Initial commit
This commit is contained in:
71
scripts/ssh-wrap
Executable file
71
scripts/ssh-wrap
Executable file
@@ -0,0 +1,71 @@
|
||||
#!/usr/bin/env bash
|
||||
# Usage: ssh-wrap user@host [ssh-options]
|
||||
# Wrapper to handle SSH host key changes automatically
|
||||
|
||||
set -uo pipefail
|
||||
|
||||
if [[ $# -eq 0 ]]; then
|
||||
echo "Usage: ssh-wrap user@host [ssh-options]" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Capture SSH output
|
||||
output=$(ssh "$@" 2>&1)
|
||||
exit_code=$?
|
||||
|
||||
# Print the SSH output so user sees what happened
|
||||
echo "$output"
|
||||
|
||||
# If SSH succeeded, we're done
|
||||
if [[ $exit_code -eq 0 ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check if the known_hosts warning appears
|
||||
if echo "$output" | grep -q "REMOTE HOST IDENTIFICATION HAS CHANGED"; then
|
||||
echo ""
|
||||
echo "[WARNING] Host key has changed - possible man-in-the-middle attack or host reinstall."
|
||||
|
||||
# Extract the known_hosts file and line number from the "Offending RSA key in ..." line
|
||||
# The line format typically is: "Offending RSA key in /path/to/known_hosts:line"
|
||||
if offending_info=$(echo "$output" | grep "Offending.*key in"); then
|
||||
KNOWN_HOSTS_FILE=$(echo "$offending_info" | awk '{print $5}' | cut -d: -f1)
|
||||
LINE_NUMBER=$(echo "$offending_info" | awk -F: '{print $NF}')
|
||||
|
||||
if [[ -z "$KNOWN_HOSTS_FILE" || -z "$LINE_NUMBER" || ! -f "$KNOWN_HOSTS_FILE" ]]; then
|
||||
echo "[ERROR] Could not extract offending key information or file doesn't exist." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[INFO] Offending key detected in: $KNOWN_HOSTS_FILE on line: $LINE_NUMBER"
|
||||
read -rp "Remove offending key and retry SSH connection? [y/N]: " RESPONSE
|
||||
|
||||
if [[ "$RESPONSE" =~ ^[Yy]$ ]]; then
|
||||
# Backup known_hosts
|
||||
if cp "$KNOWN_HOSTS_FILE" "$KNOWN_HOSTS_FILE.bak"; then
|
||||
echo "[INFO] Backup created: $KNOWN_HOSTS_FILE.bak"
|
||||
else
|
||||
echo "[ERROR] Failed to create backup." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Remove offending line
|
||||
if sed -i "${LINE_NUMBER}d" "$KNOWN_HOSTS_FILE"; then
|
||||
echo "[INFO] Offending key removed. Retrying SSH connection..."
|
||||
ssh "$@"
|
||||
else
|
||||
echo "[ERROR] Failed to remove offending key." >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "[INFO] Key was not removed. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "[ERROR] Could not extract offending key information. Remove it manually if needed." >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
# SSH failed for another reason
|
||||
exit $exit_code
|
||||
fi
|
||||
Reference in New Issue
Block a user