Last active
July 26, 2023 18:52
-
-
Save melMass/450dc98c4e15422d71be62f2014c6d69 to your computer and use it in GitHub Desktop.
SSH check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# ANSI color codes | |
bold_red='\033[1;31m' | |
bold_green='\033[1;32m' | |
bold_yellow='\033[1;33m' | |
reset='\033[0m' | |
# Function to check if a file has correct permissions and ownership | |
check_file_permissions() { | |
local expected_permissions=$1 | |
local expected_owner=$2 | |
shift 2 | |
local files=("$@") | |
for file in "${files[@]}"; do | |
if [[ -e "$file" ]]; then | |
permissions=$(stat -f "%A" "$file") | |
owner=$(stat -f "%Su" "$file") | |
if [[ "$permissions" == "$expected_permissions" && "$owner" == "$expected_owner" ]]; then | |
echo -e "${bold_green}✔ $file has correct permissions and ownership.${reset}" | |
else | |
echo -e "${bold_red}✘ $file has incorrect permissions and/or ownership:${reset}" | |
echo -e "${bold_red} Expected permissions: $expected_permissions${reset}" | |
echo -e "${bold_red} Expected owner: $expected_owner${reset}" | |
echo -e "${bold_red} Actual permissions: $permissions${reset}" | |
echo -e "${bold_red} Actual owner: $owner${reset}" | |
if [[ "$FIX" == "true" ]]; then | |
fix_file_permissions "$file" "$expected_permissions" "$expected_owner" | |
else | |
echo -e "${bold_yellow}To attempt fixing the issue, run the script with the 'fix' subcommand:${reset}" | |
echo -e "${bold_yellow}./ssh_check.sh fix${reset}" | |
fi | |
fi | |
else | |
echo -e "${bold_red}✘ $file not found.${reset}" | |
fi | |
done | |
} | |
# Function to attempt to fix file permissions and ownership | |
fix_file_permissions() { | |
local file=$1 | |
local expected_permissions=$2 | |
local expected_owner=$3 | |
echo -e "${bold_yellow}Attempting to fix permissions and ownership for $file ...${reset}" | |
sudo chown "$expected_owner" "$file" | |
sudo chmod "$expected_permissions" "$file" | |
echo -e "${bold_green}Permissions and ownership for $file have been fixed.${reset}" | |
} | |
# Function to check if the public key is included in the authorized_keys file | |
check_public_key() { | |
local public_key_path=$1 | |
local public_key=$(ssh-keygen -y -f "$public_key_path" 2>/dev/null) | |
if grep -q "$public_key" ~/.ssh/authorized_keys; then | |
echo -e "${bold_green}✔ Public key is included in the authorized_keys file.${reset}" | |
else | |
echo -e "${bold_red}✘ Public key is missing from the authorized_keys file.${reset}" | |
fi | |
} | |
# Function to check if the SSH configuration allows password and/or public key authentication | |
check_ssh_config() { | |
local password_auth=$(grep -E "^PasswordAuthentication" /etc/ssh/sshd_config | awk '{print $2}') | |
local permit_root_login=$(grep -E "^PermitRootLogin" /etc/ssh/sshd_config | awk '{print $2}') | |
if [[ "$password_auth" == "yes" && "$permit_root_login" =~ ^(yes|without-password)$ ]]; then | |
echo -e "${bold_green}✔ SSH configuration allows password and/or public key authentication.${reset}" | |
else | |
echo -e "${bold_red}✘ SSH configuration might not allow password and/or public key authentication.${reset}" | |
echo -e "${bold_red} PasswordAuthentication: $password_auth${reset}" | |
echo -e "${bold_red} PermitRootLogin: $permit_root_login${reset}" | |
fi | |
} | |
# Function to check for deprecated key algorithms in SSH configuration | |
check_deprecated_keys() { | |
local deprecated_keys=$(grep -E "^PubkeyAcceptedKeyTypes" /etc/ssh/sshd_config | grep -E "ssh-dss") | |
if [[ -z "$deprecated_keys" ]]; then | |
echo -e "${bold_green}✔ No deprecated key algorithms found in SSH configuration.${reset}" | |
else | |
echo -e "${bold_red}✘ Deprecated key algorithms found in SSH configuration:${reset}" | |
echo -e "${bold_red}$deprecated_keys${reset}" | |
fi | |
} | |
# Check SSH files and configurations based on https://docs.digitalocean.com/support/how-to-troubleshoot-ssh-authentication-issues/ | |
main() { | |
echo "=== Checking SSH Setup ===" | |
check_file_permissions 700 "$(whoami)" ~/.ssh/* | |
check_public_key ~/.ssh/id_rsa | |
check_ssh_config | |
check_deprecated_keys | |
} | |
# - subcommands | |
if [[ $# -gt 0 ]]; then | |
subcommand=$1 | |
shift | |
case "$subcommand" in | |
fix) | |
FIX="true" main | |
;; | |
*) | |
echo "Unknown subcommand: $subcommand" | |
;; | |
esac | |
else | |
main | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment