highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-09-21 14:11:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

#2820 add more test & debug

Browse Source
This commit is contained in:
rootzoll
2021-12-19 15:43:25 +01:00
parent 0e8332045d
commit e66848a048
3 changed files with 65 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -1271,7 +1271,7 @@ You can check the background-script logs to see details on errors: `sudo journal
In the `/mnt/hdd/raspiblitz.conf` the parameter `scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'` can be set to activate this feature. In the `/mnt/hdd/raspiblitz.conf` the parameter `scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'` can be set to activate this feature.
On the remote server, the public key of the RaspiBlitz root user needs to be added to the `authorized_keys` file so that no password is needed for the background script to make the backup. On the remote server, the public key of the RaspiBlitz root user needs to be added to the `authorized_keys` file so that no password is needed for the background script to make the backup.
The script `/home/admin/config.scripts/internet.sshpubkey.sh` helps on initialization (init); it will show and transfer ssh-pubkey to a remote server. The script `/home/admin/config.scripts/blitz.ssh.sh` show (`root-get`) and transfer ssh-pubkey (`root-transfer`) to a remote server.
To test it, try opening or closing a channel and then check if you can find a copy of `channel.backup` on your remote server. To test it, try opening or closing a channel and then check if you can find a copy of `channel.backup` on your remote server.
You can check the background-script logs to see details on errors: `sudo journalctl -f -u background` You can check the background-script logs to see details on errors: `sudo journalctl -f -u background`

81
home.admin/config.scripts/blitz.ssh.sh
View File

@@ -3,12 +3,21 @@
# command info # command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
echo "RaspiBlitz SSH tools" echo "RaspiBlitz SSH tools"
echo
echo "## SSHD SERVICE #######"
echo "blitz.ssh.sh renew --> renew the sshd host certs" echo "blitz.ssh.sh renew --> renew the sshd host certs"
echo "blitz.ssh.sh clear --> make sure old sshd host certs are cleared" echo "blitz.ssh.sh clear --> make sure old sshd host certs are cleared"
echo "blitz.ssh.sh checkrepair --> check sshd & repair just in case" echo "blitz.ssh.sh checkrepair --> check sshd & repair just in case"
echo "blitz.ssh.sh backup --> copy ssh keys to backup (if exist)" echo "blitz.ssh.sh backup --> copy ssh keys to backup (if exist)"
echo "blitz.ssh.sh sessions --> count open sessions" echo "blitz.ssh.sh sessions --> count open sessions"
echo "blitz.ssh.sh restore [?backup-root] --> restore ssh keys from backup (if exist)" echo "blitz.ssh.sh restore [?backup-root]"
echo " --> restore ssh keys from backup (if exist)"
echo
echo "## SSH ROOT USER #######"
echo "blitz.ssh.sh root-get --> return root user pubkey"
echo "blitz.ssh.sh root-transfer [REMOTEUSER]@[REMOTESERVER]"
echo " --> transfer ssh-pub to a authorized key of remote server"
echo
exit 1 exit 1
fi fi
@@ -105,23 +114,23 @@ DEFAULT_BASEDIR="/mnt/hdd/app-data"
################### ###################
if [ "$1" = "backup" ]; then if [ "$1" = "backup" ]; then
echo "# *** $0 $1" echo "# *** $0 $1"
echo "# backup dir: ${DEFAULT_BASEDIR}"
# backup sshd host keys # backup sshd host keys
echo "# backup sshd keys to $DEFAULT_BASEDIR/sshd"
mkdir -p $DEFAULT_BASEDIR/sshd mkdir -p $DEFAULT_BASEDIR/sshd
sudo rm -rf $DEFAULT_BASEDIR/sshd/* sudo rm -rf $DEFAULT_BASEDIR/sshd/*
sudo cp -a /etc/ssh $DEFAULT_BASEDIR/sshd sudo cp -a /etc/ssh $DEFAULT_BASEDIR/sshd
# backup root use ssh keys # backup root use ssh keys
mkdir -p $DEFAULT_BASEDIR/ssh-root if [ $(sudo ls /root/.ssh/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
sudo rm -rf $DEFAULT_BASEDIR/ssh-root/* echo "# backup root ssh keys to $DEFAULT_BASEDIR/ssh-root"
sudo cp -a /root/.ssh $DEFAULT_BASEDIR/ssh-root mkdir -p $DEFAULT_BASEDIR/ssh-root
sudo rm -rf $DEFAULT_BASEDIR/ssh-root/*
if [ -d "${DEFAULT_BASEDIR}/sshd" ] && [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then sudo cp -a /root/.ssh $DEFAULT_BASEDIR/ssh-root
echo "# OK - ssh keys backup done"
else else
echo "error='ssh keys backup failed - backup location may not exist'" echo "# no /root/.ssh/id_rsa.pub - dont backup"
fi fi
exit 0 exit 0
fi fi
@@ -130,15 +139,16 @@ fi
################### ###################
if [ "$1" = "restore" ]; then if [ "$1" = "restore" ]; then
echo "# *** $0 $1" echo "# *** $0 $1"
# source directory can be changed by second parameter
ALT_BASEDIR=$2 ALT_BASEDIR=$2
if [ "${ALT_BASEDIR}" != "" ]; then if [ "${ALT_BASEDIR}" != "" ]; then
DEFAULT_BASEDIR="${ALT_BASEDIR}" DEFAULT_BASEDIR="${ALT_BASEDIR}"
fi fi
echo "# backup dir: ${DEFAULT_BASEDIR}" # restore sshd keys
if [ -d "${DEFAULT_BASEDIR}/sshd" ]; then if [ $(sudo ls ${DEFAULT_BASEDIR}/sshd/ssh_host_rsa_key 2>/dev/null | grep -c "ssh_host_rsa_key") -gt 0 ]; then
echo "# restore sshd host keys from: $DEFAULT_BASEDIR/sshd"
# restore sshd host keys
sudo rm -rf /etc/ssh/* sudo rm -rf /etc/ssh/*
sudo cp -a $DEFAULT_BASEDIR/sshd/* /etc/ssh/ sudo cp -a $DEFAULT_BASEDIR/sshd/* /etc/ssh/
sudo chown -R root:root /etc/ssh sudo chown -R root:root /etc/ssh
@@ -150,14 +160,13 @@ if [ "$1" = "restore" ]; then
exit 1 exit 1
fi fi
if [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then # restore root ssh keys
if [ $(sudo ls ${DEFAULT_BASEDIR}/ssh-root/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
# restore root use keys (directory may not exist) echo "# restore root use keys from: $DEFAULT_BASEDIR/ssh-root"
sudo rm -rf /root/.ssh sudo rm -rf /root/.ssh
sudo mkdir /root/.ssh sudo mkdir /root/.ssh
sudo cp -a $DEFAULT_BASEDIR/ssh-root/* /root/.ssh sudo cp -a $DEFAULT_BASEDIR/ssh-root/* /root/.ssh
sudo chown -R root:root /root/.ssh sudo chown -R root:root /root/.ssh
echo "# OK - ssh-root keys restore done" echo "# OK - ssh-root keys restore done"
else else
echo "# INFO - ssh-root keys backup not available" echo "# INFO - ssh-root keys backup not available"
@@ -166,5 +175,43 @@ if [ "$1" = "restore" ]; then
exit 0 exit 0
fi fi
###################
# ROOT GET
###################
if [ "$1" = "root-get" ]; then
echo "# *** $0 $1"
# make sure the ssh keys for that user are initialized
sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
if [ ${sshKeysExist} -eq 0 ]; then
echo "# generation SSH keys for user root"
sudo mkdir /root/.ssh 2>/dev/null
sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""'
fi
# get ssh pub key and print
sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
echo "user='root'"
echo "sshPubKey='${sshPubKey}'"
exit 0
fi
###################
# ROOT TRANSFER
###################
if [ "$1" = "root-transfer" ]; then
echo "# *** $0 $1"
# check second parameter
if [ "$2" == "" ]; then
echo "# please enter as second parameter: [REMOTEUSER]@[REMOTESERVER]"
echo "error='missing parameter'"
exit 1
fi
sudo ssh-copy-id $2
exit 0
fi
echo "error='unknown parameter'" echo "error='unknown parameter'"
exit 1 exit 1

41
home.admin/config.scripts/internet.sshpubkey.sh
View File

@@ -1,41 +0,0 @@
#!/bin/bash
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "# config script to init/show/transfer ssh pub keys."
echo "# -> return pubkey (and will init if needed):"
echo "# internet.sshpubkey.sh get"
echo "# -> transfer ssh-pub to a authorized key of remote server:"
echo "# internet.sshpubkey.sh transfer [REMOTEUSER]@[REMOTESERVER]"
echo "err='just informational output'"
exit 1
fi
# 1. parameter MODE
MODE="$1"
# root as default user
# its used for all ssh tunnel/back action
# make sure the ssh keys for that user are initialized
sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
if [ ${sshKeysExist} -eq 0 ]; then
echo "# generation SSH keys for user root"
sudo mkdir /root/.ssh 2>/dev/null
sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""'
fi
if [ "${MODE}" == "get" ]; then
# get ssh pub key and print
sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
echo "user='root'"
echo "sshPubKey='${sshPubKey}'"
elif [ "${MODE}" == "transfer" ]; then
sudo ssh-copy-id $2
else
echo "err='parameter not known - run with -help'"
fi