From 87c08fb5434b4d3c694df6d1bf5b8fb49850b4b3 Mon Sep 17 00:00:00 2001
From: Justin Oros <JustinOros@gmail.com>
Date: Thu, 16 Apr 2026 09:22:19 -0700
Subject: [PATCH] fix known_hosts ownership, ssh dir creation, and root user
 guard

---
 hub/onboard-spoke.sh | 6 ++++++
 setup.sh             | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hub/onboard-spoke.sh b/hub/onboard-spoke.sh
index 3eaea95..03d48e5 100644
--- a/hub/onboard-spoke.sh
+++ b/hub/onboard-spoke.sh
@@ -4,6 +4,12 @@ set -euo pipefail
 RCLONE_CONF="${HOME}/.config/rclone/rclone.conf"
 SSH_DIR="${HOME}/.ssh"
 
+[ "$(id -u)" -eq 0 ] && echo -e "\033[0;31m[WARNING]\033[0m Running as root — keys will be written to /root/.ssh. Run as armbian instead." && exit 1 || true
+mkdir -p "$SSH_DIR"
+touch "$SSH_DIR/known_hosts"
+chmod 700 "$SSH_DIR"
+chmod 600 "$SSH_DIR/known_hosts"
+
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
diff --git a/setup.sh b/setup.sh
index 8c2def7..ca3bebc 100644
--- a/setup.sh
+++ b/setup.sh
@@ -100,9 +100,10 @@ case "$KEY_CHOICE" in
 esac
 
 info "Scanning hub host key..."
-sudo -u armbian ssh-keyscan -H "$HUB_HOST" >> "$SSH_DIR/known_hosts" 2>/dev/null
+sudo -u armbian touch "$SSH_DIR/known_hosts"
 chown armbian:armbian "$SSH_DIR/known_hosts"
 chmod 600 "$SSH_DIR/known_hosts"
+sudo -u armbian ssh-keyscan -H "$HUB_HOST" >> "$SSH_DIR/known_hosts" 2>/dev/null
 
 header "Testing SSH Connection"
 info "Testing connection to $HUB_HOST..."