Dateien nach "/" hochladen

02_setup_ssh.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+CFG="$SCRIPT_DIR/config.sh"
+[[ -f "$CFG" ]] || { echo "ERROR: config.sh fehlt: $CFG (erst 01_setup.sh ausführen)"; exit 1; }
+# shellcheck disable=SC1090
+source "$CFG"
+
+# --- helpers ---
+APP="raspi-backup"
+STATE_DIR="${XDG_STATE_HOME:-$HOME/.local/state}/${APP}"
+LOG_FILE="${STATE_DIR}/${APP}.log"
+mkdir -p "$STATE_DIR"
+
+log(){ echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE" >/dev/null; }
+die(){ log "ERROR: $*"; echo "ERROR: $*" >&2; exit 1; }
+need_cmd(){ command -v "$1" >/dev/null 2>&1 || die "Fehlt: $1"; }
+need_root(){ [[ "${EUID:-$(id -u)}" -eq 0 ]] || die "Bitte mit sudo starten: sudo $SCRIPT_DIR/02_setup_ssh.sh"; }
+host_short(){ hostname -s 2>/dev/null || hostname 2>/dev/null || echo "raspi"; }
+nas_alias(){ echo "${ALIAS_PREFIX}-$(host_short)"; }
+
+need_root
+need_cmd ssh
+need_cmd ssh-keygen
+
+# validate config vars
+: "${NAS_HOST:?}" "${NAS_USER:?}" "${NAS_PORT:?}" "${KEY_TYPE:?}" "${ALIAS_PREFIX:?}" "${SSH_USER:?}" "${NAS_AUTH_KEYS_FILE:?}"
+
+hn="$(host_short)"
+alias="$(nas_alias)"
+ssh_user="$SSH_USER"
+
+user_home="$(eval echo "~${ssh_user}")"
+[[ -d "$user_home" ]] || die "Home für SSH_USER '$ssh_user' nicht gefunden."
+
+ssh_dir="${user_home}/.ssh"
+key="${ssh_dir}/id_${KEY_TYPE}_${hn}"
+pub="${key}.pub"
+cfg="${ssh_dir}/config"
+
+log "SSH Setup START: ssh_user=${ssh_user} alias=${alias} nas=${NAS_USER}@${NAS_HOST}:${NAS_PORT} key=${key}"
+log "NAS_AUTH_KEYS_FILE: ${NAS_AUTH_KEYS_FILE}"
+
+# .ssh anlegen
+sudo -u "$ssh_user" mkdir -p "$ssh_dir"
+sudo -u "$ssh_user" chmod 700 "$ssh_dir"
+sudo -u "$ssh_user" touch "$cfg"
+sudo -u "$ssh_user" chmod 600 "$cfg"
+
+# Key anlegen falls fehlt
+if [[ ! -f "$key" ]]; then
+  log "Erzeuge Key: $key"
+  sudo -u "$ssh_user" ssh-keygen -t "$KEY_TYPE" -a 64 -f "$key" -N "" -C "${ssh_user}@${hn}"
+else
+  log "Key existiert: $key"
+fi
+
+# Alias Block append-only
+if ! sudo -u "$ssh_user" grep -qE "^Host[[:space:]]+${alias}$" "$cfg"; then
+  log "Füge Alias Block hinzu: $alias"
+  sudo -u "$ssh_user" tee -a "$cfg" >/dev/null <<EOF
+Host ${alias}
+  HostName ${NAS_HOST}
+  User ${NAS_USER}
+  Port ${NAS_PORT}
+  IdentityFile ${key}
+  IdentitiesOnly yes
+  ServerAliveInterval 30
+  ServerAliveCountMax 3
+EOF
+else
+  log "Alias existiert schon: $alias"
+fi
+
+# Testconnect (accept-new nur beim Setup)
+log "SSH Verbindungstest (accept-new nur setup)..."
+sudo -u "$ssh_user" ssh -p "$NAS_PORT" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 \
+  "${NAS_USER}@${NAS_HOST}" "echo ok" >/dev/null \
+  || die "SSH Verbindung fehlgeschlagen: ${NAS_HOST}:${NAS_PORT}"
+
+# Pubkey lesen
+[[ -f "$pub" ]] || die "Public key fehlt: $pub"
+pubkey="$(sudo -u "$ssh_user" cat "$pub")"
+
+# WICHTIG: Key in zentrale NAS-Datei schreiben (nicht ~/.ssh/authorized_keys)
+# - legt Verzeichnis an
+# - sorgt für Datei + Rechte
+# - fügt Key nur hinzu, wenn noch nicht vorhanden
+log "Installiere Public Key in zentrale Datei am NAS..."
+sudo -u "$ssh_user" ssh -p "$NAS_PORT" -o ConnectTimeout=10 \
+  "${NAS_USER}@${NAS_HOST}" \
+  "set -e;
+   f='${NAS_AUTH_KEYS_FILE}';
+   d=\$(dirname \"\$f\");
+   mkdir -p \"\$d\";
+   touch \"\$f\";
+   chmod 600 \"\$f\";
+   grep -qxF '$pubkey' \"\$f\" || echo '$pubkey' >> \"\$f\""
+
+log "SSH Setup OK."
+echo "SSH Setup OK."
+echo "Test:"
+echo "  sudo -u ${ssh_user} ssh ${alias} 'echo hello'"