john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:cff9d8d3a9cc6f0a849b9d74410caca803445631
Branches Tags
john:main
..
compare: john:b6fd58a7ca99df94e0fcfa0ca9080bed2dde073e
Branches Tags
john:main

2 Commits
cff9d8d3a9 ... b6fd58a7ca

Author SHA1 Message Date
John Lancaster
b6fd58a7ca more polish 2026-01-04 13:30:22 -06:00
John Lancaster
d30123dc4a polishing 2026-01-04 13:20:29 -06:00
1 changed files with 19 additions and 14 deletions
Expand all files Collapse all files

29
scripts/ssh-server-check.sh
View File

@@ -133,6 +133,7 @@ check_ssh_config_files() {
case "$status" in case "$status" in
missing) CREATE_USER_CA=1;; missing) CREATE_USER_CA=1;;
esac esac
echo
} }
ssh_fingerprint() { ssh_fingerprint() {
@@ -172,31 +173,34 @@ EOF
} }
if [[ ! -e $cfg_path ]]; then if [[ ! -e $cfg_path ]]; then
prompt_user "sshd config" "Do you want to configure sshd?" prompt_user "sshd" "Currently unconfigured for certs. Do you want to configure?"
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
install_cert_config install_cert_config
update_prompt $GREEN_CHECK "Configured sshd" update_prompt $GREEN_CHECK "sshd" "Configured to use and accept certs"
fi fi
fi fi
restart_sshd restart_sshd
echo
} }
restart_sshd() { restart_sshd() {
if ! systemctl is-active --quiet sshd; then echo -en "$YELLOW_BANG Restarting sshd..."
prompt_user "sshd.service" "sshd.service is not active. Restart?"
if [[ $REPLY =~ ^[Yy]$ ]]; then
systemctl restart sshd systemctl restart sshd
if [[ $? -eq 0 ]]; then
local sshd_pid=$(systemctl show --property MainPID --value sshd) local sshd_pid=$(systemctl show --property MainPID --value sshd)
update_prompt $GREEN_CHECK "Restarted sshd.service on PID: $sshd_pid" update_prompt $GREEN_CHECK "sshd" "Restarted sshd.service on PID: $sshd_pid"
fi
else else
local sshd_pid=$(systemctl show --property MainPID --value sshd) update_prompt $RED_X "sshd" "Failed to restart sshd.service"
echo -e "$GREEN_CHECK sshd.service is active on PID: $sshd_pid" exit 1
fi fi
} }
create_files() { create_files() {
local wrote_lines=0
if [[ $CREATE_HOST_CERT -eq 1 ]]; then if [[ $CREATE_HOST_CERT -eq 1 ]]; then
wrote_lines=1
prompt_user "SSH Host" "Cert missing. Sign the ssh host cert?" prompt_user "SSH Host" "Cert missing. Sign the ssh host cert?"
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
update_prompt $YELLOW_BANG "Signing ssh host cert" update_prompt $YELLOW_BANG "Signing ssh host cert"
@@ -207,6 +211,7 @@ create_files() {
fi fi
if [[ $CREATE_USER_CA -eq 1 ]]; then if [[ $CREATE_USER_CA -eq 1 ]]; then
wrote_lines=1
prompt_user "SSH Host" "Create the trusted keys file?" prompt_user "SSH Host" "Create the trusted keys file?"
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
(step ssh config --roots > "$path") (step ssh config --roots > "$path")
@@ -215,18 +220,18 @@ create_files() {
update_prompt $RED_X update_prompt $RED_X
fi fi
fi fi
if [[ $wrote_lines -eq 1 ]]; then echo; fi
} }
# Run Process # Run Process
check_cert_config "certs.conf" check_cert_config "certs.conf"
echo
check_ssh_config_files check_ssh_config_files
create_files create_files
title_msg "\nSSH Host Cert" "$SSH_HOST_CERT\n" title_msg "SSH Host Cert" "$SSH_HOST_CERT\n"
CERT_INFO=$(ssh-keygen -Lf "$SSH_HOST_CERT") CERT_INFO=$(ssh-keygen -Lf "$SSH_HOST_CERT")
echo -e "$CERT_INFO" | grep "Public key" echo -e "$CERT_INFO" | grep "Public key"
echo -e "$CERT_INFO" | grep "Valid" echo -e "$CERT_INFO" | grep "Valid"