added NEEDS_RESTART

scripts/ssh-server-check.sh

@@ -17,9 +17,10 @@ YELLOW_BANG="\e[33m!\e[0m"
 
 CREATE_USER_CA=0
 CREATE_HOST_CERT=0
+NEEDS_RESTART=0
 
 #
-# Function Definition
+# Function Definitions
 #
 
 # This test loads the sshd config to see what values actually get parsed.
@@ -177,14 +178,13 @@ EOF
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             install_cert_config
             update_prompt $GREEN_CHECK "sshd" "Configured to use and accept certs"
+            NEEDS_RESTART=1
         fi
     fi
-
-    restart_sshd
-    echo
 }
 
 restart_sshd() {
+    if [[ $NEEDS_RESTART -eq 0 ]]; then return; fi
     echo -en "$YELLOW_BANG Restarting sshd..."
     systemctl restart sshd
     if [[ $? -eq 0 ]]; then
@@ -205,6 +205,7 @@ create_files() {
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             update_prompt $YELLOW_BANG "Signing ssh host cert"
             sign_host_cert
+            NEEDS_RESTART=1
         else
             update_prompt $RED_X
         fi
@@ -216,6 +217,7 @@ create_files() {
         if [[ $REPLY =~ ^[Yy]$ ]]; then
             (step ssh config --roots > "$path")
             update_prompt $GREEN_CHECK "SSH Host" "Created the trusted keys file for the SSH host."
+            NEEDS_RESTART=1
         else
             update_prompt $RED_X
         fi
@@ -230,6 +232,7 @@ create_files() {
 check_cert_config "certs.conf"
 check_ssh_config_files
 create_files
+restart_sshd
 
 title_msg "SSH Host Cert" "$SSH_HOST_CERT\n"
 CERT_INFO=$(ssh-keygen -Lf "$SSH_HOST_CERT")