From 72a58cc390ece2aaae650a519b79fd4f282fb461 Mon Sep 17 00:00:00 2001 From: Justin Oros Date: Sat, 18 Apr 2026 13:43:33 -0700 Subject: [PATCH] fix SSH service detection across distros; fix misleading key copied message --- hub/onboard-spoke.sh | 5 +++-- hub/setup-hub.sh | 18 ++++++++++-------- spoke/setup-spoke.sh | 16 +++++++++------- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/hub/onboard-spoke.sh b/hub/onboard-spoke.sh index 1617c42..0223783 100755 --- a/hub/onboard-spoke.sh +++ b/hub/onboard-spoke.sh @@ -98,7 +98,9 @@ fi header "Copying Hub Key to Spoke" info "Running ssh-copy-id to $SPOKE_USER@localhost:$TUNNEL_PORT..." info "(You will be prompted for the $SPOKE_USER password on the spoke)" -if ! ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then +if ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then + info "Key copied." +else warn "ssh-copy-id failed — password auth may be disabled on the spoke." warn "Manually append the hub public key to the spoke's authorized_keys:" echo "" @@ -108,7 +110,6 @@ if ! ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; t echo "" read -rp "Press ENTER once the key has been added to the spoke..." fi -info "Key copied." header "Testing Hub -> Spoke Key Auth" retry_or_abort \ diff --git a/hub/setup-hub.sh b/hub/setup-hub.sh index 5a74e26..e7cbad1 100755 --- a/hub/setup-hub.sh +++ b/hub/setup-hub.sh @@ -161,14 +161,18 @@ for DIRECTIVE in "GatewayPorts yes" "AllowTcpForwarding yes" "ClientAliveInterva info "$DIRECTIVE set." done -if systemctl enable ssh 2>/dev/null; then - systemctl restart ssh -elif systemctl enable sshd 2>/dev/null; then - systemctl restart sshd +SSH_SVC="" +if systemctl list-unit-files ssh.service >/dev/null 2>&1 && systemctl enable ssh 2>/dev/null; then + SSH_SVC="ssh" +elif systemctl list-unit-files sshd.service >/dev/null 2>&1 && systemctl enable sshd 2>/dev/null; then + SSH_SVC="sshd" +fi +if [ -n "$SSH_SVC" ]; then + systemctl restart "$SSH_SVC" + info "SSH server restarted." else warn "Could not enable/restart SSH service — please start it manually." fi -info "SSH server restarted." header "Password Authentication" read -rp "Disable password auth for $HUB_USER and use keys only? [Y/n]: " DISABLE_PASS @@ -193,9 +197,7 @@ if [[ "${DISABLE_PASS,,}" == "y" ]]; then warn "If you are connected via SSH, your session may drop." warn "Make sure you can reconnect using your key before continuing." read -rp "Press ENTER to restart SSH or CTRL+C to abort..." - if systemctl restart ssh 2>/dev/null; then - info "SSH restarted." - elif systemctl restart sshd 2>/dev/null; then + if [ -n "$SSH_SVC" ] && systemctl restart "$SSH_SVC" 2>/dev/null; then info "SSH restarted." else warn "Could not restart SSH — please restart it manually." diff --git a/spoke/setup-spoke.sh b/spoke/setup-spoke.sh index ec44847..a855f76 100755 --- a/spoke/setup-spoke.sh +++ b/spoke/setup-spoke.sh @@ -155,10 +155,14 @@ info "Adding $SPOKE_USER to docker group..." usermod -aG docker "$SPOKE_USER" 2>/dev/null || true info "Enabling SSH server..." -if systemctl enable ssh 2>/dev/null; then - systemctl start ssh -elif systemctl enable sshd 2>/dev/null; then - systemctl start sshd +SSH_SVC="" +if systemctl list-unit-files ssh.service >/dev/null 2>&1 && systemctl enable ssh 2>/dev/null; then + SSH_SVC="ssh" +elif systemctl list-unit-files sshd.service >/dev/null 2>&1 && systemctl enable sshd 2>/dev/null; then + SSH_SVC="sshd" +fi +if [ -n "$SSH_SVC" ]; then + systemctl start "$SSH_SVC" else warn "Could not enable SSH service — please start it manually." fi @@ -252,9 +256,7 @@ if [[ "${DISABLE_PASS,,}" == "y" ]]; then warn "If you are connected via SSH, your session may drop." warn "Make sure you can reconnect using your key before continuing." read -rp "Press ENTER to restart SSH or CTRL+C to abort..." - if systemctl restart ssh 2>/dev/null; then - info "SSH restarted." - elif systemctl restart sshd 2>/dev/null; then + if [ -n "$SSH_SVC" ] && systemctl restart "$SSH_SVC" 2>/dev/null; then info "SSH restarted." else warn "Could not restart SSH — please restart it manually."