From f186ac502a13449b250f76d95c28231be45a5c10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= <raphael@numbus.eu>
Date: Fri, 29 May 2026 20:55:50 +0200
Subject: [PATCH] Improved the SSH error handling.

---
 script/deploy.sh | 46 +++++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/script/deploy.sh b/script/deploy.sh
index 9108aac..1a224e4 100755
--- a/script/deploy.sh
+++ b/script/deploy.sh
@@ -111,47 +111,53 @@ hierarchy_preparation() {
 
 setup_ssh() {
   edit_var() {
-    EXIT_CODE=${1}
-    if [[ EXIT_CODE -eq 225 ]]; then
+    local ERROR_CODE=${1}
+    if [[ "${ERROR_CODE}" == "225" ]]; then
       echo -e "\n ❌ Invalid password for ${TARGET_USER}@${LIVE_TARGET_IP}."
-    elif [[ EXIT_CODE -eq 226 ]]; then
+    elif [[ "${ERROR_CODE}" == "226" ]]; then
       echo -e "\n ❌ The IP address you specified cannot be reached."
+    else
+      echo -e "\n ❌ An unexpected SSH error occurred (Code: ${ERROR_CODE})."
     fi
 
     echo -e "   Please check the credentials provided in the configuration."
     echo -e "\n Here are the current settings :
   Target IP address : $(gum style --italic \"${LIVE_TARGET_IP}\")
   Target password : $(gum style --italic \"${LIVE_TARGET_PASSWORD}\")"
-    gum confirm "Are these correct ?" || { 
-      get_valid_input "LIVE_TARGET_IP" "\n ➡️ Provide the IP address of your machine in a NixOS live environment :" "192.168.1.100" "IP_REGEX";
-      get_valid_input "LIVE_TARGET_IP" "\n ➡️ Provide the password of your machine in a NixOS live environment :" "password" "IP_REGEX" "true" "true";
-      continue;
-    }
-    gum confirm "Retry connection ?" || { 
-      echo -e "\n ❌ Host unreachable or connection refused.";
-      exit 226;
-    }
-    continue
+
+    if ! gum confirm "Are these correct ?"; then
+      get_valid_input "LIVE_TARGET_IP" "\n ➡️ Provide the IP address of your machine in a NixOS live environment :" "192.168.1.100" "${IP_REGEX}"
+      get_valid_input "LIVE_TARGET_PASSWORD" "\n ➡️ Provide the password of your machine in a NixOS live environment :" "password" "" "true" "true"
+    fi
+
+    if ! gum confirm "Retry connection ?"; then
+       echo -e "\n ❌ Aborted by user."
+       exit 1
+    fi
   }
 
+  local KNOWN_HOSTS="${HOME}/.ssh/known_hosts"
+
   echod "\n ➡️ Generating new SSH key for numbus-admin..."
 
-  chmod 700 "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/"
+  mkdir -p "$(dirname "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519")"
+  chmod 700 "$(dirname "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519")"
   ssh-keygen -t "ed25519" -C "numbus-admin@numbus-${DEVICE_TYPE}" -f "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q
 
   echod "\n ➡️ Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..."
 
   while true; do
-    if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -o ConnectTimeout=10 -i "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
+    if sshpass -p "${LIVE_TARGET_PASSWORD}" ssh-copy-id -o StrictHostKeyChecking=no -o ConnectTimeout=5 -i "${TMP_EXTRA_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
       echod "\n ✅ SSH key copied successfully"
       return 0
     else
       local EXIT_CODE=$?
+      
       if [[ ${EXIT_CODE} -eq 5 ]]; then
         edit_var "225"
-      elif ! ping -c 2 "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
+      elif ! ping -c 1 -W 2 "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
         edit_var "226"
-      elif ssh-keygen -F "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"; then
+      elif [[ -f "${KNOWN_HOSTS}" ]] && ssh-keygen -F "${LIVE_TARGET_IP}" -f "${KNOWN_HOSTS}" > /dev/null 2>&1; then
         echo -e "\n ⚠️ The SSH fingerprint for the selected IP address $(gum style --italic "\"${LIVE_TARGET_IP}\"") is not the same as the one in $(gum style --italic "\".ssh/known_hosts\"").
 
   This could occur for multiple reasons :
@@ -167,8 +173,10 @@ setup_ssh() {
           echo -e "\n ❌ SSH fingerprints don't match.";
           exit 22;
         }
-        ssh-keygen -R "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"
-        continue
+        ssh-keygen -f "${KNOWN_HOSTS}" -R "${LIVE_TARGET_IP}" >> "${STDOUT}" 2>> "${STDERR}"
+      else
+        # Catch-all for other SSH failures (Permission denied, Connection refused, etc)
+        edit_var "${EXIT_CODE}"
       fi
     fi
   done