justin/tinyboard
1
0
Fork 0
forked from finn/tinyboard
Code Pull Requests 1 Activity

onboard-spoke.sh: add key selection prompt for tunnel auth, use explicit -i flag for all SSH calls, clarify hub key installation header

Browse Source
This commit is contained in:
Justin Oros
2026-04-19 13:05:29 -07:00
parent fe3f2c5b77
commit f486795154
2 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
hub/onboard-spoke.sh
View File

@@ -73,6 +73,27 @@ KEY_PATH="$SSH_DIR/$KEY_NAME"
mkdir -p "$(dirname "$RCLONE_CONF")"
header "Select Tunnel Key"
AVAILABLE_KEYS=()
while IFS= read -r keyfile; do
AVAILABLE_KEYS+=("$keyfile")
done < <(find "$SSH_DIR" -maxdepth 1 -type f ! -name "*.pub" ! -name "known_hosts" ! -name "authorized_keys" ! -name "config" | sort)
if [ ${#AVAILABLE_KEYS[@]} -eq 0 ]; then
die "No private keys found in $SSH_DIR."
fi
echo "Available keys:"
for i in "${!AVAILABLE_KEYS[@]}"; do
echo " $i) ${AVAILABLE_KEYS[$i]}"
done
echo ""
read -rp "Choose key to use for tunnel access [0]: " KEY_CHOICE
KEY_CHOICE="${KEY_CHOICE:-0}"
[[ "$KEY_CHOICE" =~ ^[0-9]+$ ]] && [ "$KEY_CHOICE" -lt "${#AVAILABLE_KEYS[@]}" ] || die "Invalid choice."
TUNNEL_KEY="${AVAILABLE_KEYS[$KEY_CHOICE]}"
info "Using key: $TUNNEL_KEY"
header "Checking Tunnel"
info "Scanning spoke host key..."
KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
@@ -86,7 +107,7 @@ done <<< "$KEYSCAN"
info "Verifying spoke is reachable on port $TUNNEL_PORT..."
retry_or_abort \
"ssh -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" \"$SPOKE_USER\"@localhost exit" \
"ssh -i \"$TUNNEL_KEY\" -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" \"$SPOKE_USER\"@localhost exit" \
"Spoke not reachable on port $TUNNEL_PORT. Make sure the tunnel is up."
header "Generating Hub SSH Key"
@@ -99,10 +120,10 @@ fi
chmod 600 "$KEY_PATH"
info "Permissions set: $KEY_PATH is 600"
header "Copying Hub Key to Spoke"
info "Running ssh-copy-id to $SPOKE_USER@localhost:$TUNNEL_PORT..."
header "Installing Hub Access Key on Spoke"
info "Copying hub public key to spoke's authorized_keys so the hub can SSH in for rclone..."
info "(You will be prompted for the $SPOKE_USER password on the spoke)"
if ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
if ssh-copy-id -i "$KEY_PATH.pub" -o "IdentityFile=$TUNNEL_KEY" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
info "Key copied."
else
warn "ssh-copy-id failed — password auth may be disabled on the spoke."