Dateien nach "/" hochladen

03_verify.sh

@@ -7,6 +7,9 @@ CFG="$SCRIPT_DIR/config.sh"
 # shellcheck disable=SC1090
 source "$CFG"
 
+# Der User, der das Script gestartet hat (auch wenn via sudo)
+RUN_USER="${SUDO_USER:-$USER}"
+
 # --- helpers ---
 APP="raspi-backup"
 STATE_DIR="${XDG_STATE_HOME:-$HOME/.local/state}/${APP}"
@@ -22,17 +25,20 @@ nas_alias(){ echo "${ALIAS_PREFIX}-$(host_short)"; }
 
 need_root
 need_cmd ssh
-need_cmd rsync
 
-# validate config vars
-: "${NAS_HOST:?}" "${NAS_USER:?}" "${NAS_PORT:?}" "${ALIAS_PREFIX:?}" "${SSH_USER:?}" "${NAS_BACKUP_BASE:?}"
+# validate config vars (OHNE SSH_USER)
+: "${NAS_HOST:?}" "${NAS_USER:?}" "${NAS_PORT:?}" "${ALIAS_PREFIX:?}" "${NAS_BACKUP_BASE:?}" "${KEY_TYPE:?}"
 
 hn="$(host_short)"
 alias="$(nas_alias)"
-ssh_user="$SSH_USER"
+ssh_user="$RUN_USER"
 remote_root="${NAS_BACKUP_BASE%/}/${hn}"
 
-log "VERIFY START: alias=${alias} remote_root=${remote_root}"
+# Keypfad (gehört RUN_USER)
+key_path="$(eval echo "~${ssh_user}/.ssh/id_${KEY_TYPE}_${hn}")"
+[[ -f "$key_path" ]] || die "Key fehlt: $key_path (erst 02_setup_ssh.sh ausführen)"
+
+log "VERIFY START: run_user=${ssh_user} alias=${alias} remote_root=${remote_root}"
 
 # optional Port check
 if command -v nc >/dev/null 2>&1; then
@@ -42,18 +48,39 @@ else
   log "nc nicht vorhanden – überspringe Port-Check"
 fi
 
-# SSH login via alias
-log "Check SSH Login: ${alias}"
-sudo -u "$ssh_user" ssh -o BatchMode=yes -o ConnectTimeout=10 "$alias" "echo ok" >/dev/null \
-  || die "SSH Login über Alias fehlgeschlagen: $alias"
+# Direkte SSH Optionen (robust, nicht abhängig von ssh-config/alias)
+SSH_BASE=(ssh -p "$NAS_PORT" -i "$key_path"
+  -o IdentitiesOnly=yes
+  -o BatchMode=yes
+  -o StrictHostKeyChecking=yes
+  -o ConnectTimeout=10
+)
 
-# Remote backup dir
+# 1) SSH login test als RUN_USER (wie bisher)
+log "Check SSH Login (RUN_USER): ${NAS_USER}@${NAS_HOST}:${NAS_PORT}"
+if ! sudo -u "$ssh_user" "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" "echo ok" >/dev/null 2>&1; then
+  die "SSH Login fehlgeschlagen als User '${ssh_user}' (Hostkey/Key/Netz prüfen)"
+fi
+
+# 2) Extra: SSH login test als root (wichtig, weil Backup Run via sudo/root)
+log "Check SSH Login (root): ${NAS_USER}@${NAS_HOST}:${NAS_PORT}"
+if ! "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" "echo ok" >/dev/null 2>&1; then
+  echo "Hinweis: root kann nicht verbinden (oft fehlt root der Hostkey in /root/.ssh/known_hosts)." >&2
+  echo "Fix: 02_setup_ssh.sh erneut laufen lassen (lernt Hostkey für root), oder root-known_hosts ergänzen." >&2
+  die "SSH Login fehlgeschlagen als root"
+fi
+
+# 3) Remote backup dir
 log "Check/Create Remote Backup Dir: ${remote_root}"
-sudo -u "$ssh_user" ssh -o BatchMode=yes "$alias" "mkdir -p '$remote_root' && test -d '$remote_root'" >/dev/null \
+sudo -u "$ssh_user" "${SSH_BASE[@]}" "${NAS_USER}@${NAS_HOST}" \
+  "mkdir -p '$remote_root' && test -d '$remote_root'" >/dev/null \
   || die "Remote Backup Pfad nicht nutzbar: $remote_root"
 
 log "VERIFY OK"
 echo "Verify OK:"
 echo "- NAS erreichbar (${NAS_HOST}:${NAS_PORT})"
-echo "- SSH Alias funktioniert (${alias})"
+echo "- SSH Login OK (User: ${NAS_USER}@${NAS_HOST}:${NAS_PORT})"
+echo "- SSH Login OK (root: ${NAS_USER}@${NAS_HOST}:${NAS_PORT})"
+echo "- Key OK (${key_path})"
 echo "- Remote Backup Pfad OK (${remote_root})"
+echo "Info: SSH-Alias (optional) wäre: ${alias}"