mirror of
https://github.com/raspiblitz/raspiblitz.git
synced 2025-09-19 12:10:33 +02:00
#2820 add more test & debug
This commit is contained in:
rootzoll
@@ -1271,7 +1271,7 @@ You can check the background-script logs to see details on errors: `sudo journal
|
||||
In the `/mnt/hdd/raspiblitz.conf` the parameter `scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'` can be set to activate this feature.
|
||||
On the remote server, the public key of the RaspiBlitz root user needs to be added to the `authorized_keys` file so that no password is needed for the background script to make the backup.
|
||||
|
||||
The script `/home/admin/config.scripts/internet.sshpubkey.sh` helps on initialization (init); it will show and transfer ssh-pubkey to a remote server.
|
||||
The script `/home/admin/config.scripts/blitz.ssh.sh` show (`root-get`) and transfer ssh-pubkey (`root-transfer`) to a remote server.
|
||||
|
||||
To test it, try opening or closing a channel and then check if you can find a copy of `channel.backup` on your remote server.
|
||||
You can check the background-script logs to see details on errors: `sudo journalctl -f -u background`
|
||||
|
||||
@@ -3,12 +3,21 @@
|
||||
# command info
|
||||
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
|
||||
echo "RaspiBlitz SSH tools"
|
||||
echo
|
||||
echo "## SSHD SERVICE #######"
|
||||
echo "blitz.ssh.sh renew --> renew the sshd host certs"
|
||||
echo "blitz.ssh.sh clear --> make sure old sshd host certs are cleared"
|
||||
echo "blitz.ssh.sh checkrepair --> check sshd & repair just in case"
|
||||
echo "blitz.ssh.sh backup --> copy ssh keys to backup (if exist)"
|
||||
echo "blitz.ssh.sh sessions --> count open sessions"
|
||||
echo "blitz.ssh.sh restore [?backup-root] --> restore ssh keys from backup (if exist)"
|
||||
echo "blitz.ssh.sh restore [?backup-root]"
|
||||
echo " --> restore ssh keys from backup (if exist)"
|
||||
echo
|
||||
echo "## SSH ROOT USER #######"
|
||||
echo "blitz.ssh.sh root-get --> return root user pubkey"
|
||||
echo "blitz.ssh.sh root-transfer [REMOTEUSER]@[REMOTESERVER]"
|
||||
echo " --> transfer ssh-pub to a authorized key of remote server"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -105,23 +114,23 @@ DEFAULT_BASEDIR="/mnt/hdd/app-data"
|
||||
###################
|
||||
if [ "$1" = "backup" ]; then
|
||||
echo "# *** $0 $1"
|
||||
echo "# backup dir: ${DEFAULT_BASEDIR}"
|
||||
|
||||
# backup sshd host keys
|
||||
echo "# backup sshd keys to $DEFAULT_BASEDIR/sshd"
|
||||
mkdir -p $DEFAULT_BASEDIR/sshd
|
||||
sudo rm -rf $DEFAULT_BASEDIR/sshd/*
|
||||
sudo cp -a /etc/ssh $DEFAULT_BASEDIR/sshd
|
||||
|
||||
# backup root use ssh keys
|
||||
if [ $(sudo ls /root/.ssh/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
|
||||
echo "# backup root ssh keys to $DEFAULT_BASEDIR/ssh-root"
|
||||
mkdir -p $DEFAULT_BASEDIR/ssh-root
|
||||
sudo rm -rf $DEFAULT_BASEDIR/ssh-root/*
|
||||
sudo cp -a /root/.ssh $DEFAULT_BASEDIR/ssh-root
|
||||
|
||||
if [ -d "${DEFAULT_BASEDIR}/sshd" ] && [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then
|
||||
echo "# OK - ssh keys backup done"
|
||||
else
|
||||
echo "error='ssh keys backup failed - backup location may not exist'"
|
||||
echo "# no /root/.ssh/id_rsa.pub - dont backup"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -130,15 +139,16 @@ fi
|
||||
###################
|
||||
if [ "$1" = "restore" ]; then
|
||||
echo "# *** $0 $1"
|
||||
|
||||
# source directory can be changed by second parameter
|
||||
ALT_BASEDIR=$2
|
||||
if [ "${ALT_BASEDIR}" != "" ]; then
|
||||
DEFAULT_BASEDIR="${ALT_BASEDIR}"
|
||||
fi
|
||||
|
||||
echo "# backup dir: ${DEFAULT_BASEDIR}"
|
||||
if [ -d "${DEFAULT_BASEDIR}/sshd" ]; then
|
||||
|
||||
# restore sshd host keys
|
||||
