refactor(ssh): remove the vestigial host-SSH key system

The old inbound-admin-SSH layer was effectively dead: gated on config flags
that don't exist (CFG_SSHKEY_*_ENABLED, CFG_REQUIREMENT_SSHREMOTE), its
authorized_keys installer was unwired, and its download path (sshdownload
container) was already retired. What remained reachable was either a no-op or
a lockout footgun (disable-passwords with no working key install).

Remove it whole: scripts/ssh/*, the four SSH requirement checks, the SSH tools
menu, the dead webui SSH populater, and the unused ssh DB inserts; drop their
calls from the start/requirements/menu flows. A fresh, WebUI-driven admin SSH
access feature replaces it next.

Also make generate_arrays.sh self-healing: prune files_*.sh whose source
folder no longer exists (cleared the now-stale files_ssh.sh + an orphan
files_api.sh) so removed areas don't linger in the sourced set.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-23 16:31:10 +01:00
parent 4078468a97
commit 2873a92b80
31 changed files with 20 additions and 640 deletions

View File

@ -14,7 +14,6 @@ checkRequirements()
checkConfigRequirement;
checkPasswordsRequirement;
checkDatabaseRequirement;
checkSSHKeysRequirement;
checkDockerRequirement;
checkDockerComposeRequirement;
checkDockerRootlessRequirement;
@ -26,12 +25,9 @@ checkRequirements()
checkSwapfileRequirement;
checkCrontabRequirement;
checkWebUISystemdRequirement;
checkSSHRemoteRequirement;
checkSuggestInstallsRequirement;
checkLibrePortalWebUIImageRequirement;
checkLibrePortalWebUIAppRequirement;
checkSSHDownloadRequirement;
checkSSHPasswordRequirement;
checkTraefikRequirement;
checkDockerSwitcherRequirement;

View File

@ -1,25 +0,0 @@
#!/bin/bash
checkSSHDownloadRequirement()
{
local sshdownload_status=$(dockerCheckAppInstalled "sshdownload" "docker")
if [[ "$sshdownload_status" == "installed" ]]; then
while true; do
isHeader "SSH SECURITY WARNING"
isNotice "The SSH Download download service is currently online."
isNotice "This is potentially DANGEROUS as it's accessable via anyone on the VPN"
isNotice "We highly recommend uninstalling this service after downloading the SSH keys"
isNotice "If you need to access this again, you can install it via the system install option"
echo ""
isQuestion "Would like to destroy the SSH Download service for security purposes? (y/n): "
read -p "" ssh_download_uninstall
if [[ -n "$ssh_download_uninstall" ]]; then
break
fi
isNotice "Please provide a valid input."
done
if [[ "$ssh_download_uninstall" == [yY] ]]; then
dockerUninstallApp sshdownload;
fi
fi
}

View File

@ -1,35 +0,0 @@
#!/bin/bash
checkSSHKeysRequirement()
{
# SSH Keys
if [[ $CFG_SSHKEY_ROOT_ENABLED == "true" ]]; then
if checkSSHSetupKeyPair "root"; then
isSuccessful "The SSH Key(s) for root appears to be setup."
else
isNotice "An SSH Key for root is not setup."
SSHKEY_SETUP_NEEDED="true"
((preinstallneeded++))
fi
fi
if [[ $CFG_SSHKEY_LIBREPORTAL_ENABLED == "true" ]]; then
if checkSSHSetupKeyPair "$sudo_user_name"; then
isSuccessful "The SSH Key(s) for $sudo_user_name appears to be setup."
else
isNotice "An SSH Key for $sudo_user_name is not setup."
SSHKEY_SETUP_NEEDED="true"
((preinstallneeded++))
fi
fi
if [[ $CFG_SSHKEY_DOCKERINSTALL_ENABLED == "true" ]]; then
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
if checkSSHSetupKeyPair "$CFG_DOCKER_INSTALL_USER"; then
isSuccessful "The SSH Key(s) for $CFG_DOCKER_INSTALL_USER appears to be setup."
else
isNotice "An SSH Key for $CFG_DOCKER_INSTALL_USER is not setup."
SSHKEY_SETUP_NEEDED="true"
((preinstallneeded++))
fi
fi
fi
}

