From 5c609559559b7966d2e2630208a617ec8c6457f6 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Wed, 15 Jan 2025 20:13:04 +0100 Subject: [PATCH 1/3] Update default ssh key location --- build/lib/scripts/wg-vps-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/lib/scripts/wg-vps-setup.sh b/build/lib/scripts/wg-vps-setup.sh index 5117c0ce6..b004f324f 100755 --- a/build/lib/scripts/wg-vps-setup.sh +++ b/build/lib/scripts/wg-vps-setup.sh @@ -9,7 +9,7 @@ NC='\033[0m' # No Color # --- Constants --- readonly WIREGUARD_INSTALL_URL="https://raw.githubusercontent.com/k0gen/wireguard-install/master/wireguard-install.sh" -readonly SSH_KEY_DIR="/etc/NetworkManager/system-connections" +readonly SSH_KEY_DIR="/home/start9/.ssh" readonly SSH_KEY_NAME="id_ed25519" readonly SSH_PRIVATE_KEY="$SSH_KEY_DIR/$SSH_KEY_NAME" readonly SSH_PUBLIC_KEY="$SSH_PRIVATE_KEY.pub" From 897e23e58e2e91cf6f32f91f3ec81a70fa7ccd19 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Thu, 16 Jan 2025 01:55:21 +0100 Subject: [PATCH 2/3] simplify to use existing StartOS SSH keys and fix .ssh permission --- build/lib/scripts/wg-vps-setup.sh | 44 +++++++++---------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/build/lib/scripts/wg-vps-setup.sh b/build/lib/scripts/wg-vps-setup.sh index b004f324f..7805787f0 100755 --- a/build/lib/scripts/wg-vps-setup.sh +++ b/build/lib/scripts/wg-vps-setup.sh @@ -24,13 +24,14 @@ check_root() { if [[ "$EUID" -ne 0 ]]; then exec sudo "$0" "${SCRIPT_ARGS[@]}" fi + sudo chown -R start9:start9 "$SSH_KEY_DIR" } # Function to print banner print_banner() { echo -e "${BLUE}" echo "================================================" - echo " StartOS WireGuard VPS Setup Tool " + echo -e " ${NC}StartOS WireGuard VPS Setup Tool${BLUE} " echo "================================================" echo -e "${NC}" } @@ -73,21 +74,6 @@ validate_ip() { fi } -# Function to generate SSH key -generate_ssh_key() { - echo -e "${BLUE}Generating SSH key...${NC}" - if [ ! -f "$SSH_PRIVATE_KEY" ]; then - ssh-keygen -t ed25519 -f "$SSH_PRIVATE_KEY" -N "" >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${RED}Failed to generate SSH key.${NC}" - exit 1 - fi - echo -e "${GREEN}SSH key generated successfully!${NC}" - else - echo -e "${YELLOW}SSH key already exists at '$SSH_PRIVATE_KEY', skipping key generation.${NC}" - fi -} - # Function to handle StartOS connection (download only) handle_startos_connection() { echo -e "${BLUE}Fetching the WireGuard configuration file...${NC}" @@ -253,13 +239,17 @@ if [ -n "$CUSTOM_SSH_KEY" ]; then fi SSH_PRIVATE_KEY="$CUSTOM_SSH_KEY" SSH_PUBLIC_KEY="$CUSTOM_SSH_KEY.pub" - if [ ! -f "$SSH_PUBLIC_KEY" ]; then - echo -e "${RED}Public key '$SSH_PUBLIC_KEY' not found. Try to create it with 'ssh-keygen -y -f $SSH_PRIVATE_KEY > $SSH_PUBLIC_KEY'${NC}" +else + # Use default StartOS SSH key + if [ ! -f "$SSH_PRIVATE_KEY" ]; then + echo -e "${RED}No SSH key found at default location '$SSH_PRIVATE_KEY'. Please ensure StartOS SSH keys are properly configured.${NC}" exit 1 fi -else - # Generate SSH key if it doesn't exist - generate_ssh_key +fi + +if [ ! -f "$SSH_PUBLIC_KEY" ]; then + echo -e "${RED}Public key '$SSH_PUBLIC_KEY' not found. Please ensure both private and public keys exist.${NC}" + exit 1 fi # If VPS_IP is not provided via command line, ask for it @@ -281,18 +271,10 @@ echo "VPS IP: $VPS_IP" echo "SSH User: $SSH_USER" echo "SSH Port: $SSH_PORT" -# Generate key or let user know it exist -if [ -z "$CUSTOM_SSH_KEY" ]; then - if [ ! -f "$SSH_PRIVATE_KEY" ]; then - echo -e "\nSetting up SSH key-based authentication..." - else - echo -e "\nSSH key already exist, skipping generation" - echo -e "\nSetting up SSH key-based authentication..." - fi -fi +echo -e "\n${GREEN}Proceeding with SSH key-based authentication...${NC}\n" # Copy SSH public key to the remote server -if ! ssh-copy-id -i "$SSH_PUBLIC_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" >/dev/null 2>&1; then +if ! ssh-copy-id -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" >/dev/null 2>&1; then echo -e "${RED}Failed to copy SSH key to the remote server. Please ensure you have correct credentials.${NC}" exit 1 fi From dd4215b9a69a05d489200c8e0d6c0ea4e753a0f5 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Thu, 16 Jan 2025 02:23:06 +0100 Subject: [PATCH 3/3] finetune --- build/lib/scripts/wg-vps-setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build/lib/scripts/wg-vps-setup.sh b/build/lib/scripts/wg-vps-setup.sh index 7805787f0..7511a5173 100755 --- a/build/lib/scripts/wg-vps-setup.sh +++ b/build/lib/scripts/wg-vps-setup.sh @@ -51,7 +51,7 @@ print_usage() { # Function to display end message display_end_message() { echo -e "\n${BLUE}------------------------------------------------------------------${NC}" - echo -e "${GREEN}WireGuard server setup complete!${NC}" + echo -e "${NC}WireGuard server setup complete!" echo -e "${BLUE}------------------------------------------------------------------${NC}" echo -e "\n${YELLOW}To expose your services to the Clearnet, use the following commands on your StartOS system (replace placeholders):${NC}" echo -e "\n ${YELLOW}1. Initialize ACME (This only needs to be done once):${NC}" @@ -274,7 +274,7 @@ echo "SSH Port: $SSH_PORT" echo -e "\n${GREEN}Proceeding with SSH key-based authentication...${NC}\n" # Copy SSH public key to the remote server -if ! ssh-copy-id -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" >/dev/null 2>&1; then +if ! ssh-copy-id -i "$SSH_PUBLIC_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" >/dev/null 2>&1; then echo -e "${RED}Failed to copy SSH key to the remote server. Please ensure you have correct credentials.${NC}" exit 1 fi @@ -309,7 +309,7 @@ if ! install_wireguard; then fi # Remove the local install script -rm wireguard-install.sh +rm wireguard-install.sh >/dev/null 2>&1 # Handle the StartOS config (download) if ! handle_startos_connection; then