From 1f63e96570f07782992bd5740bf6891878bf2063 Mon Sep 17 00:00:00 2001 From: Franscobec Date: Thu, 9 Apr 2026 22:01:03 -0400 Subject: [PATCH] Add initial binary Binary for test purposes - not functionnal yet. --- autoremakessh | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 autoremakessh diff --git a/autoremakessh b/autoremakessh new file mode 100644 index 0000000..048706a --- /dev/null +++ b/autoremakessh @@ -0,0 +1,137 @@ +#!/bin/bash +NF="\e[0m" +FB="\e[1m" +CG="\e[38;5;40m" +CR="\e[38;5;9m" +CY="\033[38;5;226m" + +echo "" +echo "AutoremakeSSH Version MR20260410-Dev1" +echo "© 2026 Franscobec - AGPLv3 License" +echo "https://git.franscorack.com/Franscobec/AutoremakeSSH/src/branch/main/" +echo "" + +if [[ $1 = "--trigger" ]]; then + echo test + elif [[ $1 = "--auto" ]]; then + echo test + else + echo "Usage:" + echo "autoremakessh --MODE [OPTIONS]" + echo "" + echo "Possible Modes:" + echo "trigger - For manual triggering of autoremakessh" + echo "auto - For automated triggering of autoremakessh" + echo "" + echo "Possible Options:" + echo "-c [FILE] - Configuration file to use (Default /opt/autoremakessh/client/default)" + echo "-r - Resets .ssh folder of the selected user in the active config" + +fi + +guardband() { +if [ $? -ne 0 ]; then +echo -e "${CR}Script Exited with an Error.${NF}" +exit 1 +fi +} + +verifyserver(){ +if ! wget --spider "$server" 2>/dev/null; then + echo -e "${CR}Error: Cannot reach provisioning server${NF}" + echo -e "${CR}URL in config: $server ${NF}" + return 1 + else + echo -e "${CG}Server OK!${NF}" + + sleep 1 +fi +} + +checksums(){ +if [[ $disablechecksums = "0" ]]; then + serversidePUB=$(wget $server/$checksumdir/$priv -q -O -) + serversidePRIV=$(wget $server/$checksumdir/$pub -q -O -) +fi +} + +verifyconfigsecureIP(){ + local config_file="$1" + local server_line=$(grep "^server=" "$config_file") + local url=$(echo "$server_line" | sed 's/^server=//') + local ip="" + local host_part=$(echo "$url" | sed -E 's|^[a-zA-Z0-9]+://([^/]+).*|\1|') + + if [[ $host_part =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + ip="$host_part" + else + if command -v host >/dev/null 2>&1; then + ip=$(host "$host_part" 2>/dev/null | grep "has address" | awk '{print $4}' | head -1) + elif command -v nslookup >/dev/null 2>&1; then + ip=$(nslookup "$host_part" 2>/dev/null | grep "Name:" | awk '{print $2}' | head -1) + elif command -v dig >/dev/null 2>&1; then + ip=$(dig +short "$host_part" 2>/dev/null | head -1) + else + ip=$(getent ahosts "$host_part" 2>/dev/null | awk '{print $1}' | head -1) + fi + fi + if [[ -z "$ip" ]]; then + return 1 + fi + + local oct1=$(echo "$ip" | cut -d. -f1) + local oct2=$(echo "$ip" | cut -d. -f2) + + if [[ $oct1 -eq 10 ]]; then + return 0 + fi + + if [[ $oct1 -eq 172 ]] && [[ $oct2 -ge 16 ]] && [[ $oct2 -le 31 ]]; then + return 0 + fi + + if [[ $oct1 -eq 192 ]] && [[ $oct2 -eq 168 ]]; then + return 0 + fi + + return 1 +} + +securitywarning(){ +echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" +echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ Security Check has reported a fail - Either config is using @@@${NF}" +echo -e "${CR}${FB}@@@ a public IP as a target server for provisioning, or hostname @@@${NF}" +echo -e "${CR}${FB}@@@ couldn't be resolved. @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ Assuming by default that the target server is publicly @@@${NF}" +echo -e "${CR}${FB}@@@ reachable, this is an incredibly bad idea as it exposes @@@${NF}" +echo -e "${CR}${FB}@@@ your keys on the internet, which is the same as leaving @@@${NF}" +echo -e "${CR}${FB}@@@ your machine passwordless over the internet. @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ Please consider using a local server that isn't exposed to @@@${NF}" +echo -e "${CR}${FB}@@@ the internet unless you accept the risks or know what you're @@@${NF}" +echo -e "${CR}${FB}@@@ doing. @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ If you have already generated new keys using the publicly @@@${NF}" +echo -e "${CR}${FB}@@@ exposed server, it is strongly recommended to reset your keys @@@${NF}" +echo -e "${CR}${FB}@@@ IMMEDIATELY! @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ You can override this warning by setting 'insecure' to 1 @@@${NF}" +echo -e "${CR}${FB}@@@ in the active config file. Refer to docs for more details. @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@ @@@${NF}" +echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" +echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" +sleep 30 +exit 1 +}