Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-30 04:01:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix initiall setup as user and clear messaging (#2848)

Browse Source 
* fix initiall setup as user and clear messaging

* fix this and that :)

* add IPv6 support to validate_ip function

* Use vpn-clearnet as name for the interface

* Rebrand and finish with docs link

* set static clearnet name

* Magic clearnet to the end :D

* change the command name

* the name is magic-clearnet

* wireguard-vps-proxy-setup

* one more fix
This commit is contained in:
Mariusz Kogen
2025-03-30 16:04:34 +02:00
committed by GitHub
parent 0016b4bd72
commit 6ecaeb4fde
2 changed files with 213 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

555
build/lib/scripts/wireguard-vps-proxy-setup Executable file
View File

@@ -0,0 +1,555 @@
#!/bin/bash
# =============================================================================
# Wireguard VPS Proxy Setup
# =============================================================================
#
# This script automates the setup of a WireGuard VPN server on a remote VPS
# for StartOS Clearnet functionality. It handles:
#
# 1. SSH key-based authentication setup
# 2. Root access configuration (if needed)
# 3. WireGuard server installation
# 4. Configuration file generation and import
#
# Usage:
# wireguard-vps-proxy-setup [-h] [-i IP] [-u USERNAME] [-p PORT] [-k SSH_KEY]
#
# Options:
# -h Show help message
# -i VPS IP address
# -u SSH username (default: root)
# -p SSH port (default: 22)
# -k Path to custom SSH private key
#
# Example:
# wireguard-vps-proxy-setup -i 110.18.1.1 -u debian
#
# Note: This script requires root privileges and will auto-elevate if needed.
# =============================================================================
# Colors for better output
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[1;34m'
YELLOW='\033[1;33m'
NC='\033[0;37m' # No Color
# --- Constants ---
readonly WIREGUARD_INSTALL_URL="https://raw.githubusercontent.com/start9labs/wireguard-vps-proxy-setup/master/wireguard-install.sh"
readonly SSH_KEY_DIR="/home/start9/.ssh"
readonly SSH_KEY_NAME="id_ed25519"
readonly SSH_PRIVATE_KEY="$SSH_KEY_DIR/$SSH_KEY_NAME"
readonly SSH_PUBLIC_KEY="$SSH_PRIVATE_KEY.pub"
# Store original arguments
SCRIPT_ARGS=("$@")
# --- Functions ---
# Function to ensure script runs with root privileges by auto-elevating if needed
check_root() {
if [[ "$EUID" -ne 0 ]]; then
exec sudo "$0" "${SCRIPT_ARGS[@]}"
fi
sudo chown -R start9:startos "$SSH_KEY_DIR"
}
# Function to print banner
print_banner() {
echo -e "${BLUE}"
echo "================================================"
echo -e " ${NC}Wireguard VPS Proxy Setup${BLUE} "
echo "================================================"
echo -e "${NC}"
}
# Function to print usage
print_usage() {
echo -e "Usage: $0 [-h] [-i IP] [-u USERNAME] [-p PORT] [-k SSH_KEY]"
echo "Options:"
echo " -h Show this help message"
echo " -i VPS IP address"
echo " -u SSH username (default: root)"
echo " -p SSH port (default: 22)"
echo " -k Path to the custom SSH private key (optional)"
echo " If no key is provided, the default key '$SSH_PRIVATE_KEY' will be used."
}
# Function to display end message
display_end_message() {
echo -e "\n${BLUE}------------------------------------------------------------------${NC}"
echo -e "${GREEN}Wireguard VPS Proxy server setup complete!${NC}"
echo -e "${BLUE}------------------------------------------------------------------${NC}"
echo -e "\n${GREEN}Clearnet functionality has been enabled via VPS (${VPS_IP})${NC}"
echo -e "\n${YELLOW}Next steps:${NC}"
echo -e "Visit https://docs.start9.com to complete the Clearnet setup"
echo -e "\n${BLUE}------------------------------------------------------------------${NC}"
}
# Function to validate IP address
validate_ip() {
local ip=$1
# IPv4 validation
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
# Additional IPv4 validation to ensure each octet is <= 255
local IFS='.'
read -ra ADDR <<< "$ip"
for i in "${ADDR[@]}"; do
if [ "$i" -gt 255 ]; then
return 1
fi
done
return 0
# IPv6 validation
elif [[ $ip =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){6}:[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){5}(:[0-9a-fA-F]{1,4}){1,2}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){4}(:[0-9a-fA-F]{1,4}){1,3}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){3}(:[0-9a-fA-F]{1,4}){1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){2}(:[0-9a-fA-F]{1,4}){1,5}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1}(:[0-9a-fA-F]{1,4}){1,6}$ ]] || \
