>/dev/null | grep -i "^$field " | head -1 | awk '{print $2}')
 }
 
-green_checkmark() {
-    printf "\e[32m✔\e[0m"
-}
+
 
 check_ssh_files() {
     row_success() {
@@ -78,7 +77,6 @@ check_ssh_files() {
             read -p "Create the trusted keys file? (y/n) " -n 1 -r
             echo
             if [[ $REPLY =~ ^[Yy]$ ]]; then
-                echo "Creating public key file at $path"
                 (step ssh config --roots > "$path")
                 echo -e "$GREEN_CHECK  Created public key file for SSH user CA"
             fi
@@ -111,6 +109,21 @@ ssh_fingerprint() {
     ssh-keygen -lf "$cfg_path" | awk '{ print $2 }'
 }
 
+check_cert_config() {
+    local base_dir="/etc/ssh/sshd_config.d"
+    local cfg_path="$base_dir/${1:-certs.conf}"
+
+    if [[ ! -e $cfg_path ]]; then
+        echo -e "$YELLOW_BANG  sshd not configured to use SSH certs"
+        read -p "Do you want to configure sshd? (y/n) " -n 1 -r
+        echo
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            install_cert_config
+            restart_sshd
+        fi
+    fi
+}
+
 install_cert_config() {
     local base_dir="/etc/ssh/sshd_config.d"
     local cfg_path="${1:-$base_dir/certs.conf}"
@@ -148,16 +161,7 @@ restart_sshd() {
 # Run Process
 #
 
-if [[ ! -e "/etc/ssh/sshd_config.d/certs.conf" ]]; then
-    echo -e "$YELLOW_BANG  sshd not configured to use SSH certs"
-    read -p "Do you want to configure sshd? (y/n) " -n 1 -r
-    echo
-    if [[ $REPLY =~ ^[Yy]$ ]]; then
-        install_cert_config
-        restart_sshd
-    fi
-fi
-
+check_cert_config "certs.conf"
 check_ssh_files
 
 echo ""