View File

@ -1,14 +0,0 @@
#!/bin/bash
checkSSHPasswordRequirement()
{
if [[ $CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS == "true" ]]; then
if grep -q "PasswordAuthentication no" $sshd_config; then
isSuccessful "SSH Password appears to be disabled."
else
isNotice "Password Authentication has not been disabled."
SSHKEY_DISABLE_PASS_NEEDED="true"
((preinstallneeded++))
fi
fi
}

View File

@ -1,27 +0,0 @@
#!/bin/bash
checkSSHRemoteRequirement()
{
if [[ $CFG_REQUIREMENT_SSHREMOTE == "true" ]]; then
### Custom SSH Remote Install
if [[ -n "$CFG_IPS_SSH_SETUP" ]]; then
ip_found=0
# Split the comma-separated IP addresses into an array
IFS=',' read -ra ip_addresses <<< "$CFG_IPS_SSH_SETUP"
# Loop through the IP addresses
for ip in "${ip_addresses[@]}"; do
ip_found=1
done
if [ "$ip_found" -eq 0 ]; then
isSuccessful "No Remote SSH Install IP has been found to setup"
else
isSuccessful "Remote SSH Install IP(s) have been found to setup"
setupSSHRemoteKeys=true
((preinstallneeded++))
fi
else
isSuccessful "No hosts found in the configuration."
fi
fi
}

View File

@ -1,9 +0,0 @@
#!/bin/bash
databaseSSHInsert()
{
local app_name="$1"
local table_name=ssh
local result=$(sudo sqlite3 "$docker_dir/$db_file" "INSERT INTO $table_name (ip, date, time) VALUES ('$app_name', '$current_date', '$current_time');")
checkSuccess "Adding $app_name to the $table_name table."
}

View File

@ -1,17 +0,0 @@
#!/bin/bash
databaseSSHKeysInsert()
{
local key_filename="$1"
local key_file=$(basename "$key_filename")
local table_name=ssh_keys
local key_in_db=$(sudo sqlite3 "$docker_dir/$db_file" "SELECT COUNT(*) FROM $table_name WHERE name = '$key_file';")
if [ "$key_in_db" -eq 0 ]; then
local result=$(sudo sqlite3 "$docker_dir/$db_file" "INSERT INTO $table_name (name, date, time) VALUES ('$key_file', '$current_date', '$current_time');")
checkSuccess "Adding $key_file to the $table_name table."
else
local result=$(sudo sqlite3 "$docker_dir/$db_file" "UPDATE $table_name SET name = '$key_file', date = '$current_date', time = '$current_time' WHERE name = '$key_file';")
checkSuccess "$key_file already added to the $table_name table. Updating date/time."
fi
}

View File

@ -7,16 +7,15 @@ toolsMenu()
while true; do
isHeader "Tools Menu"
isOption "1. Menu - SSH"
isOption "2. Menu - Docker"
isOption "3. Menu - Crontab"
isOption "1. Menu - Docker"
isOption "2. Menu - Crontab"
# Only show Git reset option if not a local installation
if [[ "$CFG_INSTALL_MODE" != "local" ]]; then
isOption "4. Tool - Reset LibrePortal Git Folder"
isOption "5. Tool - Force Pre-Installation"
isOption "3. Tool - Reset LibrePortal Git Folder"
isOption "4. Tool - Force Pre-Installation"
isOption "x. Exit to Main Menu"
else
isOption "4. Tool - Force Pre-Installation"
isOption "3. Tool - Force Pre-Installation"
isOption "x. Exit to Main Menu"
fi
echo ""
@ -25,15 +24,12 @@ toolsMenu()
case $tools_menu_choice in
1)
sshToolsMenu;
;;
2)
dockerToolsMenu;
;;
3)
2)
crontabToolsMenu;
;;
4)
3)
# Handle different option numbers based on installation mode
if [[ "$CFG_INSTALL_MODE" != "local" ]]; then
toolsresetgit=y
@ -43,13 +39,13 @@ toolsMenu()
startOther;
fi
;;
5)
4)
# Only show this option if not local installation
if [[ "$CFG_INSTALL_MODE" != "local" ]]; then
toolstartpreinstallation=y
startOther;
else
# For local installation, option 5 doesn't exist
# For local installation, option 4 doesn't exist
isNotice "Invalid choice. Please select a valid option."
fi
;;

