Fresh, on-demand inbound SSH-access management for the host (replaces the old maze). scripts/ssh/host_access.sh manages the install user's authorized_keys — add a pasted public key (validated), list, remove — and toggles sshd password login behind a lockout guard (won't disable passwords with no key; won't drop the last key while passwords are off; sshd -t before reload, with backup). New 'ssh' CLI category (status/key-add/key-remove/password-auth/generate) and a webuiGenerateSshAccess snapshot (data/ssh/access.json: user, password_auth, authorized keys as type+fingerprint+comment — public only) wired into the regen chain. Nothing runs automatically; only explicit admin actions change anything. WebUI page next. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
37 lines
1.1 KiB
Bash
37 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
cliHandleSshCommands()
|
|
{
|
|
local action="$initial_command2"
|
|
local arg="$initial_command3"
|
|
|
|
case "$action" in
|
|
""|help)
|
|
cliShowSshHelp
|
|
;;
|
|
status)
|
|
local pw="off"; hostSshPasswordAuthEnabled && pw="on"
|
|
echo "user=$(hostSshUser) password_login=$pw authorized_keys=$(hostSshKeyCount)"
|
|
;;
|
|
key-add)
|
|
[[ -z "$arg" ]] && { isNotice "Usage: ssh key-add <base64-public-key>"; cliShowSshHelp; return; }
|
|
hostSshKeyAdd "$arg"
|
|
;;
|
|
key-remove)
|
|
[[ -z "$arg" ]] && { isNotice "Usage: ssh key-remove <fingerprint>"; cliShowSshHelp; return; }
|
|
hostSshKeyRemove "$arg"
|
|
;;
|
|
password-auth)
|
|
[[ -z "$arg" ]] && { isNotice "Usage: ssh password-auth <on|off>"; cliShowSshHelp; return; }
|
|
hostSshSetPasswordAuth "$arg"
|
|
;;
|
|
generate)
|
|
webuiGenerateSshAccess
|
|
;;
|
|
*)
|
|
isNotice "Unknown ssh action: $action"
|
|
cliShowSshHelp
|
|
;;
|
|
esac
|
|
}
|