From b08ef16aec22f6975df16ed60e7896b814f3af34 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 4 Jan 2026 16:44:12 -0600
Subject: [PATCH] added NEEDS_RESTART

---
 scripts/ssh-server-check.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh
index 28bd012..1b7e3ce 100755
--- a/scripts/ssh-server-check.sh
+++ b/scripts/ssh-server-check.sh
@@ -17,9 +17,10 @@ YELLOW_BANG="\e[33m!\e[0m"
 
 CREATE_USER_CA=0
 CREATE_HOST_CERT=0
+NEEDS_RESTART=0
 
 #
-# Function Definition
+# Function Definitions
 #
 
 # This test loads the sshd config to see what values actually get parsed.
@@ -177,14 +178,13 @@ EOF
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             install_cert_config
             update_prompt $GREEN_CHECK "sshd" "Configured to use and accept certs"
+            NEEDS_RESTART=1
         fi
     fi
-
-    restart_sshd
-    echo
 }
 
 restart_sshd() {
+    if [[ $NEEDS_RESTART -eq 0 ]]; then return; fi
     echo -en "$YELLOW_BANG Restarting sshd..."
     systemctl restart sshd
     if [[ $? -eq 0 ]]; then
@@ -205,6 +205,7 @@ create_files() {
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             update_prompt $YELLOW_BANG "Signing ssh host cert"
             sign_host_cert
+            NEEDS_RESTART=1
         else
             update_prompt $RED_X
         fi
@@ -216,6 +217,7 @@ create_files() {
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             (step ssh config --roots > "$path")
             update_prompt $GREEN_CHECK "SSH Host" "Created the trusted keys file for the SSH host."
+            NEEDS_RESTART=1
         else
             update_prompt $RED_X
         fi
@@ -230,6 +232,7 @@ create_files() {
 check_cert_config "certs.conf"
 check_ssh_config_files
 create_files
+restart_sshd
 
 title_msg "SSH Host Cert" "$SSH_HOST_CERT\n"
 CERT_INFO=$(ssh-keygen -Lf "$SSH_HOST_CERT")