fix(ssh): robust restart helper and use it for ssh restarts

2025-10-03 11:35:53 +02:00
parent 1a67acaafc
commit 44e0c13435
3 changed files with 45 additions and 7 deletions
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -260,6 +260,42 @@ start_and_enable_service() {
    fi
 }

+# Robust SSH restart helper: try sshd, then ssh, then service command
+restart_ssh_service() {
+    log_info "Attempting to restart SSH service using available service name..."
+
+    if systemctl list-unit-files --type=service | grep -q "^sshd.service"; then
+        if sudo systemctl restart sshd; then
+            log_success "sshd.service restarted successfully"
+            return 0
+        else
+            log_warning "Failed to restart sshd.service"
+        fi
+    fi
+
+    if systemctl list-unit-files --type=service | grep -q "^ssh.service"; then
+        if sudo systemctl restart ssh; then
+            log_success "ssh.service restarted successfully"
+            return 0
+        else
+            log_warning "Failed to restart ssh.service"
+        fi
+    fi
+
+    # Fallback to service command
+    if command -v service >/dev/null 2>&1; then
+        if sudo service ssh restart; then
+            log_success "SSH restarted via service ssh restart"
+            return 0
+        else
+            log_warning "Failed to restart SSH via 'service ssh restart'"
+        fi
+    fi
+
+    log_error "Unable to restart SSH service with known methods"
+    return 1
+}
+
 # Configuration management
 save_config() {
    local key="$1"
--- a/lib/network.sh
+++ b/lib/network.sh
@@ -244,10 +244,9 @@ EOF
        return 1
    fi
    
-    # Restart SSH service
-    if sudo systemctl restart sshd; then
-        log_success "SSH service restarted successfully"
-        add_rollback_action "sudo cp ${ssh_config}.bak ${ssh_config} && sudo systemctl restart sshd"
+    # Restart SSH service using helper (handles sshd vs ssh service names)
+    if restart_ssh_service; then
+        add_rollback_action "sudo cp ${ssh_config}.bak ${ssh_config} && restart_ssh_service"
        return 0
    else
        log_error "Failed to restart SSH service"
--- a/lib/security.sh
+++ b/lib/security.sh
@@ -119,12 +119,15 @@ harden_ssh() {
    
    # Test SSH config
    if sudo sshd -t; then
-        sudo systemctl restart sshd
-        log_success "SSH hardened successfully."
+        if restart_ssh_service; then
+            log_success "SSH hardened successfully."
+        else
+            log_warning "SSH configuration valid but failed to restart service via known methods."
+        fi
    else
        log_error "SSH configuration invalid. Restoring backup."
        sudo cp "${ssh_config}.bak" "$ssh_config"
-        sudo systemctl restart sshd
+        restart_ssh_service || true
    fi
 }