root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add interactive credential prompting and fix Home Assistant SSH password authentication

Browse Source 
- Added interactive username/password prompts to cert-manager.py
- Removed requirement for SSH_USER environment variable prefix
- Fixed password authentication in deploy-homeassistant.sh using SSHPASS environment variable
- Added SSH rate limiting delays throughout deployment script
- Improved error handling with SSH connection testing
- Prioritized SSH_USER in detect-system.sh to avoid unnecessary root attempts
- Added StrictHostKeyChecking=no for automated deployments

Tool now works fully interactively - just run ./cert-manager.py and answer prompts
This commit is contained in:
root
2025-12-12 15:38:41 +01:00
parent 823c6a9056
commit 296948f07e
6 changed files with 698 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
generate-csr.sh
View File

@@ -21,6 +21,17 @@ ORG="${6:-egonetix}"
OU="${7:-it}"
KEY_BITS="${8:-4096}"
ADDITIONAL_DNS="${9:-}"
SSH_USER="${SSH_USER:-root}"
SSH_PASSWORD="${SSH_PASSWORD:-}"
# Setup SSH/SCP commands with password support
if [ -n "$SSH_PASSWORD" ] && command -v sshpass >/dev/null 2>&1; then
SSH_CMD="sshpass -p '$SSH_PASSWORD' ssh"
SCP_CMD="sshpass -p '$SSH_PASSWORD' scp"
else
SSH_CMD="ssh"
SCP_CMD="scp"
fi
# Extract short hostname from common name
SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1)
@@ -31,7 +42,7 @@ if [[ "$TARGET_HOST" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
TARGET_IP="$TARGET_HOST"
else
# Try to resolve hostname to IP
TARGET_IP=$(ssh -o ConnectTimeout=5 -o BatchMode=yes root@${TARGET_HOST} "hostname -I | awk '{print \$1}'" 2>/dev/null || echo "")
TARGET_IP=$($SSH_CMD -o ConnectTimeout=5 ${SSH_USER}@${TARGET_HOST} "hostname -I | awk '{print \$1}'" 2>/dev/null || echo "")
if [ -z "$TARGET_IP" ]; then
# Fallback: try local resolution
TARGET_IP=$(getent hosts "$TARGET_HOST" 2>/dev/null | awk '{print $1}' | head -1 || echo "")
@@ -124,21 +135,24 @@ echo "[1/4] Creating OpenSSL configuration..."
echo "$CONFIG_CONTENT" > /tmp/csr_config.conf
echo "[2/4] Copying config to target host..."
scp /tmp/csr_config.conf root@${TARGET_HOST}:/tmp/csr_config.conf
sleep 0.5 # Avoid SSH rate limiting
$SCP_CMD /tmp/csr_config.conf ${SSH_USER}@${TARGET_HOST}:/tmp/csr_config.conf
if [ $? -ne 0 ]; then
echo "Error: Failed to copy config to target host"
exit 1
fi
echo "[3/4] Generating $KEY_BITS-bit RSA key and CSR on target host..."
ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:$KEY_BITS -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
sleep 0.5 # Avoid SSH rate limiting
$SSH_CMD ${SSH_USER}@${TARGET_HOST} "openssl req -new -newkey rsa:$KEY_BITS -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
if [ $? -ne 0 ]; then
echo "Error: Failed to generate CSR on target host"
exit 1
fi
echo "[4/4] Downloading CSR..."
scp root@${TARGET_HOST}:/tmp/${SHORT_NAME}.csr "$OUTPUT_FILE"
sleep 0.5 # Avoid SSH rate limiting
$SCP_CMD ${SSH_USER}@${TARGET_HOST}:/tmp/${SHORT_NAME}.csr "$OUTPUT_FILE"
if [ $? -ne 0 ]; then
echo "Error: Failed to download CSR"
exit 1