Update renewkeys.sh

Reviewed-on: #1

autoremakekeys.sh

@@ -11,10 +11,14 @@ fi
 ##Generate keys
 mkdir /.SSH/automated/.temp
 ssh-keygen -f /.SSH/automated/.temp/id_ed25519 -N "" &&
+if [ -f /.SSH/automated/priv/servers/id_ed25519 ]; then
 rm /.SSH/automated/priv/servers/id_ed25519
+fi
+if [ -f /.SSH/automated/pub/servers/id_ed25519.pub ]; then
 rm /.SSH/automated/pub/servers/id_ed25519.pub
-/.SSH/automated/.temp/id_ed25519 > /.SSH/automated/priv/servers/
-/.SSH/automated/.temp/id_ed25519.pub > /.SSH/automated/pub/servers/
+fi
+cat /.SSH/automated/.temp/id_ed25519 > /.SSH/automated/priv/servers/id_ed25519
+cat /.SSH/automated/.temp/id_ed25519.pub > /.SSH/automated/pub/servers/id_ed25519.pub
 sha256sum /.SSH/automated/.temp/id_ed25519 | awk '{print $1}' > /home/$USER/sshprov/priv
 sha256sum /.SSH/automated/.temp/id_ed25519.pub | awk '{print $1}' > /home/$USER/sshprov/pub
 sleep 2
@@ -25,14 +29,14 @@ rm /home/$USER/.ssh/known_hosts
 rm /root/.ssh/known_hosts
 rm /root/.ssh/id_ed25519
 rm /root/.ssh/authorized_keys
-/.SSH/automated/priv/servers/id_ed25519 > /root/.ssh/id_ed25519
-/.SSH/automated/pub/servers/id_ed25519.pub > /root/.ssh/authorized_keys &&
+cat /.SSH/automated/priv/servers/id_ed25519 > /root/.ssh/id_ed25519
+cat /.SSH/automated/pub/servers/id_ed25519.pub > /root/.ssh/authorized_keys &&
 chmod 700 /root/.ssh/id_ed25519
 chmod 644 /root/.ssh/authorized_keys
 rm /home/$USER/.ssh/id_ed25519
 rm /home/$USER/.ssh/authorized_keys
-/.SSH/automated/priv/servers/id_ed25519 > /home/$USER/.ssh/id_ed25519
-/.SSH/automated/pub/servers/id_ed25519.pub > /home/$USER/.ssh/authorized_keys &&
+cat /.SSH/automated/priv/servers/id_ed25519 > /home/$USER/.ssh/id_ed25519
+cat /.SSH/automated/pub/servers/id_ed25519.pub > /home/$USER/.ssh/authorized_keys &&
 chmod 700 /home/$USER/.ssh
 chmod 600 /home/$USER/.ssh/id_ed25519
 chmod 600 /home/$USER/.ssh/authorized_keys

renewkeys.sh

@@ -9,14 +9,22 @@ PC=$(uname -n | awk '{print $1}')
 
 guardband() {
 if [ $? -ne 0 ]; then
-echo -e "${CY}Cleaning up temp directory for checksums...${NF}"
-rm -rf /.SSH/.temp
-sleep 2
 echo -e "${CR}Script Exited with an Error.${NF}"
 exit 1
 fi
 }
 
+cleanup() {
+echo -e "${CR}Attention: Script in fix mode - This will reset the .ssh folder. Press CTRL+C ${FB}NOW${NF} ${CR}if you want to avoid this.${NF}"
+sleep 5
+if  [[ $1 = "--pve01" ]]; then
+find /root/.ssh/ -type f -delete
+else
+find /root/.ssh/ -type f -delete
+find /home/$USER/.ssh/ -type f -delete
+fi
+}
+
 verifycdn(){
 CDN="https://cdn.franscorack.com"
 echo -e "${CY}Verifying CDN availability...${NF}"
@@ -26,29 +34,13 @@ if ! wget --spider "$CDN" 2>/dev/null; then
     return 1
     else
     echo -e "${CG}CDN available for checksum downloads - ${FB}Proceeding...${NF}"
+    serversidePUB=$(wget https://cdn.franscorack.com/chksum/sshprov/pub -q -O -)
+    serversidePRIV=$(wget https://cdn.franscorack.com/chksum/sshprov/priv -q -O -)
     sleep 2
 fi
 }
 
