community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
ProxmoxVED/ct/alpine-borgbackup-server.sh
Sander Koenders d2ca6fb861 Add options to enable and disable password authentication 
Using password auth is not recommended, but it can be useful for testing or in environments where public key authentication is not feasible. This commit adds options to enable and disable password authentication in the SSH configuration.
2026-02-17 09:04:47 +01:00

114 lines
4.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Sander Koenders (sanderkoenders)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.borgbackup.org/
APP="Alpine-BorgBackup-Server"
var_tags="${var_tags:-alpine;backup}" # Max 2 tags, semicolon-separated
var_cpu="${var_cpu:-2}" # CPU cores: 1-4 typical
var_ram="${var_ram:-1024}" # RAM in MB: 512, 1024, 2048, etc.
var_disk="${var_disk:-20}" # Disk in GB: 6, 8, 10, 20 typical
var_os="${var_os:-alpine}" # OS: debian, ubuntu, alpine
var_version="${var_version:-3.23}" # OS Version: 13 (Debian), 24.04 (Ubuntu), 3.23 (Alpine)
var_unprivileged="${var_unprivileged:-1}" # 1=unprivileged (secure), 0=privileged (for Docker/Podman)
header_info "$APP" # Display app name and setup header
variables # Initialize build.func variables
color # Load color variables for output
catch_errors # Enable error handling with automatic exit on failure
function update_script() {
header_info
if [[ ! -f /usr/bin/borg ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
CHOICE=$(msg_menu "BorgBackup Server Update Options" \
"1" "Update BorgBackup Server" \
"2" "Reset SSH Access" \
"3" "Enable password authentication for backup user (not recommended, use SSH key instead)" \
"4" "Disable password authentication for backup user (recommended for security, use SSH key)")
case $CHOICE in
1)
msg_info "Updating $APP LXC"
$STD apk -U upgrade
msg_ok "Updated $APP LXC successfully!"
;;
2)
if [[ "${PHS_SILENT:-0}" == "1" ]]; then
msg_warn "Reset SSH Public key requires interactive mode, skipping."
exit
fi
msg_info "Setting up SSH Public Key for backup user"
# Get SSH public key from user
msg_info "Please paste your SSH public key (e.g., ssh-rsa AAAAB3... user@host): \n"
read -p "Key: " SSH_PUBLIC_KEY
echo
if [[ -z "$SSH_PUBLIC_KEY" ]]; then
msg_error "No SSH public key provided!"
exit 1
fi
# Validate that it looks like an SSH public key
if [[ ! "$SSH_PUBLIC_KEY" =~ ^(ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-) ]]; then
msg_error "Invalid SSH public key format!"
exit 1
fi
# Set up SSH directory and authorized_keys file
msg_info "Setting up SSH access"
mkdir -p /home/backup/.ssh
echo "$SSH_PUBLIC_KEY" > /home/backup/.ssh/authorized_keys
# Set correct permissions
chown -R backup:backup /home/backup/.ssh
chmod 700 /home/backup/.ssh
chmod 600 /home/backup/.ssh/authorized_keys
msg_ok "SSH access configured for backup user"
;;
3)
if [[ "${PHS_SILENT:-0}" == "1" ]]; then
msg_warn "Enabling password authentication requires interactive mode, skipping."
exit
fi
msg_info "Enabling password authentication for backup user"
msg_warn "Password authentication is less secure than using SSH keys. Consider using SSH keys instead."
passwd backup
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication yes/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication enabled for backup user"
;;
4)
msg_info "Disabling password authentication for backup user"
sed -i 's/^#*\s*PasswordAuthentication\s\+\(yes\|no\)/PasswordAuthentication no/' /etc/ssh/sshd_config
rc-service sshd restart
msg_ok "Password authentication disabled for backup user"
;;
esac
exit 0
}
start
build_container
description
# ============================================================================
# COMPLETION MESSAGE
# ============================================================================
msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW}Connection information:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}ssh backup@${IP}${CL}"
echo -e "${TAB}${VERIFYPW}${YW}To set SSH key, run this script with the 'update' option and select option 2${CL}"
Reference in New Issue View Git Blame Copy Permalink