fatalerrors/profile
1
0
Fork 0
Code Issues Pull Requests Projects Releases 9 Wiki Activity

hardening

Browse Source
This commit is contained in:
fatalerrors
2026-04-01 17:21:54 +02:00
parent 08e9e6c799
commit d72fa1a712
1 changed files with 48 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
profile.d/ssh.sh
View File

@@ -59,50 +59,53 @@ rmhost()
;; ;;
*) *)
disp E "Invalid options, use \"rmhost --help\" to display usage." disp E "Invalid options, use \"rmhost --help\" to display usage."
break return 1
;; ;;
esac esac
done done
# Validation: Ensure at least one argument remains [[ $# -eq 0 ]] && {
if [[ $# -eq 0 ]]; then
disp E "Missing argument. Use 'rmhost --help' for usage." disp E "Missing argument. Use 'rmhost --help' for usage."
return 1 return 1
fi }
command -v ssh-keygen >/dev/null 2>&1 || {
disp E "ssh-keygen is not installed."
return 127
}
for target in "$@"; do for target in "$@"; do
local hst=$target local hst="$target"
isipv4 "$hst" >/dev/null local ip=""
local v4=$? local v4=1
isipv6 "$hst" >/dev/null local v6=1
local v6=$?
isipv4 "$hst" >/dev/null 2>&1; v4=$?
isipv6 "$hst" >/dev/null 2>&1; v6=$?
if [[ $v4 -eq 0 || $v6 -eq 0 ]]; then if [[ $v4 -eq 0 || $v6 -eq 0 ]]; then
local ip=$hst ip="$hst"
unset hst hst=""
fi fi
unset v4 v6
if [[ ! $ip && $hst ]]; then if [[ -z ${ip:-} && -n ${hst:-} ]]; then
if ! ip=$(host "$hst" 2>/dev/null | awk '/has address/ {print $NF; exit}'); then if command -v host >/dev/null 2>&1; then
disp E "Impossible to extract IP from hostname." && ip=$(host "$hst" 2>/dev/null | awk '/has address/ {print $NF; exit}')
return 1 [[ -z ${ip:-} ]] && \
disp W "Could not resolve IP for '$hst'; removing hostname only."
else
disp W "'host' is not installed; removing hostname only for '$hst'."
fi fi
[[ -z $ip ]] && {
disp E "Impossible to extract IP from hostname."
return 1;
}
fi fi
if [[ $hst ]]; then if [[ -n ${hst:-} ]]; then
disp I "Removing host $hst from ssh known_host..." disp I "Removing host $hst from ssh known_hosts..."
ssh-keygen -R $hst >/dev/null ssh-keygen -R "$hst" >/dev/null
fi fi
if [[ $ip ]]; then if [[ -n ${ip:-} ]]; then
disp I "Removing IP $ip from ssh known_host..." disp I "Removing IP $ip from ssh known_hosts..."
ssh-keygen -R $ip >/dev/null ssh-keygen -R "$ip" >/dev/null
fi fi
unset hst ip
done done
} }
export -f rmhost export -f rmhost
@@ -114,41 +117,33 @@ export -f rmhost
# Usage: ssr <server [ssh options]> # Usage: ssr <server [ssh options]>
ssr() ssr()
{ {
local PARSED case "${1:-}" in
PARSED=$(getopt -o h --long help -n 'ssr' -- "$@") -h|--help)
if [[ $? -ne 0 ]]; then return 1; fi printf "ssr: SSH into a server as root.\n\n"
eval set -- "$PARSED" printf "Usage: ssr <server> [ssh_options...]\n\n"
printf "Notes:\n"
while true; do printf " The first argument is the target server.\n"
case "$1" in printf " All remaining arguments are passed directly to ssh.\n\n"
-h|--help) printf "Examples:\n"
printf "ssr: SSH into a server as root.\n\n" printf " ssr srv01\n"
printf "Usage: ssr <server> [ssh_options...]\n\n" printf " ssr srv01 -p 2222\n"
printf "Options:\n" printf " ssr srv01 -i ~/.ssh/id_ed25519 -J bastion\n"
printf "\t-h, --help\t\tDisplay this help screen\n" return 0
return 0 ;;
;; esac
--)
shift
break
;;
*)
disp E "Invalid options, use \"ssr --help\" to display usage."
return 1
;;
esac
done
command -v ssh >/dev/null 2>&1 || { command -v ssh >/dev/null 2>&1 || {
disp E "ssh is not installed." disp E "ssh is not installed."
return 127 return 127
} }
[[ ! $1 ]] && {
[[ $# -eq 0 || -z ${1:-} ]] && {
disp E "Please specify the server you want to log in." disp E "Please specify the server you want to log in."
return 1 return 1
} }
local srv=$1 && shift local srv=$1
shift
ssh -Y root@"$srv" "$@" ssh -Y root@"$srv" "$@"
} }