View File

@ -1,38 +0,0 @@
#!/bin/bash
sshToolsMenu()
{
# Enable input
stty echo
while true; do
isHeader "SSH Menu"
isOption "1. Regenerate SSH Key - LibrePortal"
isOption "2. Regenerate SSH Key - Dockerinstall"
isOption "3. Setup SSH Keys for Download"
isOption "x. Exit to Main Menu"
echo ""
isQuestion "What is your choice: "
read -rp "" ssh_menu_choice
case $ssh_menu_choice in
1)
regenerateSSHSetupKeyPair "libreportal";
;;
2)
regenerateSSHSetupKeyPair "dockerinstall";
;;
3)
toolsetupsshkeys=y
startOther;
;;
x)
endStart;
;;
*)
isNotice "Invalid choice. Please select a valid option."
;;
esac
done
}

View File

@ -1,38 +0,0 @@
#!/bin/bash
sshToolsMenu()
{
# Enable input
stty echo
while true; do
isHeader "SSH Menu"
isOption "1. Regenerate SSH Key - LibrePortal"
isOption "2. Regenerate SSH Key - Dockerinstall"
isOption "3. Setup SSH Keys for Download"
isOption "x. Exit to Main Menu"
echo ""
isQuestion "What is your choice: "
read -rp "" ssh_menu_choice
case $ssh_menu_choice in
1)
regenerateSSHSetupKeyPair "libreportal";
;;
2)
regenerateSSHSetupKeyPair "dockerinstall";
;;
3)
toolsetupsshkeys=y
startOther;
;;
x)
endStart;
;;
*)
isNotice "Invalid choice. Please select a valid option."
;;
esac
done
}

View File

@ -23,7 +23,6 @@ files_libreportal_app=(
"${restore_scripts[@]}"
"${setup_scripts[@]}"
"${source_scripts[@]}"
"${ssh_scripts[@]}"
"${ssl_scripts[@]}"
"${start_scripts[@]}"
"${swapfile_scripts[@]}"

View File

@ -1,9 +0,0 @@
#!/bin/bash
# This file is auto-generated by generate_arrays.sh
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
api_scripts=(
"api/test_mail_connection.sh"
)

View File

@ -21,10 +21,6 @@ checks_scripts=(
"checks/requirements/check_manager.sh"
"checks/requirements/check_passwords.sh"
"checks/requirements/check_root.sh"
"checks/requirements/check_sshdownload.sh"
"checks/requirements/check_sshkeys.sh"
"checks/requirements/check_sshpassword.sh"
"checks/requirements/check_sshremote.sh"
"checks/requirements/check_sslcerts.sh"
"checks/requirements/check_suggest_installs.sh"
"checks/requirements/check_swapfile.sh"

View File

@ -18,8 +18,6 @@ database_scripts=(
"database/insert/db_insert_port_open.sh"
"database/insert/db_insert_port_used.sh"
"database/insert/db_insert_restore.sh"
"database/insert/db_insert_ssh_keys.sh"
"database/insert/db_insert_ssh.sh"
"database/install_sqlite.sh"
"database/tables/db_create_tables.sh"
"database/tables/db_display_tables.sh"