# restore sshd keys
|
||||
if [ $(sudo ls ${DEFAULT_BASEDIR}/sshd/ssh_host_rsa_key 2>/dev/null | grep -c "ssh_host_rsa_key") -gt 0 ]; then
|
||||
echo "# restore sshd host keys from: $DEFAULT_BASEDIR/sshd"
|
||||
sudo rm -rf /etc/ssh/*
|
||||
sudo cp -a $DEFAULT_BASEDIR/sshd/* /etc/ssh/
|
||||
sudo chown -R root:root /etc/ssh
|
||||
@@ -150,14 +160,13 @@ if [ "$1" = "restore" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "${DEFAULT_BASEDIR}/ssh-root" ]; then
|
||||
|
||||
# restore root use keys (directory may not exist)
|
||||
# restore root ssh keys
|
||||
if [ $(sudo ls ${DEFAULT_BASEDIR}/ssh-root/id_rsa.pub 2>/dev/null | grep -c 'id_rsa.pub') -gt 0 ]; then
|
||||
echo "# restore root use keys from: $DEFAULT_BASEDIR/ssh-root"
|
||||
sudo rm -rf /root/.ssh
|
||||
sudo mkdir /root/.ssh
|
||||
sudo cp -a $DEFAULT_BASEDIR/ssh-root/* /root/.ssh
|
||||
sudo chown -R root:root /root/.ssh
|
||||
|
||||
echo "# OK - ssh-root keys restore done"
|
||||
else
|
||||
echo "# INFO - ssh-root keys backup not available"
|
||||
@@ -166,5 +175,43 @@ if [ "$1" = "restore" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
###################
|
||||
# ROOT GET
|
||||
###################
|
||||
if [ "$1" = "root-get" ]; then
|
||||
echo "# *** $0 $1"
|
||||
|
||||
# make sure the ssh keys for that user are initialized
|
||||
sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
|
||||
if [ ${sshKeysExist} -eq 0 ]; then
|
||||
echo "# generation SSH keys for user root"
|
||||
sudo mkdir /root/.ssh 2>/dev/null
|
||||
sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""'
|
||||
fi
|
||||
|
||||
# get ssh pub key and print
|
||||
sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
|
||||
echo "user='root'"
|
||||
echo "sshPubKey='${sshPubKey}'"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
###################
|
||||
# ROOT TRANSFER
|
||||
###################
|
||||
if [ "$1" = "root-transfer" ]; then
|
||||
echo "# *** $0 $1"
|
||||
|
||||
# check second parameter
|
||||
if [ "$2" == "" ]; then
|
||||
echo "# please enter as second parameter: [REMOTEUSER]@[REMOTESERVER]"
|
||||
echo "error='missing parameter'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo ssh-copy-id $2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "error='unknown parameter'"
|
||||
exit 1
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# command info
|
||||
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
||||
echo "# config script to init/show/transfer ssh pub keys."
|
||||
echo "# -> return pubkey (and will init if needed):"
|
||||
echo "# internet.sshpubkey.sh get"
|
||||
echo "# -> transfer ssh-pub to a authorized key of remote server:"
|
||||
echo "# internet.sshpubkey.sh transfer [REMOTEUSER]@[REMOTESERVER]"
|
||||
echo "err='just informational output'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 1. parameter MODE
|
||||
MODE="$1"
|
||||
|
||||
# root as default user
|
||||
# its used for all ssh tunnel/back action
|
||||
|
||||
# make sure the ssh keys for that user are initialized
|
||||
sshKeysExist=$(sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub')
|
||||
if [ ${sshKeysExist} -eq 0 ]; then
|
||||
echo "# generation SSH keys for user root"
|
||||
sudo mkdir /root/.ssh 2>/dev/null
|
||||
sudo sh -c 'yes y | sudo ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""'
|
||||
fi
|
||||
|
||||
if [ "${MODE}" == "get" ]; then
|
||||
|
||||
# get ssh pub key and print
|
||||
sshPubKey=$(sudo cat /root/.ssh/id_rsa.pub)
|
||||
echo "user='root'"
|
||||
echo "sshPubKey='${sshPubKey}'"
|
||||
|
||||
elif [ "${MODE}" == "transfer" ]; then
|
||||
|
||||
sudo ssh-copy-id $2
|
||||
|
||||
else
|
||||
echo "err='parameter not known - run with -help'"
|
||||
fi
|
||||
Reference in New Issue
Block a user