d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c58ccaf6cd1f78131e5e78702a694a1da8a4deb
proxmox/scripts/security/ensure-proxmox-ssh-access.sh
defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. 
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor
2026-04-12 06:12:20 -07:00

99 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Verify key-based SSH from this machine to all Proxmox management targets (read-only by default).
# Optionally install your pubkey with ssh-copy-id (you will be prompted for password once per host).
#
# Usage (repo root):
# bash scripts/security/ensure-proxmox-ssh-access.sh
# bash scripts/security/ensure-proxmox-ssh-access.sh --fqdn
# bash scripts/security/ensure-proxmox-ssh-access.sh --copy # ssh-copy-id to each target (interactive)
#
# Env: SSH_USER (default: PROXMOX_SSH_USER from ip-addresses or root)
# SSH_KEY (default: ~/.ssh/id_ed25519.pub or id_rsa.pub)
set -uo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "$PROJECT_ROOT/config/ip-addresses.conf"
SSH_USER="${SSH_USER:-${PROXMOX_SSH_USER:-root}}"
SSH_OPTS=(-o BatchMode=yes -o ConnectTimeout=12 -o StrictHostKeyChecking=accept-new)
USE_FQDN=0
DO_COPY=0
for a in "$@"; do
case "$a" in
--fqdn) USE_FQDN=1 ;;
--copy) DO_COPY=1 ;;
-h | --help)
sed -n '1,20p' "$0"
exit 0
;;
esac
done
PUB="${SSH_KEY:-}"
if [[ -z "$PUB" ]]; then
[[ -f "${HOME}/.ssh/id_ed25519.pub" ]] && PUB="${HOME}/.ssh/id_ed25519.pub"
[[ -z "$PUB" && -f "${HOME}/.ssh/id_rsa.pub" ]] && PUB="${HOME}/.ssh/id_rsa.pub"
fi
targets=()
if [[ "$USE_FQDN" -eq 1 ]]; then
targets=(
"${PROXMOX_FQDN_ML110}"
"${PROXMOX_FQDN_R630_01}"
"${PROXMOX_FQDN_R630_02}"
"${PROXMOX_FQDN_R630_03}"
"${PROXMOX_FQDN_R630_04}"
)
echo "=== Proxmox SSH check (by FQDN *.sankofa.nexus) ==="
else
targets=(
"${PROXMOX_HOST_ML110}"
"${PROXMOX_HOST_R630_01}"
"${PROXMOX_HOST_R630_02}"
"${PROXMOX_HOST_R630_03}"
"${PROXMOX_HOST_R630_04}"
)
echo "=== Proxmox SSH check (by management IP) ==="
fi
fail=0
for t in "${targets[@]}"; do
printf '%-28s ' "$t"
if [[ "$USE_FQDN" -eq 1 ]] && ! getent ahosts "$t" &>/dev/null; then
echo "SKIP (DNS unresolved — add UDM/local DNS or /etc/hosts; see scripts/verify/check-proxmox-mgmt-fqdn.sh --print-hosts)"
fail=1
continue
fi
_tmp="$(mktemp)"
if ssh "${SSH_OPTS[@]}" "${SSH_USER}@${t}" "hostname -f 2>/dev/null || hostname" &>"$_tmp"; then
echo "OK ($(tr -d '\r\n' <"$_tmp"))"
else
echo "FAIL"
sed 's/^/ /' "$_tmp" | head -3
fail=1
fi
rm -f "$_tmp"
done
if [[ "$DO_COPY" -eq 1 ]]; then
if [[ -z "$PUB" || ! -f "$PUB" ]]; then
echo "[ERROR] No public key found; set SSH_KEY=path/to/id_*.pub"
exit 1
fi
echo ""
echo "=== ssh-copy-id (interactive; password per host) ==="
for t in "${targets[@]}"; do
if [[ "$USE_FQDN" -eq 1 ]] && ! getent ahosts "$t" &>/dev/null; then
echo "[SKIP] $t (unresolved)"
continue
fi
echo "--- $t ---"
ssh-copy-id -i "$PUB" -o StrictHostKeyChecking=accept-new "${SSH_USER}@${t}" || true
done
fi
exit "$fail"
Reference in New Issue View Git Blame Copy Permalink