View File

@ -21,8 +21,6 @@ menu_scripts=(
"menu/tools/manage_linkding.sh"
"menu/tools/manage_main.sh"
"menu/tools/manage_mattermost.sh"
"menu/tools/manage_ssh.sh"
"menu/tools/manage_tools.sh"
"menu/tools/manage_wireguard.sh"
)

View File

@ -4,7 +4,6 @@
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
source_scripts=(
"source/files/arrays/files_api.sh"
"source/files/arrays/files_app.sh"
"source/files/arrays/files_backup.sh"
"source/files/arrays/files_checks.sh"
@ -25,7 +24,6 @@ source_scripts=(
"source/files/arrays/files_restore.sh"
"source/files/arrays/files_setup.sh"
"source/files/arrays/files_source.sh"
"source/files/arrays/files_ssh.sh"
"source/files/arrays/files_start.sh"
"source/files/arrays/files_update.sh"
"source/files/arrays/files_webui.sh"

View File

@ -1,16 +0,0 @@
#!/bin/bash
# This file is auto-generated by generate_arrays.sh
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
ssh_scripts=(
"ssh/disable_passwords/disable_ssh_auth.sh"
"ssh/disable_passwords/update_ssh_html.sh"
"ssh/keys/check_key_pair.sh"
"ssh/keys/generate_key_pair.sh"
"ssh/keys/install_key_pair.sh"
"ssh/keys/regenerate_key_pair.sh"
"ssh/keys/setup_auth_key.sh"
"ssh/keys/setup_key_pair.sh"
)

View File

@ -46,6 +46,5 @@ webui_scripts=(
"webui/webui_install_image.sh"
"webui/webui_install_systemd.sh"
"webui/webui_updater.sh"
"webui/webui_update_ssh.sh"
)

View File

@ -23,7 +23,6 @@ files_libreportal_cli=(
"${restore_scripts[@]}"
"${setup_scripts[@]}"
"${source_scripts[@]}"
"${ssh_scripts[@]}"
"${ssl_scripts[@]}"
"${start_scripts[@]}"
"${swapfile_scripts[@]}"

View File

@ -49,6 +49,17 @@ isNotice "Scanning scripts/ for subfolder arrays..."
# Create arrays directory if it doesn't exist
mkdir -p "$ARRAYS_DIR"
# Prune arrays whose source folder no longer exists, so a removed area (e.g.
# scripts/ssh/) doesn't linger in the sourced set as a stale files_*.sh.
for existing in "$ARRAYS_DIR"/files_*.sh; do
[ -f "$existing" ] || continue
pruned_name=$(basename "$existing"); pruned_name=${pruned_name#files_}; pruned_name=${pruned_name%.sh}
if [ ! -d "$SCRIPTS_DIR/$pruned_name" ]; then
rm -f "$existing"
isNotice "Pruned stale files_${pruned_name}.sh (no scripts/$pruned_name/)"
fi
done
# Get all directories in scripts folder
for folder in "$SCRIPTS_DIR"/*; do
if [ -d "$folder" ]; then

View File

@ -1,49 +0,0 @@
#!/bin/bash
installDisableSSHPassword()
{
if [[ $CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS == "true" ]]; then
# Check if already disabled
if [[ $SSHKEY_DISABLE_PASS_NEEDED == "true" ]]; then
while true; do
isHeader "SSH Password Disabler"
isQuestion "Do you want to disable SSH password logins? (y/n): "
read -p "" disable_ssh_passwords
case "$disable_ssh_passwords" in
[Yy]*)
local backup_file="$sshd_config_backup_$current_date-$current_time"
result=$(sudo cp $sshd_config "$backup_file")
checkSuccess "Backup sshd_config file"
result=$(sudo sed -i '/^PasswordAuthentication/d' $sshd_config)
checkSuccess "Removing existing PasswordAuthentication lines"
result=$(echo "PasswordAuthentication no" | sudo tee -a $sshd_config)
checkSuccess "Add new PasswordAuthentication line at the end of sshd_config"
result=$(sudo systemctl restart sshd)
checkSuccess "Restart SSH service"
break
;;
[Nn]*)
while true; do
isQuestion "Do you want to stop being asked to disable SSH Password logins? (y/n): "
read -rp "" sshdisablepasswordask
if [[ "$sshdisablepasswordask" =~ ^[yYnN]$ ]]; then
break
fi
isNotice "Please provide a valid input (y/n)."
done
if [[ "$sshdisablepasswordask" == [yY] ]]; then
updateConfigOption "CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS" "false"
fi
break
;;
*)
echo "Please enter 'y' or 'n'."
;;
esac
done
fi
fi
}

