Franscobec/AutoremakeSSH
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1f63e96570f07782992bd5740bf6891878bf2063
AutoremakeSSH/autoremakessh
Franscobec 1f63e96570 Add initial binary 
Binary for test purposes - not functionnal yet.
2026-04-09 22:01:03 -04:00

138 lines
6.0 KiB
Bash
Raw Blame History

#!/bin/bash
NF="\e[0m"
FB="\e[1m"
CG="\e[38;5;40m"
CR="\e[38;5;9m"
CY="\033[38;5;226m"
echo ""
echo "AutoremakeSSH Version MR20260410-Dev1"
echo "© 2026 Franscobec - AGPLv3 License"
echo "https://git.franscorack.com/Franscobec/AutoremakeSSH/src/branch/main/"
echo ""
if [[ $1 = "--trigger" ]]; then
echo test
elif [[ $1 = "--auto" ]]; then
echo test
else
echo "Usage:"
echo "autoremakessh --MODE [OPTIONS]"
echo ""
echo "Possible Modes:"
echo "trigger - For manual triggering of autoremakessh"
echo "auto - For automated triggering of autoremakessh"
echo ""
echo "Possible Options:"
echo "-c [FILE] - Configuration file to use (Default /opt/autoremakessh/client/default)"
echo "-r - Resets .ssh folder of the selected user in the active config"
fi
guardband() {
if [ $? -ne 0 ]; then
echo -e "${CR}Script Exited with an Error.${NF}"
exit 1
fi
}
verifyserver(){
if ! wget --spider "$server" 2>/dev/null; then
echo -e "${CR}Error: Cannot reach provisioning server${NF}"
echo -e "${CR}URL in config: $server ${NF}"
return 1
else
echo -e "${CG}Server OK!${NF}"
sleep 1
fi
}
checksums(){
if [[ $disablechecksums = "0" ]]; then
serversidePUB=$(wget $server/$checksumdir/$priv -q -O -)
serversidePRIV=$(wget $server/$checksumdir/$pub -q -O -)
fi
}
verifyconfigsecureIP(){
local config_file="$1"
local server_line=$(grep "^server=" "$config_file")
local url=$(echo "$server_line" | sed 's/^server=//')
local ip=""
local host_part=$(echo "$url" | sed -E 's|^[a-zA-Z0-9]+://([^/]+).*|\1|')
if [[ $host_part =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
ip="$host_part"
else
if command -v host >/dev/null 2>&1; then
ip=$(host "$host_part" 2>/dev/null | grep "has address" | awk '{print $4}' | head -1)
elif command -v nslookup >/dev/null 2>&1; then
ip=$(nslookup "$host_part" 2>/dev/null | grep "Name:" | awk '{print $2}' | head -1)
elif command -v dig >/dev/null 2>&1; then
ip=$(dig +short "$host_part" 2>/dev/null | head -1)
else
ip=$(getent ahosts "$host_part" 2>/dev/null | awk '{print $1}' | head -1)
fi
fi
if [[ -z "$ip" ]]; then
return 1
fi
local oct1=$(echo "$ip" | cut -d. -f1)
local oct2=$(echo "$ip" | cut -d. -f2)
if [[ $oct1 -eq 10 ]]; then
return 0
fi
if [[ $oct1 -eq 172 ]] && [[ $oct2 -ge 16 ]] && [[ $oct2 -le 31 ]]; then
return 0
fi
if [[ $oct1 -eq 192 ]] && [[ $oct2 -eq 168 ]]; then
return 0
fi
return 1
}
securitywarning(){
echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}"
echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ Security Check has reported a fail - Either config is using @@@${NF}"
echo -e "${CR}${FB}@@@ a public IP as a target server for provisioning, or hostname @@@${NF}"
echo -e "${CR}${FB}@@@ couldn't be resolved. @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ Assuming by default that the target server is publicly @@@${NF}"
echo -e "${CR}${FB}@@@ reachable, this is an incredibly bad idea as it exposes @@@${NF}"
echo -e "${CR}${FB}@@@ your keys on the internet, which is the same as leaving @@@${NF}"
echo -e "${CR}${FB}@@@ your machine passwordless over the internet. @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ Please consider using a local server that isn't exposed to @@@${NF}"
echo -e "${CR}${FB}@@@ the internet unless you accept the risks or know what you're @@@${NF}"
echo -e "${CR}${FB}@@@ doing. @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ If you have already generated new keys using the publicly @@@${NF}"
echo -e "${CR}${FB}@@@ exposed server, it is strongly recommended to reset your keys @@@${NF}"
echo -e "${CR}${FB}@@@ IMMEDIATELY! @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ You can override this warning by setting 'insecure' to 1 @@@${NF}"
echo -e "${CR}${FB}@@@ in the active config file. Refer to docs for more details. @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@ @@@${NF}"
echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}"
echo -e "${CR}${FB}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@${NF}"
sleep 30
exit 1
}
Reference in New Issue View Git Blame Copy Permalink