From 514d13d8ff51eff4cfd83f85f3e942980c1a70be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= <raphael@numbus.eu>
Date: Fri, 29 May 2026 15:47:16 +0200
Subject: [PATCH] Improved SSH `known_hosts` error handling. Added error codes
 file.

---
 script/deploy.sh      | 48 ++++++++++++++++++++++++++++---------------
 script/error_codes.md |  3 +++
 2 files changed, 35 insertions(+), 16 deletions(-)
 create mode 100644 script/error_codes.md

diff --git a/script/deploy.sh b/script/deploy.sh
index c4930f5..996d2d1 100755
--- a/script/deploy.sh
+++ b/script/deploy.sh
@@ -93,6 +93,37 @@ hierarchy_preparation() {
   echod "\n ✅ Folder hierarchy ready"
 }
 
+setup_ssh() {
+  echod "\n ➡️ Generating new SSH key for numbus-admin..."
+
+  chmod 700 "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/"
+  ssh-keygen -t "ed25519" -C "numbus-admin@numbus-${DEVICE_TYPE}" -f "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q
+
+  echod "\n ➡️ Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..."
+
+  if cat "~/.ssh/known_hosts" | grep ${LIVE_TARGET_IP}; then
+    echo -e "\n ⚠️ The SSH fingerprint for the selected IP address $(gum style --italic "\"${LIVE_TARGET_IP}\"") is not the same as the one in $(gum style --italic "\".ssh/known_hosts\"").
+
+  This could occur for multiple reasons :
+    - You ran the script multiple times and rebooted your live machine
+    - Your live machine uses an IP address that was used by another devices you SSHed in
+    - You are under a Man-In-The-Middle attack
+    - Other
+
+  The script $(gum style --bold "cannot continue") without the correct fingerprint installed.\n"
+
+    gum confirm "Remove the old fingerprint and accept the new one ?" || { echo -e "\n\n ❌ Exiting."; exit 22; }
+    sed -i '/${LIVE_TARGET_IP}/d' "~/.ssh/known_hosts"
+  fi
+
+  if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -i "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
+    echod "\n ✅ SSH key copied successfully"
+  else
+    echo -e "\n ❌ Failed to copy SSH key. Please check the host IP and password."
+    exit 1
+  fi
+}
+
 hardware_detection() {
 	local TMPFILE="/run/user/1000/numbus-installer/hw_detection.json"
 
@@ -371,22 +402,6 @@ launch_gui() {
 
 
 # --- MAIN SCRIPT FUNCTIONS --->
-setup_ssh() {
-  echod "\n ✅ Generating new SSH key for numbus-admin..."
-
-  chmod 700 "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/"
-  ssh-keygen -t "ed25519" -C "numbus-admin@numbus-${DEVICE_TYPE}" -f "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q
-
-  echod "\n ➡️   Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..."
-
-  if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -i "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
-    echod "\n ✅ SSH key copied successfully"
-  else
-    echo -e "\n ❌ Failed to copy SSH key. Please check the host IP and password."
-    exit 1
-  fi
-}
-
 server_config_generation() {
   echod "\n 📝 Generating structured settings.json..."
   
@@ -773,6 +788,7 @@ PORT_REGEX='^[0-9]{1,5}$'
 SSH_KEY_REGEX='^ssh-[a-z0-9]+ [A-Za-z0-9+/]+.*'
 PHONE_REGEX='^\+[1-9][0-9]{7,14}$' 
 
+FOREGROUND="212"
 GUM_INPUT_PADDING="1 1"
 GUM_INPUT_HEADER_FOREGROUND="212"
 GUM_INPUT_CURSOR_FOREGROUND="212"
diff --git a/script/error_codes.md b/script/error_codes.md
new file mode 100644
index 0000000..92f7870
--- /dev/null
+++ b/script/error_codes.md
@@ -0,0 +1,3 @@
+0: successful.
+1: error.
+22: SSH fingerprint in `known_hosts` for the IP is different than the current one.
\ No newline at end of file