diff --git a/renewkeys.sh b/renewkeys.sh deleted file mode 100644 index 233baaa..0000000 --- a/renewkeys.sh +++ /dev/null @@ -1,233 +0,0 @@ -#!/bin/bash -NF="\e[0m" -FB="\e[1m" -CG="\e[38;5;40m" -CR="\e[38;5;9m" -CY="\033[38;5;226m" -USER=$(getent passwd 1000 | cut -d: -f1) -PC=$(uname -n | awk '{print $1}') - -guardband() { -if [ $? -ne 0 ]; then -echo -e "${CR}Script Exited with an Error.${NF}" -exit 1 -fi -} - -cleanup() { -echo -e "${CR}Attention: Script in fix mode - This will reset the .ssh folder. Press CTRL+C ${FB}NOW${NF} ${CR}if you want to avoid this.${NF}" -sleep 5 -if [[ $1 = "--pve01" ]]; then -find /root/.ssh/ -type f -delete -else -find /root/.ssh/ -type f -delete -find /home/$USER/.ssh/ -type f -delete -fi -} - -verifycdn(){ -CDN="https://cdn.franscorack.com" -echo -e "${CY}Verifying CDN availability...${NF}" -if ! wget --spider "$CDN" 2>/dev/null; then - echo -e "${CR}Error: Cannot reach CDN for checksum verification - ${FB}Are you connected on the Internet ? / Is the CDN down ?${NF}" - echo -e "${CR}Key-renewal script can only be ran if $CDN is reachable. Script Halted. ${NF}" - return 1 - else - echo -e "${CG}CDN available for checksum downloads - ${FB}Proceeding...${NF}" - serversidePUB=$(wget https://cdn.franscorack.com/chksum/sshprov/pub -q -O -) - serversidePRIV=$(wget https://cdn.franscorack.com/chksum/sshprov/priv -q -O -) - sleep 2 -fi -} - -rootcheck(){ -if [ -f /root/.ssh/id_ed25519 ]; then -rootPRIV=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}') -else -rootPRIV=0 -fi -if [ -f /root/.ssh/authorized_keys ]; then -rootPUB=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}') -else -rootPUB=0 -fi -echo Root User Check: -if [ "$rootPRIV" = "$serversidePRIV" ] -then - echo -e "${CG}Private Keys Checksum against Server - ${FB}OK${NF} ${CG}- No action needed${NF}" - chmod 700 /root/.ssh - chmod 600 /root/.ssh/id_ed25519 - else - echo -e "${CR}Private Keys Checksum against Server - ${FB}MISMATCH${NF} ${CR}- Provisioning... ${NF}" - sleep 2 - if [ -f /root/.ssh/id_ed25519 ]; then - rm /root/.ssh/id_ed25519 - fi - cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /root/.ssh/id_ed25519 - echo -e ${CY}'key data from server -> local store'${NF} - chmod 700 /root/.ssh - chmod 600 /root/.ssh/id_ed25519 - echo -e ${CY}'chmod -> local store'${NF} - systemctl restart sshd - echo -e ${CY}'sshd restart'${NF} - sleep 3 - rootPRIV2=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}') - if [ "$rootPRIV2" = "$serversidePRIV" ] - then - echo -e "${CG}${FB}CHECKSUM OK - PROVISION SUCCESS${NF}" - else - echo -e "${CR}${FB}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NF}" - return 1 - fi -fi -if [ "$rootPUB" = "$serversidePUB" ] -then - echo -e "${CG}Public Keys Checksum against Server - ${FB}OK${NF} ${CG}- No action needed${NF}" - chmod 700 /root/.ssh - chmod 600 /root/.ssh/authorized_keys - else - echo -e "${CR}Public Keys Checksum against Server - ${FB}MISMATCH${NF} ${CR}- Provisioning... ${NF}" - sleep 2 - if [ -f /root/.ssh/authorized_keys ]; then - rm /root/.ssh/authorized_keys - fi - cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /root/.ssh/authorized_keys - echo -e ${CY}'key data from server -> local store'${NF} - chmod 700 /root/.ssh - chmod 600 /root/.ssh/authorized_keys - echo -e ${CY}'chmod -> local store'${NF} - systemctl restart sshd - echo -e ${CY}'sshd restart'${NF} - sleep 3 - rootPUB2=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}') - if [ "$rootPUB2" = "$serversidePUB" ] - then - echo -e "${CG}${FB}CHECKSUM OK - PROVISION SUCCESS${NF}" - else - echo -e "${CR}${FB}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NF}" - return 1 - fi -fi -} - -admincheck(){ -if [ -f /home/$USER/.ssh/id_ed25519 ]; then -adminPRIV=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}') -else -adminPRIV=0 -fi -if [ -f /home/$USER/.ssh/authorized_keys ]; then -adminPUB=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}') -else -adminPUB=0 -fi -echo Admin User Check: -if [ "$adminPRIV" = "$serversidePRIV" ] -then - echo -e "${CG}Private Keys Checksum against Server - ${FB}OK${NF} ${CG}- No action needed${NF}" - chmod 700 /home/$USER/.ssh - chmod 600 /home/$USER/.ssh/id_ed25519 - chown $USER -R /home/$USER/.ssh - else - echo -e "${CR}Private Keys Checksum against Server - ${FB}MISMATCH${NF} ${CR}- Provisioning... ${NF}" - sleep 2 - if [ -f /home/$USER/.ssh/id_ed25519 ]; then - rm /home/$USER/.ssh/id_ed25519 - fi - cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /home/$USER/.ssh/id_ed25519 - echo -e ${CY}'key data from server -> local store'${NF} - chmod 700 /home/$USER/.ssh - chmod 600 /home/$USER/.ssh/id_ed25519 - chown $USER -R /home/$USER/.ssh - echo -e ${CY}'chmod -> local store'${NF} - systemctl restart sshd - echo -e ${CY}'sshd restart'${NF} - sleep 3 - adminPRIV2=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}') - if [ "$adminPRIV2" = "$serversidePRIV" ] - then - echo -e "${CG}${FB}CHECKSUM OK - PROVISION SUCCESS${NF}" - else - echo -e "${CR}${FB}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NF}" - return 1 - fi -fi -if [ "$adminPUB" = "$serversidePUB" ] -then - echo -e "${CG}Public Keys Checksum against Server - ${FB}OK${NF} ${CG}- No action needed${NF}" - chmod 700 /home/$USER/.ssh - chmod 600 /home/$USER/.ssh/authorized_keys - chown $USER -R /home/$USER/.ssh - else - echo -e "${CR}Public Keys Checksum against Server - ${FB}MISMATCH${NF} ${CR}- Provisioning... ${NF}" - sleep 2 - if [ -f /home/$USER/.ssh/authorized_keys ]; then - rm /home/$USER/.ssh/authorized_keys - fi - cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /home/$USER/.ssh/authorized_keys - echo -e ${CY}'key data from server -> local store'${NF} - chmod 700 /home/$USER/.ssh - chmod 600 /home/$USER/.ssh/authorized_keys - chown $USER -R /home/$USER/.ssh - echo -e ${CY}'chmod -> local store'${NF} - systemctl restart sshd - echo -e ${CY}'sshd restart'${NF} - sleep 3 - adminPUB2=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}') - if [ "$adminPUB2" = "$serversidePUB" ] - then - echo -e "${CG}${FB}CHECKSUM OK - PROVISION SUCCESS${NF}" - else - echo -e "${CR}${FB}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NF}" - return 1 - fi -fi -} - -if [ "$UID" -ne 0 ]; then - echo -e "${CR}This script must be run as root.${NF}" - exit 1 -fi -echo -e ${CY}Warning: running this script resets known_hosts file. Abort this script using CTRL+C if you want to avoid that.${NF} -sleep 3 -if [ -f /home/$USER/.ssh/known_hosts ]; then -rm /home/$USER/.ssh/known_hosts -fi -if [ -f /root/.ssh/known_hosts ]; then -rm /root/.ssh/known_hosts -fi -if [[ $1 = "--fix" ]]; then - if [ "$PC" = "pve01" ] - then - cleanup --pve01 - verifycdn - guardband - rootcheck - guardband - else - cleanup - verifycdn - guardband - rootcheck - guardband - admincheck - guardband - fi - else - if [ "$PC" = "pve01" ] - then - verifycdn - guardband - rootcheck - guardband - else - verifycdn - guardband - rootcheck - guardband - admincheck - guardband - fi -fi -sleep 2 -echo -e "${CG}Script execution completed.${NF}"