fix(ssh): robust restart helper and use it for ssh restarts
This commit is contained in:
Mărcziem ™
@@ -260,6 +260,42 @@ start_and_enable_service() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Robust SSH restart helper: try sshd, then ssh, then service command
|
||||||
|
restart_ssh_service() {
|
||||||
|
log_info "Attempting to restart SSH service using available service name..."
|
||||||
|
|
||||||
|
if systemctl list-unit-files --type=service | grep -q "^sshd.service"; then
|
||||||
|
if sudo systemctl restart sshd; then
|
||||||
|
log_success "sshd.service restarted successfully"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_warning "Failed to restart sshd.service"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if systemctl list-unit-files --type=service | grep -q "^ssh.service"; then
|
||||||
|
if sudo systemctl restart ssh; then
|
||||||
|
log_success "ssh.service restarted successfully"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_warning "Failed to restart ssh.service"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Fallback to service command
|
||||||
|
if command -v service >/dev/null 2>&1; then
|
||||||
|
if sudo service ssh restart; then
|
||||||
|
log_success "SSH restarted via service ssh restart"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_warning "Failed to restart SSH via 'service ssh restart'"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_error "Unable to restart SSH service with known methods"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# Configuration management
|
# Configuration management
|
||||||
save_config() {
|
save_config() {
|
||||||
local key="$1"
|
local key="$1"
|
||||||
|
|||||||
@@ -244,10 +244,9 @@ EOF
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Restart SSH service
|
# Restart SSH service using helper (handles sshd vs ssh service names)
|
||||||
if sudo systemctl restart sshd; then
|
if restart_ssh_service; then
|
||||||
log_success "SSH service restarted successfully"
|
add_rollback_action "sudo cp ${ssh_config}.bak ${ssh_config} && restart_ssh_service"
|
||||||
add_rollback_action "sudo cp ${ssh_config}.bak ${ssh_config} && sudo systemctl restart sshd"
|
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
log_error "Failed to restart SSH service"
|
log_error "Failed to restart SSH service"
|
||||||
|
|||||||
@@ -119,12 +119,15 @@ harden_ssh() {
|
|||||||
|
|
||||||
# Test SSH config
|
# Test SSH config
|
||||||
if sudo sshd -t; then
|
if sudo sshd -t; then
|
||||||
sudo systemctl restart sshd
|
if restart_ssh_service; then
|
||||||
log_success "SSH hardened successfully."
|
log_success "SSH hardened successfully."
|
||||||
|
else
|
||||||
|
log_warning "SSH configuration valid but failed to restart service via known methods."
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
log_error "SSH configuration invalid. Restoring backup."
|
log_error "SSH configuration invalid. Restoring backup."
|
||||||
sudo cp "${ssh_config}.bak" "$ssh_config"
|
sudo cp "${ssh_config}.bak" "$ssh_config"
|
||||||
sudo systemctl restart sshd
|
restart_ssh_service || true
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user