View File

@ -1,39 +0,0 @@
#!/bin/bash
updateSSHHTMLSSHKeyLinks()
{
local index_file="index.html"
local private_path="${ssh_dir}private/"
local root_user_key="${CFG_INSTALL_NAME}_sshkey_root"
local sudo_user_key="${CFG_INSTALL_NAME}_sshkey_${sudo_user_name}"
local install_user_key="${CFG_INSTALL_NAME}_sshkey_${CFG_DOCKER_INSTALL_USER}"
if [ -f "$private_path$index_file" ]; then
# Reset all links to placeholders
result=$(sudo sed -i "s|<a href=\"$root_user_key\">User - Root's SSH Key</a>|<!--LINK1-->|" $private_path$index_file)
checkSuccess "Resetting Root URL to empty."
result=$(sudo sed -i "s|<a href=\"$sudo_user_key\">User - LibrePortal's SSH Key</a>|<!--LINK2-->|" $private_path$index_file)
checkSuccess "Resetting LibrePortal URL to empty."
result=$(sudo sed -i "s|<a href=\"$install_user_key\">User - Dockerinstall's SSH Key</a>|<!--LINK3-->|" $private_path$index_file)
checkSuccess "Resetting Dockerinstall URL to empty."
# Check and update links based on the presence of key files
if [ -f "$private_path$root_user_key" ]; then
result=$(sudo sed -i "s|<!--LINK1-->|<a href=\"$root_user_key\" download>Download Root's SSH Key</a>|" $private_path$index_file)
checkSuccess "Root SSH Key found, updating the index.html for download link."
fi
if [ -f "$private_path$sudo_user_key" ]; then
result=$(sudo sed -i "s|<!--LINK2-->|<a href=\"$sudo_user_key\" download>Download LibrePortal's SSH Key</a>|" $private_path$index_file)
checkSuccess "LibrePortal SSH Key found, updating the index.html for download link."
fi
if [ -f "$private_path$install_user_key" ]; then
result=$(sudo sed -i "s|<!--LINK3-->|<a href=\"$install_user_key\" download>Download Dockerinstall's SSH Key</a>|" $private_path$index_file)
checkSuccess "Dockerinstall SSH Key found, updating the index.html for download link."
fi
fi
}

View File

@ -1,21 +0,0 @@
#!/bin/bash
checkSSHSetupKeyPair()
{
local username="$1"
local private_key_file="${CFG_INSTALL_NAME}_sshkey_$username"
local private_key_path="${ssh_dir}private"
local private_key_full="$private_key_path/$private_key_file"
local public_key_file="$private_key_file.pub"
local public_key_path="${ssh_dir}public"
local public_key_full="$public_key_path/$public_key_file"
# Check if both private and public key files exist
if [ -f "$private_key_full" ] && [ -f "$public_key_full" ]; then
:
else
:
fi
}

