Franscobec/AutoremakeSSH
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add renewkeys.sh

Browse Source
This commit is contained in:
Franscobec
2026-01-09 22:48:36 -05:00
parent 8b50f0046a
commit d2ac132589
1 changed files with 207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
renewkeys.sh Normal file
View File

@@ -0,0 +1,207 @@
#!/bin/bash
NO_FORMAT="\e[0m"
F_BOLD="\e[1m"
C_GREEN="\e[38;5;40m"
C_RED="\e[38;5;9m"
C_YELLOW="\033[38;5;226m"
USER=$(getent passwd 1000 | cut -d: -f1)
PC=$(uname -n | awk '{print $1}')
guardband() {
if [ $? -ne 0 ]; then
echo -e "${C_YELLOW}Cleaning up temp directory for checksums...${NO_FORMAT}"
rm -rf /.SSH/.temp
sleep 2
echo -e "${C_RED}Script Exited with an Error.${NO_FORMAT}"
exit 1
fi
}
verifycdn(){
CDN="https://cdn.franscorack.com"
echo -e "${C_YELLOW}Verifying CDN availability...${NO_FORMAT}"
if ! wget --spider "$CDN" 2>/dev/null; then
echo -e "${C_RED}Error: Cannot reach CDN for checksum verification - ${F_BOLD}Are you connected on the Internet ? / Is the CDN down ?${NO_FORMAT}"
echo -e "${C_RED}Key-renewal script can only be ran if $CDN is reachable. Script Halted. ${NO_FORMAT}"
return 1
else
echo -e "${C_GREEN}CDN available for checksum downloads - ${F_BOLD}Proceeding...${NO_FORMAT}"
sleep 2
fi
}
downloadpub(){
wget -q https://cdn.franscorack.com/chksum/sshprov/pub -O /.SSH/.temp/pub
if [ $? -ne 0 ]; then
echo -e "${C_RED}Download error: CDN reported error in file download${NO_FORMAT}"
return 1
fi
}
downloadpriv(){
wget -q https://cdn.franscorack.com/chksum/sshprov/priv -O /.SSH/.temp/priv
if [ $? -ne 0 ]; then
echo -e "${C_RED}Download error: CDN reported error in file download${NO_FORMAT}"
return 1
fi
}
rootcheck(){
serversidePRIV=$(cat /.SSH/.temp/priv | awk '{print $1}')
serversidePUB=$(cat /.SSH/.temp/pub | awk '{print $1}')
rootPRIV=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}')
rootPUB=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}')
echo Root User Check:
if [ "$rootPRIV" = "$serversidePRIV" ]
then
echo -e "${C_GREEN}Private Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_ed25519
else
echo -e "${C_RED}Private Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
sleep 2
rm /root/.ssh/id_ed25519
cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /root/.ssh/id_ed25519
echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_ed25519
echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
systemctl restart sshd
echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
sleep 3
rootPRIV2=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}')
if [ "$rootPRIV2" = "$serversidePRIV" ]
then
echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
else
echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
return 1
fi
fi
if [ "$rootPUB" = "$serversidePUB" ]
then
echo -e "${C_GREEN}Public Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
else
echo -e "${C_RED}Public Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
sleep 2
rm /root/.ssh/authorized_keys
cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /root/.ssh/authorized_keys
echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
systemctl restart sshd
echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
sleep 3
rootPUB2=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}')
if [ "$rootPUB2" = "$serversidePUB" ]
then
echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
else
echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
return 1
fi
fi
}
admincheck(){
adminPRIV=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}')
adminPUB=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}')
echo Admin User Check:
if [ "$adminPRIV" = "$serversidePRIV" ]
then
echo -e "${C_GREEN}Private Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
chmod 700 /home/$USER/.ssh
chmod 600 /home/$USER/.ssh/id_ed25519
chown $USER -R /home/$USER/.ssh
else
echo -e "${C_RED}Private Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
sleep 2
rm /home/$USER/.ssh/id_ed25519
cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /home/$USER/.ssh/id_ed25519
echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
chmod 700 /home/$USER/.ssh
chmod 600 /home/$USER/.ssh/id_ed25519
chown $USER -R /home/$USER/.ssh
echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
systemctl restart sshd
echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
sleep 3
adminPRIV2=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}')
if [ "$adminPRIV2" = "$serversidePRIV" ]
then
echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
else
echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
return 1
fi
fi
if [ "$adminPUB" = "$serversidePUB" ]
then
echo -e "${C_GREEN}Public Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
chmod 700 /home/$USER/.ssh
chmod 600 /home/$USER/.ssh/authorized_keys
chown $USER -R /home/$USER/.ssh
else
echo -e "${C_RED}Public Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
sleep 2
rm /home/$USER/.ssh/authorized_keys
cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /home/$USER/.ssh/authorized_keys
echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
chmod 700 /home/$USER/.ssh
chmod 600 /home/$USER/.ssh/authorized_keys
chown $USER -R /home/$USER/.ssh
echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
systemctl restart sshd
echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
sleep 3
adminPUB2=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}')
if [ "$adminPUB2" = "$serversidePUB" ]
then
echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
else
echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
return 1
fi
fi
}
if [ "$UID" -ne 0 ]; then
echo -e "${C_RED}This script must be run as root.${NO_FORMAT}"
exit 1
fi
echo -e ${C_YELLOW}Warning: running this script resets known_hosts file. Abort this script using CTRL+C if you want to avoid that.${NO_FORMAT}
sleep 3
rm /home/$USER/.ssh/known_hosts
rm /root/.ssh/known_hosts
mkdir /.SSH/.temp
if [ "$PC" = "pve01" ]
then
verifycdn
guardband
downloadpub
guardband
downloadpriv
guardband
rootcheck
guardband
else
verifycdn
guardband
downloadpub
guardband
downloadpriv
guardband
rootcheck
guardband
admincheck
guardband
fi
sleep 3
echo -e "${C_YELLOW}Cleaning up temp directory for checksums...${NO_FORMAT}"
rm -rf /.SSH/.temp
sleep 2
echo -e "${C_GREEN}Script execution completed.${NO_FORMAT}"