diff --git a/script/deploy.sh b/script/deploy.sh index b134a0d..1a224e4 100755 --- a/script/deploy.sh +++ b/script/deploy.sh @@ -110,20 +110,76 @@ hierarchy_preparation() { } setup_ssh() { - echod "\n ✅ Generating new SSH key for numbus-admin..." + edit_var() { + local ERROR_CODE=${1} + if [[ "${ERROR_CODE}" == "225" ]]; then + echo -e "\n ❌ Invalid password for ${TARGET_USER}@${LIVE_TARGET_IP}." + elif [[ "${ERROR_CODE}" == "226" ]]; then + echo -e "\n ❌ The IP address you specified cannot be reached." + else + echo -e "\n ❌ An unexpected SSH error occurred (Code: ${ERROR_CODE})." + fi - chmod 700 ${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/ - ssh-keygen -t "ed25519" -C "numbus-admin@numbus-server" -f "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q + echo -e " Please check the credentials provided in the configuration." + echo -e "\n Here are the current settings : + Target IP address : $(gum style --italic \"${LIVE_TARGET_IP}\") + Target password : $(gum style --italic \"${LIVE_TARGET_PASSWORD}\")" - echod "\n ➡️ Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..." + if ! gum confirm "Are these correct ?"; then + get_valid_input "LIVE_TARGET_IP" "\n ➡️ Provide the IP address of your machine in a NixOS live environment :" "192.168.1.100" "${IP_REGEX}" + get_valid_input "LIVE_TARGET_PASSWORD" "\n ➡️ Provide the password of your machine in a NixOS live environment :" "password" "" "true" "true" + fi - if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -i "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}"; then - echod "\n ✅ SSH key copied successfully" - else - echo -e "\n ❌ Failed to copy SSH key. Please check the host IP and password." - exit 1 - fi + if ! gum confirm "Retry connection ?"; then + echo -e "\n ❌ Aborted by user." + exit 1 + fi + } + local KNOWN_HOSTS="${HOME}/.ssh/known_hosts" + + echod "\n ➡️ Generating new SSH key for numbus-admin..." + + mkdir -p "$(dirname "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519")" + chmod 700 "$(dirname "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519")" + ssh-keygen -t "ed25519" -C "numbus-admin@numbus-${DEVICE_TYPE}" -f "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q + + echod "\n ➡️ Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..." + + while true; do + if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -o ConnectTimeout=5 -i "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then + echod "\n ✅ SSH key copied successfully" + return 0 + else + local EXIT_CODE=$? + + if [[ ${EXIT_CODE} -eq 5 ]]; then + edit_var "225" + elif ! ping -c 1 -W 2 "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then + edit_var "226" + elif [[ -f "${KNOWN_HOSTS}" ]] && ssh-keygen -F "${LIVE_TARGET_IP}" -f "${KNOWN_HOSTS}" > /dev/null 2>&1; then + echo -e "\n ⚠️ The SSH fingerprint for the selected IP address $(gum style --italic "\"${LIVE_TARGET_IP}\"") is not the same as the one in $(gum style --italic "\".ssh/known_hosts\""). + + This could occur for multiple reasons : + - You ran this script multiple times + - Your live machine uses an IP address that was used by another devices you SSHed in + - You are under a Man-In-The-Middle attack + - Other + + The script $(gum style --bold "cannot continue") without the correct fingerprint installed. + If you are unsure, it is always better to check manually.\n" + + gum confirm "Remove the old fingerprint and accept the new one ?" || { + echo -e "\n ❌ SSH fingerprints don't match."; + exit 22; + } + ssh-keygen -f "${KNOWN_HOSTS}" -R "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}" + else + # Catch-all for other SSH failures (Permission denied, Connection refused, etc) + edit_var "${EXIT_CODE}" + fi + fi + done } hardware_detection() {