configuring sshd server

scripts/ssh-server-check.sh

@@ -54,6 +54,27 @@ ssh_fingerprint() {
     ssh-keygen -lf "$cfg_path" | awk '{ print $2 }'
 }
 
+if [[ ! -e "/etc/ssh/sshd_config.d/certs.conf" ]]; then
+    echo "⚠️  sshd not configured to use SSH certs"
+    read -p "Do you want to configure sshd? (y/n) " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        mkdir -p /etc/ssh/sshd_config.d
+        cat <<EOF > /etc/ssh/sshd_config.d/certs.conf
+TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+EOF
+        echo -n "Restarting sshd... "
+        systemctl restart sshd
+        echo "done"
+    else
+        echo "Exiting"
+        exit 1
+    fi
+fi
+
+
 check_ssh_files
 
 echo ""