diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh index f14da96..e8d62a7 100755 --- a/scripts/ssh-server-check.sh +++ b/scripts/ssh-server-check.sh @@ -15,6 +15,9 @@ GREEN_CHECK="\e[32m✔\e[0m" RED_X="\e[31m✗\e[0m" YELLOW_BANG="\e[33m!\e[0m" +CREATE_USER_CA=0 +CREATE_HOST_CERT=0 + # # Function Definition # @@ -32,30 +35,29 @@ ssh_config_val() { echo $(sshd -T 2>/dev/null | grep -i "^$field " | head -1 | awk '{print $2}') } -prompt_user() { - local title="\e[1m${1:-Title}\e[0m" +title_msg() { + local title="\e[1m${1:-Title}:\e[0m" local prompt="${2:-Prompt for the user}" - full_prompt_msg="$title: $prompt" + printf "%b %b" "$title" "$prompt" +} +prompt_user() { + full_prompt_msg="$(title_msg "${1}" "${2}")" echo -n -e "$YELLOW_BANG $full_prompt_msg" read -p " (y/n) " -n 1 -r - echo } update_prompt() { local icon="$1" - local msg="${2:-$full_prompt_msg}" + case $# in + 1) msg="$full_prompt_msg $REPLY";; + 2) msg="$2";; + 3) msg="$(title_msg "${2}" "${3}")";; + *) msg="Too many arguments";; + esac - # \e[1A: Move up one line - # \r: Move to start of line - # \e[K: Clear to end of line - echo -en "\e[1A\r\e[K" - - if [[ "$msg" != "$full_prompt_msg" ]]; then - echo -e "$icon $msg" - else - echo -e "$icon $msg $REPLY" - fi + echo -en "\r\e[K" + echo -e "$icon $msg" } auto_update_prompt() { @@ -125,27 +127,11 @@ check_ssh_config_files() { row_process "hostkey" row_process "hostcertificate" case "$status" in - missing) - prompt_user "SSH Host" "SSH host cert missing. Sign the ssh host cert?" - if [[ $REPLY =~ ^[Yy]$ ]]; then - sign_host_cert - update_prompt $GREEN_CHECK "Signed ssh host cert" - else - update_prompt $RED_X - fi - ;; + missing) CREATE_HOST_CERT=1;; esac row_process "trustedusercakeys" case "$status" in - missing) - prompt_user "User CA" "Created the trusted keys file?" - if [[ $REPLY =~ ^[Yy]$ ]]; then - (step ssh config --roots > "$path") - update_prompt $GREEN_CHECK "Created public key file for SSH user CA" - else - update_prompt $RED_X - fi - ;; + missing) CREATE_USER_CA=1;; esac } @@ -200,11 +186,11 @@ restart_sshd() { prompt_user "sshd.service" "sshd.service is not active. Restart?" if [[ $REPLY =~ ^[Yy]$ ]]; then systemctl restart sshd - local sshd_pid=$(systemctl show --property MainPID --value sshd) + local sshd_pid=$(systemctl show --property MainPID --value sshd) update_prompt $GREEN_CHECK "Restarted sshd.service on PID: $sshd_pid" fi else - local sshd_pid=$(systemctl show --property MainPID --value sshd) + local sshd_pid=$(systemctl show --property MainPID --value sshd) echo -e "$GREEN_CHECK sshd.service is active on PID: $sshd_pid" fi } @@ -216,6 +202,26 @@ check_cert_config "certs.conf" echo check_ssh_config_files -echo -echo "Host key fingerprint" -ssh_fingerprint hostkey +if [[ $CREATE_HOST_CERT -eq 1 ]]; then + prompt_user "SSH Host" "SSH host cert missing. Sign the ssh host cert?" + if [[ $REPLY =~ ^[Yy]$ ]]; then + update_prompt $YELLOW_BANG "Signing ssh host cert" + sign_host_cert + else + update_prompt $RED_X + fi +fi + +# CREATE_USER_CA=1 +if [[ $CREATE_USER_CA -eq 1 ]]; then + prompt_user "User CA" "Create the trusted keys file?" + if [[ $REPLY =~ ^[Yy]$ ]]; then + (step ssh config --roots > "$path") + update_prompt $GREEN_CHECK "User CA" "Created the trusted keys file." + else + update_prompt $RED_X + fi +fi + +echo -e "\n$SSH_HOST_CERT" +ssh-keygen -Lf "$SSH_HOST_CERT" | grep "Public key" | sed 's/^ *//'