diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh index c6aed25..f8d50ba 100755 --- a/scripts/ssh-server-check.sh +++ b/scripts/ssh-server-check.sh @@ -2,11 +2,13 @@ GREEN_CHECK="\e[32m✔\e[0m" RED_X="\e[31m✗\e[0m" +YELLOW_BANG="\e[33m!\e[0m" # # Function Definition # + ssh_config_val() { local field="$1" local val @@ -16,7 +18,7 @@ ssh_config_val() { return 2 fi - echo $(sshd -T | grep -i "^$field " | head -1 | awk '{print $2}') + echo $(sshd -T 2>/dev/null | grep -i "^$field " | head -1 | awk '{print $2}') } green_checkmark() { @@ -24,19 +26,36 @@ green_checkmark() { } check_ssh_files() { + row_success() { + local key="$1" + local path="$2" + local perms=$(stat -c '%a' "$path") + printf "%-17b %-20s %-6s %s\n" " $GREEN_CHECK" "$key" "$perms" "$path" + } + + row_fail() { + local key="$1" + local path="$2" + printf "%-15b %-20s %-6s %s\n" " $YELLOW_BANG" "$key" "-" "$path (missing)" + } + + row_unconfigured() { + local key="$1" + printf "%-17b %-20s %-6s %s\n" " $RED_X" "$key" "-" "(not configured)" + } + printf "%-6s %-20s %-6s %s\n" "STATUS" "KEY" "PERMS" "PATH" for key in hostkey hostcertificate trustedusercakeys; do path=$(ssh_config_val "$key") if [[ -z "$path" ]]; then - printf "%-7s %-20s %-6s %s\n" "⚠️" "$key" "-" "(not configured)" + row_unconfigured $key continue fi if [[ -e "$path" ]]; then - perms=$(stat -c '%a' "$path") - printf "%-17b %-20s %-6s %s\n" " $GREEN_CHECK" "$key" "$perms" "$path" + row_success $key $path else - printf "%-17b %-20s %-6s %s\n" " $RED_X" "$key" "-" "$path (missing)" + row_fail $key $path fi done } @@ -89,7 +108,7 @@ if [[ ! -e "/etc/ssh/sshd_config.d/certs.conf" ]]; then echo if [[ $REPLY =~ ^[Yy]$ ]]; then install_cert_config - echo -n "Restarting sshd... " + echo -n "Restarting sshd..." systemctl restart sshd echo "done" else