#!/bin/bash NF="\e[0m" FB="\e[1m" CG="\e[38;5;40m" CR="\e[38;5;9m" CY="\033[38;5;226m" echo "" echo "AutoremakeSSH Version MR20260410-Dev1" echo "© 2026 Franscobec - AGPLv3 License" echo "https://git.franscorack.com/Franscobec/AutoremakeSSH/src/branch/main/" echo "" if [[ $1 = "--trigger" ]]; then echo test elif [[ $1 = "--auto" ]]; then echo test else echo "Usage:" echo "autoremakessh --MODE [OPTIONS]" echo "" echo "Possible Modes:" echo "trigger - For manual triggering of autoremakessh" echo "auto - For automated triggering of autoremakessh" echo "" echo "Possible Options:" echo "-c [FILE] - Configuration file to use (Default /opt/autoremakessh/client/default)" echo "-r - Resets .ssh folder of the selected user in the active config" fi guardband() { if [ $? -ne 0 ]; then echo -e "${CR}Script Exited with an Error.${NF}" exit 1 fi } verifyserver(){ if ! wget --spider "$server" 2>/dev/null; then echo -e "${CR}Error: Cannot reach provisioning server${NF}" echo -e "${CR}URL in config: $server ${NF}" return 1 else echo -e "${CG}Server OK!${NF}" sleep 1 fi } checksums(){ if [[ $disablechecksums = "0" ]]; then serversidePUB=$(wget $server/$checksumdir/$priv -q -O -) serversidePRIV=$(wget $server/$checksumdir/$pub -q -O -) fi } verifyconfigsecureIP(){ local config_file="$1" local server_line=$(grep "^server=" "$config_file") local url=$(echo "$server_line" | sed 's/^server=//') local ip="" local host_part=$(echo "$url" | sed -E 's|^[a-zA-Z0-9]+://([^/]+).*|\1|') if [[ $host_part =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then ip="$host_part" else if command -v host >/dev/null 2>&1; then ip=$(host "$host_part" 2>/dev/null | grep "has address" | awk '{print $4}' | head -1) elif command -v nslookup >/dev/null 2>&1; then ip=$(nslookup "$host_part" 2>/dev/null | grep "Name:" | awk '{print $2}' | head -1) elif command -v dig >/dev/null 2>&1; then ip=$(dig +short "$host_part" 2>/dev/null | head -1) else ip=$(getent ahosts "$host_part" 2>/dev/null | awk '{print $1}' | head -1) fi fi if [[ -z "$ip" ]]; then return 1 fi local oct1=$(echo "$ip" | cut -d. -f1) local oct2=$(echo "$ip" | cut -d. -f2) if [[ $oct1 -eq 10 ]]; then return 0 fi if [[ $oct1 -eq 172 ]] && [[ $oct2 -ge 16 ]] && [[ $oct2 -le 31 ]]; then return 0 fi if [[ $oct1 -eq 192 ]] && [[ $oct2 -eq 168 ]]; then return 0 fi return 1 } securitywarning(){ echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ Security Check has reported a fail - Either config is using @@@${NF}" echo -e "${CR}${FB}@@@ a public IP as a target server for provisioning, or hostname @@@${NF}" echo -e "${CR}${FB}@@@ couldn't be resolved. @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ Assuming by default that the target server is publicly @@@${NF}" echo -e "${CR}${FB}@@@ reachable, this is an incredibly bad idea as it exposes @@@${NF}" echo -e "${CR}${FB}@@@ your keys on the internet, which is the same as leaving @@@${NF}" echo -e "${CR}${FB}@@@ your machine passwordless over the internet. @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ Please consider using a local server that isn't exposed to @@@${NF}" echo -e "${CR}${FB}@@@ the internet unless you accept the risks or know what you're @@@${NF}" echo -e "${CR}${FB}@@@ doing. @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ If you have already generated new keys using the publicly @@@${NF}" echo -e "${CR}${FB}@@@ exposed server, it is strongly recommended to reset your keys @@@${NF}" echo -e "${CR}${FB}@@@ IMMEDIATELY! @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ You can override this warning by setting 'insecure' to 1 @@@${NF}" echo -e "${CR}${FB}@@@ in the active config file. Refer to docs for more details. @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@ @@@${NF}" echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}" sleep 30 exit 1 }