From b094a3464c5b19db9231147c6bb8a1ca622b9826 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 4 Jan 2026 09:07:00 -0600
Subject: [PATCH] configuring sshd server

---
 scripts/ssh-server-check.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh
index ad9cc10..ee0b7e8 100755
--- a/scripts/ssh-server-check.sh
+++ b/scripts/ssh-server-check.sh
@@ -54,6 +54,27 @@ ssh_fingerprint() {
     ssh-keygen -lf "$cfg_path" | awk '{ print $2 }'
 }
 
+if [[ ! -e "/etc/ssh/sshd_config.d/certs.conf" ]]; then
+    echo "⚠️  sshd not configured to use SSH certs"
+    read -p "Do you want to configure sshd? (y/n) " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        mkdir -p /etc/ssh/sshd_config.d
+        cat <<EOF > /etc/ssh/sshd_config.d/certs.conf
+TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+EOF
+        echo -n "Restarting sshd... "
+        systemctl restart sshd
+        echo "done"
+    else
+        echo "Exiting"
+        exit 1
+    fi
+fi
+
+
 check_ssh_files
 
 echo ""