john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b094a3464c5b19db9231147c6bb8a1ca622b9826
janus/scripts/ssh-server-check.sh
John Lancaster b094a3464c configuring sshd server
2026-01-04 09:07:00 -06:00

83 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
ssh_config_val() {
local field="$1"
local val
if [[ -z "$field" ]]; then
echo "usage: ssh_config_val <config name>" >&2
return 2
fi
echo $(sshd -T | grep -i "^$field " | head -1 | awk '{print $2}')
}
check_ssh_files() {
printf "%-6s %-20s %-6s %s\n" "STATUS" "KEY" "PERMS" "PATH"
for key in hostkey hostcertificate trustedusercakeys; do
path=$(ssh_config_val "$key")
if [[ -z "$path" ]]; then
printf "%-7s %-20s %-6s %s\n" "⚠️" "$key" "-" "(not configured)"
continue
fi
if [[ -e "$path" ]]; then
perms=$(stat -c '%a' "$path")
printf "%-7s %-20s %-6s %s\n" "✅" "$key" "$perms" "$path"
else
printf "%-7s %-20s %-6s %s\n" "❌" "$key" "-" "$path (missing)"
fi
done
}
ssh_fingerprint() {
local field="$1"
local ca_path
if [[ -z "$field" ]]; then
echo "usage: ssh_fingerprint <trusteduserca|hostcertificate|...>" >&2
return 2
fi
cfg_path=$(ssh_config_val $field)
if [[ -z "$cfg_path" ]]; then
echo "error: sshd field '$field' not found or empty" >&2
return 1
fi
if [[ ! -r "$cfg_path" ]]; then
echo "error: file not readable: $cfg_path" >&2
return 1
fi
ssh-keygen -lf "$cfg_path" | awk '{ print $2 }'
}
if [[ ! -e "/etc/ssh/sshd_config.d/certs.conf" ]]; then
echo "⚠️ sshd not configured to use SSH certs"
read -p "Do you want to configure sshd? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
mkdir -p /etc/ssh/sshd_config.d
cat <<EOF > /etc/ssh/sshd_config.d/certs.conf
TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
EOF
echo -n "Restarting sshd... "
systemctl restart sshd
echo "done"
else
echo "Exiting"
exit 1
fi
fi
check_ssh_files
echo ""
echo "Host certificate fingerprint"
ssh_fingerprint hostkey
Reference in New Issue View Git Blame Copy Permalink