View File

@ -1,89 +0,0 @@
#!/bin/bash
generateSSHKeyPair()
{
local username="$1"
local private_key_path="$2"
local private_key_full="$3"
local public_key_full="$4"
local flag="$5"
echo ""
isHeader "SSH Key Generation for $username"
if [[ "$flag" == "reinstall" ]]; then
if [ -f "$private_key_full" ]; then
result=$(sudo rm $private_key_full)
checkSuccess "Deleted old private SSH key $(basename "$private_key_full")"
fi
if [ -f "$public_key_full" ]; then
result=$(sudo rm $public_key_full)
checkSuccess "Deleted old public SSH key $(basename "$public_key_full")"
fi
fi
#if [[ "$username" == "root" ]]; then
#local ssh_passphrase=$CFG_SSHKEY_PASSPHRASE_ROOT
#elif [[ "$username" == "$sudo_user_name" ]]; then
#local ssh_passphrase=$CFG_SSHKEY_PASSPHRASE_ROOT
#elif [[ "$username" == "$CFG_DOCKER_INSTALL_USER" ]]; then
#local ssh_passphrase=$CFG_SSHKEY_PASSPHRASE_DOCKERINSTALL
#fi
# Supply $CFG_DOCKER_INSTALL_USER password for sudo usage
#if [[ "$username" == "$CFG_DOCKER_INSTALL_USER" ]]; then
#result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$ssh_passphrase\n$ssh_passphrase" | sudo -u $username ssh-keygen -t ed25519 -f "$ssh_dir/$(basename "$private_key_full")" -C "$CFG_EMAIL" -N "" && sudo -u $username cat "$ssh_dir/$(basename "$private_key_full").pub" | sudo -u $username tee -a "$ssh_dir/$(basename "$private_key_full")" > /dev/null)
#checkSuccess "New ED25519 key pair generated for $username"
#else
#result=$(echo -e "$ssh_passphrase\n$ssh_passphrase" | sudo -u $username sudo ssh-keygen -t ed25519 -f "$ssh_dir/$(basename "$private_key_full")" -C "$CFG_EMAIL" -N "" && sudo -u $username cat "$ssh_dir/$(basename "$private_key_full").pub" | sudo tee -a "$ssh_dir/$(basename "$private_key_full")" > /dev/null)
#checkSuccess "New ED25519 key pair generated for $username"
#fi
# Simplified key generation without passwords
result=$(sudo -u "$username" ssh-keygen -t ed25519 \
-f "$ssh_dir/$(basename "$private_key_full")" \
-C "${CFG_INSTALL_NAME,,}@libreportal.local" \
-N "" \
&& sudo -u "$username" cat "$ssh_dir/$(basename "$private_key_full").pub" \
| sudo -u "$username" tee -a "$ssh_dir/$(basename "$private_key_full")" > /dev/null)
checkSuccess "New ED25519 key pair generated for $username"
if [ -f "$ssh_dir/$(basename $private_key_full)" ]; then
updateFileOwnership $ssh_dir/$(basename $private_key_full) $username $username
result=$(sudo mv "$ssh_dir/$(basename "$private_key_full")" "$private_key_full")
checkSuccess "Private key moved to $private_key_full"
fi
if [ -f "$ssh_dir/$(basename $public_key_full)" ]; then
updateFileOwnership $ssh_dir/$(basename $public_key_full) $username $username
result=$(sudo mv "$ssh_dir/$(basename "$public_key_full")" "$public_key_full")
checkSuccess "Public key moved to $public_key_full"
fi
result=$(createTouch "$ssh_dir/public/$(basename $private_key_full)" $username)
checkSuccess "Creating the passphrase txt to private folder."
result=$(echo "$ssh_passphrase" | sudo tee -a "$ssh_dir/public/$(basename $private_key_full)" > /dev/null)
checkSuccess "Adding the ssh_passphrase to the $(basename "$private_key_full").txt file."
result=$(sudo chmod 644 $ssh_dir/private/$(basename $private_key_full))
checkSuccess "Updating permissions for $(basename $private_key_full)"
setupSSHAuthorizedKeys $username $public_key_full;
updateSSHHTMLSSHKeyLinks;
# Select preexisting docker_type
if [ -f "$docker_dir/$db_file" ]; then
local ssh_new_key=$(sudo sqlite3 "$docker_dir/$db_file" 'SELECT content FROM options WHERE option = "ssh_new_key";')
# Insert into DB if something doesnt exist
if [[ $docker_type == "" ]]; then
databaseOptionInsert "ssh_new_key" "true";
local ssh_new_key=$(sudo sqlite3 "$docker_dir/$db_file" 'SELECT content FROM options WHERE option = "ssh_new_key";')
fi
else
:
fi
}

