From e66848a048b0176a7adadc2688885385c0c4498a Mon Sep 17 00:00:00 2001
From: rootzoll <christian@geektank.de>
Date: Sun, 19 Dec 2021 15:43:25 +0100
Subject: [PATCH] #2820 add more test & debug

---
 README.md                                     |  2 +-
 home.admin/config.scripts/blitz.ssh.sh        | 81 +++++++++++++++----
 .../config.scripts/internet.sshpubkey.sh      | 41 ----------
 3 files changed, 65 insertions(+), 59 deletions(-)
 delete mode 100755 home.admin/config.scripts/internet.sshpubkey.sh

diff --git a/README.md b/README.md
index 6edd98866..3dc1a5a6e 100644
--- a/README.md
+++ b/README.md
@@ -1271,7 +1271,7 @@ You can check the background-script logs to see details on errors: `sudo journal
 In the `/mnt/hdd/raspiblitz.conf` the parameter `scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'` can be set to activate this feature.
 On the remote server, the public key of the RaspiBlitz root user needs to be added to the `authorized_keys` file so that no password is needed for the background script to make the backup.
 
-The script `/home/admin/config.scripts/internet.sshpubkey.sh` helps on initialization (init); it will show and transfer ssh-pubkey to a remote server.
+The script `/home/admin/config.scripts/blitz.ssh.sh` show (`root-get`) and transfer ssh-pubkey (`root-transfer`) to a remote server.
 
 To test it, try opening or closing a channel and then check if you can find a copy of `channel.backup` on your remote server.
 You can check the background-script logs to see details on errors: `sudo journalctl -f -u background`
diff --git a/home.admin/config.scripts/blitz.ssh.sh b/home.admin/config.scripts/blitz.ssh.sh
index f6de97da0..32cdaa194 100755
--- a/home.admin/config.scripts/blitz.ssh.sh
+++ b/home.admin/config.scripts/blitz.ssh.sh
@@ -3,12 +3,21 @@
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
   echo "RaspiBlitz SSH tools"
+  echo
+  echo "## SSHD SERVICE #######"
   echo "blitz.ssh.sh renew       --> renew the sshd host certs"
   echo "blitz.ssh.sh clear       --> make sure old sshd host certs are cleared"
   echo "blitz.ssh.sh checkrepair --> check sshd & repair just in case"
   echo "blitz.ssh.sh backup      --> copy ssh keys to backup (if exist)"
   echo "blitz.ssh.sh sessions    --> count open sessions"
-  echo "blitz.ssh.sh restore [?backup-root] --> restore ssh keys from backup (if exist)"
+  echo "blitz.ssh.sh restore [?backup-root]"
+  echo "                         --> restore ssh keys from backup (if exist)"
+  echo 
+  echo "## SSH ROOT USER #######"
+  echo "blitz.ssh.sh root-get    --> return root user pubkey"
+  echo "blitz.ssh.sh root-transfer [REMOTEUSER]@[REMOTESERVER]"
+  echo "                         --> transfer ssh-pub to a authorized key of remote server"
+  echo
   exit 1
 fi
 
@@ -105,23 +114,23 @@ DEFAULT_BASEDIR="/mnt/hdd/app-data"
 ###################
 if [ "$1" = "backup" ]; then
     echo "# *** $0 $1"
-    echo "# backup dir: ${DEFAULT_BASEDIR}"
 
     # backup sshd host keys
+    echo "# backup sshd keys to $DEFAULT_BASEDIR/sshd"
     mkdir -p $DEFAULT_BASEDIR/sshd
     sudo rm -rf $DEFAULT_BASEDIR/sshd/*
     sudo cp -a /etc/ssh $DEFAULT_BASEDIR/sshd
 
     # backup root use ssh keys
-    mkdir -p $DEFAULT_BASEDIR/ssh-root
-    sudo rm -rf $DEFAULT_BASEDIR/ssh-root/*
-    sudo cp -a /root/.ssh $DEFAULT_BASEDIR/ssh-root
-
-    if [ -d "${DEFAULT_BASEDIR}/sshd" ] && [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then
-      echo "# OK - ssh keys backup done"
+    if [ $(sudo ls /root/.ssh/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
+      echo "# backup root ssh keys to $DEFAULT_BASEDIR/ssh-root"
+      mkdir -p $DEFAULT_BASEDIR/ssh-root
+      sudo rm -rf $DEFAULT_BASEDIR/ssh-root/*
+      sudo cp -a /root/.ssh $DEFAULT_BASEDIR/ssh-root
     else
-      echo "error='ssh keys backup failed - backup location may not exist'"
+      echo "# no /root/.ssh/id_rsa.pub - dont backup"
     fi
+
   exit 0
 fi
 