-downloadpub(){
-wget -q https://cdn.franscorack.com/chksum/sshprov/pub -O /.SSH/.temp/pub
-if [ $? -ne 0 ]; then
-    echo -e "${CR}Download error: CDN reported error in file download${NF}"
-    return 1
-fi
-}
-
-downloadpriv(){
-wget -q https://cdn.franscorack.com/chksum/sshprov/priv -O /.SSH/.temp/priv
-if [ $? -ne 0 ]; then
-    echo -e "${CR}Download error: CDN reported error in file download${NF}"
-    return 1
-fi
-}
-
 rootcheck(){
-serversidePRIV=$(cat /.SSH/.temp/priv | awk '{print $1}')
-serversidePUB=$(cat /.SSH/.temp/pub | awk '{print $1}')
 if [ -f /root/.ssh/id_ed25519 ]; then
 rootPRIV=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}')
 else
@@ -198,35 +190,44 @@ if [ "$UID" -ne 0 ]; then
 fi
 echo -e ${CY}Warning: running this script resets known_hosts file. Abort this script using CTRL+C if you want to avoid that.${NF}
 sleep 3
+if [ -f /home/$USER/.ssh/known_hosts ]; then
 rm /home/$USER/.ssh/known_hosts
+fi
+if [ -f /root/.ssh/known_hosts ]; then
 rm /root/.ssh/known_hosts
-if [ ! -f ".SSH/.temp" ]; then
-mkdir /.SSH/.temp
 fi
-if [ "$PC" = "pve01" ]
-then
-verifycdn
-guardband
-downloadpub
-guardband
-downloadpriv
-guardband
-rootcheck
-guardband
-else
-verifycdn
-guardband
-downloadpub
-guardband
-downloadpriv
-guardband
-rootcheck
-guardband
-admincheck
-guardband
+if  [[ $1 = "--fix" ]]; then
+    if [ "$PC" = "pve01" ]
+    then
+    cleanup --pve01
+    verifycdn
+    guardband
+    rootcheck
+    guardband
+    else
+    cleanup
+    verifycdn
+    guardband
+    rootcheck
+    guardband
+    admincheck
+    guardband
+    fi
+    else
+    if [ "$PC" = "pve01" ]
+    then
+    verifycdn
+    guardband
+    rootcheck
+    guardband
+    else
+    verifycdn
+    guardband
+    rootcheck
+    guardband
+    admincheck
+    guardband
+    fi
 fi
-sleep 3
-echo -e "${CY}Cleaning up temp directory for checksums...${NF}"
-rm -rf /.SSH/.temp
 sleep 2
 echo -e "${CG}Script execution completed.${NF}"

updatescripts.sh

@@ -14,9 +14,6 @@ fi
 
 guardband() {
 if [ $? -ne 0 ]; then
-echo -e "${CY}Cleaning up temp directory...${NF}"
-rm -rf /.SSH/automated/.temp/
-sleep 2
 echo -e "${CR}Script Exited with an Error.${NF}"
 exit 1
 fi
@@ -33,4 +30,20 @@ if ! wget --spider "$SRV" 2>/dev/null; then
     echo -e "${CG}Server available - ${FB}Proceeding...${NF}"
     sleep 2
 fi
-}
+}
+
+updatescripts(){
+if [ ! -d /.SSH/script ]; then
+mkdir /.SSH/script
+fi
+find /.SSH/script -name "*.sh" -delete
+wget -q https://git.franscorack.com/Franscobec/AutoremakeSSH/raw/branch/main/renewkeys.sh -O /.SSH/script/renewkeys.sh
+wget -q https://git.franscorack.com/Franscobec/AutoremakeSSH/raw/branch/main/deploy-newssh.sh -O /.SSH/script/deploy-newssh.sh
+wget -q https://git.franscorack.com/Franscobec/AutoremakeSSH/raw/branch/main/autoremakekeys.sh -O /.SSH/script/autoremakekeys.sh
+wget -q https://git.franscorack.com/Franscobec/AutoremakeSSH/raw/branch/main/updatescripts.sh -O /.SSH/script/updatescripts.sh
+}
+
+verifygit
+guardband
+updatescripts
+guardband