safebox/backup-server
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Refactor SSH connection checks in start_backup.sh to improve error handling and authentication verification

Browse Source
This commit is contained in:
gyurix
2025-08-27 11:06:50 +02:00
parent def79b992a
commit 1753b8ddda
1 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
start_backup.sh
View File

@@ -57,28 +57,24 @@ fi
# creating cycle for backup services # creating cycle for backup services
for BACKUP in $( echo -n $SSH_HOST) ; do for BACKUP in $( echo -n $SSH_HOST) ; do
# check backup client availability # check backup client availability
RESPONSE=$(echo "exit" | timeout 5 telnet $BACKUP $SSH_PORT | grep Connected) RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes -p $SSH_PORT $SSH_USER@$BACKUP /bin/true 2>&1)
echo "RESPONSE: $RESPONSE" echo "RESPONSE: $RESPONSE"
if [ "$RESPONSE" == "" ]; then if [ "$(echo $RESPONSE | grep -o resolve)" != "" ]; then
echo "Expected backup client $BACKUP on port $SSH_PORT currently not available" echo "Expected backup client $BACKUP on port $SSH_PORT currently not available"
continue continue
fi fi
# set backup client IP addresses and ports # set backup client IP addresses and ports
sshpass -p "$SSH_PASSWORD" ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -p $SSH_PORT $SSH_USER@$BACKUP exit 2>/dev/null RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes -p $SSH_PORT $SSH_USER@$BACKUP /bin/true 2>&1)
PASSWORD_AUTH_EXIT_CODE=$? echo "RESPONSE: $RESPONSE"
echo "PASSWORD_AUTH_EXIT_CODE: $PASSWORD_AUTH_EXIT_CODE" if [ "$(echo $RESPONSE | grep -o password)" != "" ]; then
if [ $PASSWORD_AUTH_EXIT_CODE -eq 0 ]; then
echo "SSH password authentication enabled" echo "SSH password authentication enabled"
sshpass -p "$SSH_PASSWORD" ssh -p $SSH_PORT -i $SSH_DIR/id_$key_type $SSH_USER@$BACKUP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" < $SSH_DIR/id_$key_type.pub sshpass -p "$SSH_PASSWORD" ssh -p $SSH_PORT -i $SSH_DIR/id_$key_type $SSH_USER@$BACKUP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" < $SSH_DIR/id_$key_type.pub
ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP sed -i "s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g" .ssh/server/sshd_config ssh -i $SSH_DIR/id_$key_type -p $SSH_PORT $SSH_USER@$BACKUP sed -i "s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g" .ssh/server/sshd_config
sleep 2 sleep 2
fi fi
sshpass -p "$SSH_PASSWORD" ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o BatchMode=yes -o ConnectTimeout=5 -p $SSH_PORT $SSH_USER@$BACKUP exit 2>/dev/null RESPONSE=$(ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o ConnectTimeout=5 -o BatchMode=yes -p $SSH_PORT $SSH_USER@$BACKUP /bin/true 2>&1)
PASSWORD_AUTH_EXIT_CODE=$? echo "RESPONSE: $RESPONSE"
echo "PASSWORD_AUTH_EXIT_CODE: $PASSWORD_AUTH_EXIT_CODE" if [ "$(echo $RESPONSE | grep -o password)" == "" ]; then
# check ssh connection via pub key
if [ $PASSWORD_AUTH_EXIT_CODE -ne 0 ]; then
echo "SSH password authentication is disabled on the server." echo "SSH password authentication is disabled on the server."
# check borg backup state # check borg backup state