signing host cert

scripts/ssh-server-check.sh

@@ -37,7 +37,7 @@ prompt_user() {
     local prompt="${2:-Prompt for the user}"
     full_prompt_msg="$title: $prompt"
 
-    echo -n -e "$YELLOW_BANG  $full_prompt_msg"
+    echo -n -e "$YELLOW_BANG $full_prompt_msg"
     read -p " (y/n) " -n 1 -r
     echo
 }
@@ -52,9 +52,9 @@ update_prompt() {
     echo -en "\e[1A\r\e[K"
 
     if [[ "$msg" != "$full_prompt_msg" ]]; then
-        echo -e "$icon  $msg"
+        echo -e "$icon $msg"
     else
-        echo -e "$icon  $msg  $REPLY"
+        echo -e "$icon $msg  $REPLY"
     fi
 }
 
@@ -124,11 +124,20 @@ check_ssh_config_files() {
 
     row_process "hostkey"
     row_process "hostcertificate"
+    case "$status" in
+        missing)
+            prompt_user "SSH Host" "SSH host cert missing. Sign the ssh host cert?"
+            if [[ $REPLY =~ ^[Yy]$ ]]; then
+                sign_host_cert
+                update_prompt $GREEN_CHECK "Signed ssh host cert"
+            else
+                update_prompt $RED_X
+            fi
+            ;;
+    esac
     row_process "trustedusercakeys"
     case "$status" in
-        success) return ;;
         missing)
-            # Do something if trustedusercakeys is missing
             prompt_user "User CA" "Created the trusted keys file?"
             if [[ $REPLY =~ ^[Yy]$ ]]; then
                 (step ssh config --roots > "$path")
@@ -137,7 +146,6 @@ check_ssh_config_files() {
                 update_prompt $RED_X
             fi
             ;;
-        unconfigured) return;;
     esac
 }
 
@@ -197,7 +205,7 @@ restart_sshd() {
         fi
     else
         local sshd_pid=$(systemctl show --property MainPID --value sshd)
-        echo -e "$GREEN_CHECK  sshd.service is active on PID: $sshd_pid"
+        echo -e "$GREEN_CHECK sshd.service is active on PID: $sshd_pid"
     fi
 }
 
@@ -211,6 +219,3 @@ check_ssh_config_files
 echo
 echo "Host key fingerprint"
 ssh_fingerprint hostkey
-
-# prompt_user
-# auto_update_prompt