#!/bin/bash # NAS SSH authentication and connectivity functions for tinsnip # Source core functions LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$LIB_DIR/core.sh" # Get SSH key for NAS server (checks for existing keys or creates new one) get_nas_ssh_key() { local nas_server="$1" # 1. Test if default SSH config/keys work if ssh -o BatchMode=yes -o ConnectTimeout=5 "$nas_server" exit 2>/dev/null; then echo "default" # Signal that default SSH works return 0 fi # 2. Check tinsnip-specific key local tinsnip_key="$HOME/.ssh/tinsnip-${nas_server}" if [[ -f "$tinsnip_key" ]] && ssh -o BatchMode=yes -i "$tinsnip_key" "$nas_server" exit 2>/dev/null; then echo "$tinsnip_key" return 0 fi # 3. Create tinsnip-specific key if needed if create_tinsnip_ssh_key "$nas_server"; then echo "$tinsnip_key" return 0 fi return 1 # SSH setup failed } # Create and install SSH key for NAS server create_tinsnip_ssh_key() { local nas_server="$1" local tinsnip_key="$HOME/.ssh/tinsnip-${nas_server}" log_with_prefix "SSH Setup" "Creating SSH key for $nas_server..." # Ensure .ssh directory exists mkdir -p "$HOME/.ssh" chmod 700 "$HOME/.ssh" # Generate key with descriptive comment if ! ssh-keygen -t ed25519 -f "$tinsnip_key" -N "" -C "tinsnip-$(date +%Y%m%d)-${nas_server}-$(hostname)" >/dev/null 2>&1; then log_with_prefix "SSH Setup" "❌ Failed to generate SSH key" return 1 fi # Install public key on NAS log_with_prefix "SSH Setup" "Installing public key on $nas_server..." if ! ssh-copy-id -i "$tinsnip_key" "$nas_server" >/dev/null 2>&1; then log_with_prefix "SSH Setup" "❌ Failed to install public key on $nas_server" log_with_prefix "SSH Setup" "Please ensure password authentication is enabled" rm -f "$tinsnip_key" "${tinsnip_key}.pub" return 1 fi # Test the new key if ! ssh -o BatchMode=yes -i "$tinsnip_key" "$nas_server" exit 2>/dev/null; then log_with_prefix "SSH Setup" "❌ SSH key test failed" rm -f "$tinsnip_key" "${tinsnip_key}.pub" return 1 fi log_with_prefix "SSH Setup" "✅ SSH key created and installed successfully" return 0 } # Execute SSH command with proper authentication (key or password fallback) ssh_to_nas() { local nas_server="$1" shift local ssh_opts=() # If no username specified in nas_server, prepend current user if [[ "$nas_server" != *@* ]]; then nas_server="${USER}@${nas_server}" fi # Extract SSH options from arguments while [[ $# -gt 0 && "$1" == -* ]]; do ssh_opts+=("$1") shift done # Try to use SSH key or default SSH config local key_path if key_path=$(get_nas_ssh_key "$nas_server" 2>/dev/null); then if [[ "$key_path" == "default" ]]; then # Using default SSH authentication (ssh-agent/~/.ssh/) ssh_opts+=("-o" "BatchMode=yes") else # Using specific SSH key ssh_opts+=("-i" "$key_path" "-o" "BatchMode=yes") fi else # No SSH key found, fall back to password auth ssh_opts+=("-o" "BatchMode=no") fi # Execute SSH with appropriate options ssh "${ssh_opts[@]}" "$nas_server" "$@" } # Test NAS connectivity test_nas_connectivity() { local nas_server="$1" if ssh_to_nas "$nas_server" "echo 'SSH test'" &>/dev/null; then return 0 else return 1 fi } # Setup NAS authentication (interactive, for initial setup) setup_nas_auth() { local nas_server="$1" log_with_prefix "NAS Auth" "Setting up authentication for $nas_server..." if test_nas_connectivity "$nas_server"; then log_with_prefix "NAS Auth" "✅ Authentication already working" return 0 fi log_with_prefix "NAS Auth" "Creating SSH key for passwordless access..." if create_tinsnip_ssh_key "$nas_server"; then log_with_prefix "NAS Auth" "✅ SSH key setup complete" return 0 else warn_with_prefix "NAS Auth" "SSH key setup failed, will use password authentication" return 1 fi }