From cff9d8d3a9cc6f0a849b9d74410caca803445631 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Sun, 4 Jan 2026 13:12:31 -0600 Subject: [PATCH] broke out create_files --- scripts/ssh-server-check.sh | 50 +++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh index e8d62a7..ae8cf2a 100755 --- a/scripts/ssh-server-check.sh +++ b/scripts/ssh-server-check.sh @@ -195,6 +195,28 @@ restart_sshd() { fi } +create_files() { + if [[ $CREATE_HOST_CERT -eq 1 ]]; then + prompt_user "SSH Host" "Cert missing. Sign the ssh host cert?" + if [[ $REPLY =~ ^[Yy]$ ]]; then + update_prompt $YELLOW_BANG "Signing ssh host cert" + sign_host_cert + else + update_prompt $RED_X + fi + fi + + if [[ $CREATE_USER_CA -eq 1 ]]; then + prompt_user "SSH Host" "Create the trusted keys file?" + if [[ $REPLY =~ ^[Yy]$ ]]; then + (step ssh config --roots > "$path") + update_prompt $GREEN_CHECK "SSH Host" "Created the trusted keys file for the SSH host." + else + update_prompt $RED_X + fi + fi +} + # Run Process @@ -202,26 +224,10 @@ check_cert_config "certs.conf" echo check_ssh_config_files -if [[ $CREATE_HOST_CERT -eq 1 ]]; then - prompt_user "SSH Host" "SSH host cert missing. Sign the ssh host cert?" - if [[ $REPLY =~ ^[Yy]$ ]]; then - update_prompt $YELLOW_BANG "Signing ssh host cert" - sign_host_cert - else - update_prompt $RED_X - fi -fi +create_files -# CREATE_USER_CA=1 -if [[ $CREATE_USER_CA -eq 1 ]]; then - prompt_user "User CA" "Create the trusted keys file?" - if [[ $REPLY =~ ^[Yy]$ ]]; then - (step ssh config --roots > "$path") - update_prompt $GREEN_CHECK "User CA" "Created the trusted keys file." - else - update_prompt $RED_X - fi -fi - -echo -e "\n$SSH_HOST_CERT" -ssh-keygen -Lf "$SSH_HOST_CERT" | grep "Public key" | sed 's/^ *//' +title_msg "\nSSH Host Cert" "$SSH_HOST_CERT\n" +CERT_INFO=$(ssh-keygen -Lf "$SSH_HOST_CERT") +echo -e "$CERT_INFO" | grep "Public key" +echo -e "$CERT_INFO" | grep "Valid" +echo -e "$CERT_INFO" | grep -A3 "Principals"