View File

@ -1,30 +0,0 @@
#!/bin/bash
installSSHKeysForDownload()
{
local flag="$1"
if [[ "$SSHKEY_SETUP_NEEDED" == "true" ]]; then
isHeader "SSH Key Install"
# Fix permissions for SSH Directory
local result=$(sudo chmod 0775 "$ssh_dir" > /dev/null 2>&1)
checkSuccess "Updating $ssh_dir with 0775 permissions."
local result=$(sudo chown $docker_install_user:$docker_install_user "$ssh_dir" > /dev/null 2>&1)
checkSuccess "Updating $ssh_dir with $docker_install_user ownership."
# Check if SSH Keys are enabled
if [[ "$CFG_SSHKEY_ROOT_ENABLED" == "true" ]]; then
generateSSHSetupKeyPair "root" $flag
fi
if [[ "$CFG_SSHKEY_LIBREPORTAL_ENABLED" == "true" ]]; then
generateSSHSetupKeyPair "$sudo_user_name" $flag
fi
if [[ "$CFG_SSHKEY_DOCKERINSTALL_ENABLED" == "true" ]]; then
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
generateSSHSetupKeyPair "$CFG_DOCKER_INSTALL_USER" $flag
fi
fi
fi
}

View File

@ -1,24 +0,0 @@
#!/bin/bash
regenerateSSHSetupKeyPair()
{
local username="$1"
while true; do
isQuestion "Are you sure you want to generate new SSH Key(s) for the $username user? (y/n): "
read -p "" key_regenerate_accept
case "$key_regenerate_accept" in
[Yy]*)
generateSSHKeyPair "$username" "$private_key_path" "$private_key_full" "$public_key_full" reinstall;
break
;;
[Nn]*)
# No action needed
break
;;
*)
echo "Please enter 'y' or 'n'."
;;
esac
done
}

View File

@ -1,40 +0,0 @@
#!/bin/bash
setupSSHAuthorizedKeys()
{
local username="$1"
local public_key_full="$2"
if [[ "$username" == "root" ]]; then
local ssh_path="/root/.ssh"
else
local ssh_path="/home/$username/.ssh"
fi
# Check if the directory exists; if not, create it
if [ ! -d "$ssh_path" ]; then
local result=$(createFolders "loud" $username $ssh_path)
checkSuccess "Creating $(basename "$private_key_path") folder"
result=$(sudo chmod 700 $ssh_path)
checkSuccess "Updating permissions for $ssh_path"
else
result=$(sudo chmod 700 $ssh_path)
checkSuccess "Updating permissions for $ssh_path"
fi
if [ -f "${ssh_path}/authorized_keys" ]; then
result=$(sudo rm ${ssh_path}/authorized_keys)
checkSuccess "Deleted old authorized_keys file for user $username"
fi
result=$(sudo cp "$public_key_full" "${ssh_path}/authorized_keys")
checkSuccess "Adding $(basename $public_key_full) to the Authorized_keys file for user $username"
result=$(sudo chmod 600 ${ssh_path}/authorized_keys)
checkSuccess "Updating permissions for ${username}'s authorized_keys file."
updateFileOwnership "${ssh_path}/authorized_keys" $username $username
result=$(sudo systemctl reload ssh)
checkSuccess "Reloading SSH service"
}

