104 lines
2.6 KiB
Bash
Executable File
104 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# SSH Recovery Script
|
|
# Run this if the main setup script broke SSH
|
|
|
|
set -euo pipefail
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
log() {
|
|
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] $1${NC}"
|
|
}
|
|
|
|
warn() {
|
|
echo -e "${YELLOW}[WARNING] $1${NC}"
|
|
}
|
|
|
|
error() {
|
|
echo -e "${RED}[ERROR] $1${NC}"
|
|
}
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
error "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
|
|
echo -e "${YELLOW}=== SSH Recovery Script ===${NC}"
|
|
echo "This script will help recover from broken SSH configuration."
|
|
echo ""
|
|
|
|
# List available backups
|
|
if ls /etc/ssh/sshd_config.backup.* 1> /dev/null 2>&1; then
|
|
echo "Available SSH configuration backups:"
|
|
ls -la /etc/ssh/sshd_config.backup.*
|
|
echo ""
|
|
|
|
read -p "Restore from backup? (Y/n): " restore_choice
|
|
if [[ ! "$restore_choice" =~ ^[Nn]$ ]]; then
|
|
# Get the most recent backup
|
|
latest_backup=$(ls -t /etc/ssh/sshd_config.backup.* | head -1)
|
|
log "Restoring SSH configuration from: $latest_backup"
|
|
|
|
cp "$latest_backup" /etc/ssh/sshd_config
|
|
log "SSH configuration restored"
|
|
fi
|
|
else
|
|
warn "No SSH configuration backups found"
|
|
echo "Restoring default SSH configuration..."
|
|
|
|
# Create a basic working SSH config
|
|
cat > /etc/ssh/sshd_config << 'EOF'
|
|
# Minimal working SSH configuration
|
|
Port 22
|
|
PermitRootLogin no
|
|
PasswordAuthentication yes
|
|
PubkeyAuthentication yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
PermitEmptyPasswords no
|
|
ChallengeResponseAuthentication no
|
|
UsePAM yes
|
|
X11Forwarding no
|
|
PrintMotd no
|
|
AcceptEnv LANG LC_*
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
EOF
|
|
log "Basic SSH configuration created"
|
|
fi
|
|
|
|
# Test configuration
|
|
log "Testing SSH configuration..."
|
|
if sshd -t; then
|
|
log "SSH configuration is valid"
|
|
|
|
# Restart SSH service
|
|
log "Restarting SSH service..."
|
|
if systemctl restart sshd; then
|
|
log "SSH service restarted successfully"
|
|
|
|
# Check if service is running
|
|
if systemctl is-active --quiet sshd; then
|
|
echo ""
|
|
echo -e "${GREEN}✓ SSH service is now running${NC}"
|
|
echo -e "${YELLOW}You should now be able to connect via SSH${NC}"
|
|
echo ""
|
|
echo "Test connection with:"
|
|
echo "ssh user@$(hostname -I | awk '{print $1}')"
|
|
else
|
|
error "SSH service is not active"
|
|
fi
|
|
else
|
|
error "Failed to restart SSH service"
|
|
fi
|
|
else
|
|
error "SSH configuration is still invalid"
|
|
echo "Manual intervention required."
|
|
fi
|
|
|
|
echo ""
|
|
echo "Current SSH status:"
|
|
systemctl status sshd --no-pager -l |