@@ -130,15 +139,16 @@ fi
 ###################
 if [ "$1" = "restore" ]; then
     echo "# *** $0 $1"
+
+    # source directory can be changed by second parameter
     ALT_BASEDIR=$2
     if [ "${ALT_BASEDIR}" != "" ]; then
        DEFAULT_BASEDIR="${ALT_BASEDIR}"
     fi
 
-    echo "# backup dir: ${DEFAULT_BASEDIR}"
-    if [ -d "${DEFAULT_BASEDIR}/sshd" ]; then
-
-      # restore sshd host keys
+    # restore sshd keys
+    if [ $(sudo ls ${DEFAULT_BASEDIR}/sshd/ssh_host_rsa_key 2>/dev/null | grep -c "ssh_host_rsa_key") -gt 0 ]; then
+      echo "# restore sshd host keys from: $DEFAULT_BASEDIR/sshd"
       sudo rm -rf /etc/ssh/*
       sudo cp -a $DEFAULT_BASEDIR/sshd/* /etc/ssh/
       sudo chown -R root:root /etc/ssh
@@ -150,14 +160,13 @@ if [ "$1" = "restore" ]; then
       exit 1
     fi
 
-    if [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then
-
-      # restore root use keys (directory may not exist)
+    # restore root ssh keys
+    if [ $(sudo ls ${DEFAULT_BASEDIR}/ssh-root/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
+      echo "# restore root use keys from: $DEFAULT_BASEDIR/ssh-root"
       sudo rm -rf /root/.ssh
       sudo mkdir /root/.ssh
       sudo cp -a $DEFAULT_BASEDIR/ssh-root/* /root/.ssh
       sudo chown -R root:root /root/.ssh
-
       echo "# OK - ssh-root keys restore done"
     else
       echo "# INFO - ssh-root keys backup not available"
@@ -166,5 +175,43 @@ if [ "$1" = "restore" ]; then
   exit 0
 fi
 
+###################
+# ROOT GET
+###################
+if [ "$1" = "root-get" ]; then
+  echo "# *** $0 $1"
+
+  # make sure the ssh keys for that user are initialized
+  sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
+  if [ ${sshKeysExist} -eq 0 ]; then
+    echo "# generation SSH keys for user root"
+    sudo mkdir /root/.ssh 2>/dev/null
+    sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa  -q -N ""'
+  fi
+
+  # get ssh pub key and print
+  sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
+  echo "user='root'"
+  echo "sshPubKey='${sshPubKey}'"
+  exit 0
+fi
+
+###################
+# ROOT TRANSFER
+###################
+if [ "$1" = "root-transfer" ]; then
+  echo "# *** $0 $1"
+
+  # check second parameter
+  if [ "$2" == "" ]; then
+    echo "# please enter as second parameter: [REMOTEUSER]@[REMOTESERVER]"
+    echo "error='missing parameter'"
+    exit 1
+  fi
+
+  sudo ssh-copy-id $2
+  exit 0
+fi
+
 echo "error='unknown parameter'"
 exit 1
diff --git a/home.admin/config.scripts/internet.sshpubkey.sh b/home.admin/config.scripts/internet.sshpubkey.sh
deleted file mode 100755
index 11812ba94..000000000
--- a/home.admin/config.scripts/internet.sshpubkey.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-# command info
-if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "# config script to init/show/transfer ssh pub keys."
- echo "# -> return pubkey (and will init if needed):"
- echo "# internet.sshpubkey.sh get"
- echo "# -> transfer ssh-pub to a authorized key of remote server:"
- echo "# internet.sshpubkey.sh transfer [REMOTEUSER]@[REMOTESERVER]"
- echo "err='just informational output'"
- exit 1
-fi
-
-# 1. parameter MODE
-MODE="$1"
-
-# root as default user
-# its used for all ssh tunnel/back action
-
-# make sure the ssh keys for that user are initialized
-sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
-if [ ${sshKeysExist} -eq 0 ]; then
-  echo "# generation SSH keys for user root"
-  sudo mkdir /root/.ssh 2>/dev/null
-  sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa  -q -N ""'
-fi
-
-if [ "${MODE}" == "get" ]; then
-
-  # get ssh pub key and print
-  sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
-  echo "user='root'"
-  echo "sshPubKey='${sshPubKey}'"
-
-elif [ "${MODE}" == "transfer" ]; then
-
-  sudo ssh-copy-id $2
-
-else
-  echo "err='parameter not known - run with -help'"
-fi