View File

@ -1,35 +0,0 @@
#!/bin/bash
generateSSHSetupKeyPair()
{
local username="$1"
local flag="$2"
local private_key_file="${CFG_INSTALL_NAME}_sshkey_$username"
local private_key_path="${ssh_dir}private"
local private_key_full="$private_key_path/$private_key_file"
local public_key_file="$private_key_file.pub"
local public_key_path="${ssh_dir}public"
local public_key_full="$public_key_path/$public_key_file"
# Check if the directory exists; if not, create it
if [ ! -d "$private_key_path" ]; then
local result=$(createFolders "loud" $docker_install_user $private_key_path)
checkSuccess "Creating $(basename "$private_key_path") folder"
fi
if [ ! -d "$public_key_path" ]; then
local result=$(createFolders "loud" $docker_install_user $public_key_path)
checkSuccess "Creating $(basename "$public_key_path") folder"
fi
# Check if the private key does not exist
if [ ! -f "$private_key_full" ]; then
generateSSHKeyPair "$username" "$private_key_path" "$private_key_full" "$public_key_full" install;
fi
# Check if the public key does not exist
if [ ! -f "$public_key_full" ]; then
generateSSHKeyPair "$username" "$private_key_path" "$private_key_full" "$public_key_full" install;
fi
}

View File

@ -12,10 +12,6 @@ startOther()
### Tools ###
#######################################################
if [[ "$toolsetupsshkeys" == [yY] ]]; then
installSSHKeysForDownload tool;
fi
if [[ "$toolsresetgit" == [yY] ]]; then
gitFolderResetAndBackup;
fi

View File

@ -23,8 +23,6 @@ startPreInstall()
installDockerRootlessUser;
installDockerRootlessStartSetup;
installSSHKeysForDownload install;
# Rooted
installDockerRooted;
installDockerRootedCompose;
@ -63,7 +61,6 @@ startPreInstall()
installRecommendedApps;
installOptionalMetricsApps;
installDisableSSHPassword;
if [[ "$initial_command2" == "terminal" ]]; then
resetToMenu;

View File

@ -1,48 +0,0 @@
#!/bin/bash
updateWebUISSHDetails()
{
isNotice "Updating WebUI SSH configuration..."
local made_updates=false
# Update SSH_HOST from default to actual public IP
if [[ "$CFG_SSH_HOST" == "webui-remote-server.com" ]] || [[ -z "$CFG_SSH_HOST" ]]; then
updateConfigOption "CFG_SSH_HOST" "$public_ip_v4"
checkSuccess "Updated CFG_SSH_HOST to $public_ip_v4"
made_updates=true
fi
# Update SSH_PORT from default to actual SSH port
if [[ "$CFG_SSH_PORT" == "22" ]] || [[ -z "$CFG_SSH_PORT" ]]; then
local SSH_CONFIG="/etc/ssh/sshd_config"
local ssh_port=$(grep "^Port" "$SSH_CONFIG" 2>/dev/null | awk '{print $2}' | head -n1)
local ssh_port=${ssh_port:-22} # Default to 22 if not found
if [[ "$ssh_port" != "22" ]] && [[ -n "$ssh_port" ]]; then
updateConfigOption "CFG_SSH_PORT" "$ssh_port"
checkSuccess "Updated CFG_SSH_PORT to $ssh_port"
made_updates=true
fi
fi
# Update SSH_USERNAME from default to actual sudo user
if [[ "$CFG_SSH_USERNAME" == "webui-your-username" ]] || [[ -z "$CFG_SSH_USERNAME" ]]; then
updateConfigOption "CFG_SSH_USERNAME" "$sudo_user_name"
checkSuccess "Updated CFG_SSH_USERNAME to $sudo_user_name"
made_updates=true
fi
# Update SSH_PASSWORD from default to actual LibrePortal user password
if [[ "$CFG_SSH_PASSWORD" == "webui-your-password" ]] || [[ -z "$CFG_SSH_PASSWORD" ]]; then
updateConfigOption "CFG_SSH_PASSWORD" "$CFG_LIBREPORTAL_USER_PASS"
checkSuccess "Updated CFG_SSH_PASSWORD to $CFG_LIBREPORTAL_USER_PASS"
made_updates=true
fi
if [[ "$made_updates" == "true" ]]; then
isSuccessful "WebUI SSH configuration updated successfully"
else
isNotice "WebUI SSH configuration already up to date"
fi
}