[[ $ip =~ ^::([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^[0-9a-fA-F]{1,4}::([0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,3}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,2}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,1}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,7}:$ ]] || \
[[ $ip =~ ^::([0-9a-fA-F]{1,4}:){0,7}[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^[0-9a-fA-F]{1,4}::([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,6}(:[0-9a-fA-F]{1,4}){1,1}$ ]] || \
[[ $ip =~ ^([0-9a-fA-F]{1,4}:){1,7}:$ ]] || \
[[ $ip =~ ^::$ ]]; then
return 0
else
return 1
fi
}
# Function for configuring SSH key authentication on remote server
configure_ssh_key_auth() {
echo -e "${BLUE}Configuring SSH key authentication on remote server...${NC}"
ssh -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" '
# Check if PubkeyAuthentication is commented out
if grep -q "^#PubkeyAuthentication" /etc/ssh/sshd_config; then
sed -i "s/^#PubkeyAuthentication.*/PubkeyAuthentication yes/" /etc/ssh/sshd_config
# Check if PubkeyAuthentication exists but is not enabled
elif grep -q "^PubkeyAuthentication" /etc/ssh/sshd_config; then
sed -i "s/^PubkeyAuthentication.*/PubkeyAuthentication yes/" /etc/ssh/sshd_config
# Add PubkeyAuthentication if it doesnt exist
else
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
fi
# Enable root login
if grep -q "^#PermitRootLogin" /etc/ssh/sshd_config; then
sed -i "s/^#PermitRootLogin.*/PermitRootLogin yes/" /etc/ssh/sshd_config
elif grep -q "^PermitRootLogin" /etc/ssh/sshd_config; then
sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/" /etc/ssh/sshd_config
else
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
fi
# Configure AuthorizedKeysFile if needed
if grep -q "^#AuthorizedKeysFile" /etc/ssh/sshd_config; then
sed -i "s/^#AuthorizedKeysFile.*/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/" /etc/ssh/sshd_config
elif ! grep -q "^AuthorizedKeysFile" /etc/ssh/sshd_config; then
echo "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2" >> /etc/ssh/sshd_config
fi
# Reload SSH service
systemctl reload sshd
'
}
# Function to handle StartOS connection (download only)
handle_startos_connection() {
echo -e "${BLUE}Fetching the WireGuard configuration file...${NC}"
# Fetch the client configuration file
config_file=$(ssh -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" 'ls -t ~/*.conf 2>/dev/null | head -n 1')
if [ -z "$config_file" ]; then
echo -e "${RED}Error: No WireGuard configuration file found on the remote server.${NC}"
return 1 # Exit with error
fi
CONFIG_NAME=$(basename "$config_file")
# Download the configuration file
if ! scp -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -P "$SSH_PORT" "$SSH_USER@$VPS_IP":~/"$CONFIG_NAME" ./; then
echo -e "${RED}Error: Failed to download the WireGuard configuration file.${NC}"
return 1 # Exit with error
fi
echo -e "${GREEN}WireGuard configuration file '$CONFIG_NAME' downloaded successfully.${NC}"
return 0
}
# Function to import WireGuard configuration
import_wireguard_config() {
local config_name="$1"
if [ -z "$config_name" ]; then
echo -e "${RED}Error: Configuration file name is missing.${NC}"
return 1
fi
local connection_name=$(basename "$config_name" .conf) #Extract base name without extension
# Check if the connection with same name already exists
if nmcli connection show --active | grep -q "^${connection_name}\s"; then
read -r -p "A connection with the name '$connection_name' already exists. Do you want to override it? (y/N): " answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
nmcli connection delete "$connection_name"
if [ $? -ne 0 ]; then
echo -e "${RED}Error: Failed to delete existing connection '$connection_name'.${NC}"
return 1
fi
# Import if user chose to override or if connection did not exist
if ! nmcli connection import type wireguard file "$config_name"; then
echo -e "${RED}Error: Failed to import the WireGuard configuration using NetworkManager.${NC}"
rm -f "$config_name"
return 1
fi
echo -e "${GREEN}WireGuard configuration '$config_name' has been imported to NetworkManager.${NC}"
rm -f "$config_name"
display_end_message
else
echo -e "${BLUE}Skipping import of the WireGuard configuration.${NC}"
rm -f "$config_name"
return 0
fi
else
# Import if connection did not exist
if command -v nmcli &>/dev/null; then
if ! nmcli connection import type wireguard file "$config_name"; then
echo -e "${RED}Error: Failed to import the WireGuard configuration using NetworkManager.${NC}"
rm -f "$config_name"
return 1
fi
echo -e "${GREEN}WireGuard configuration '$config_name' has been imported to NetworkManager.${NC}"
rm -f "$config_name"
display_end_message
else
echo -e "${YELLOW}Warning: NetworkManager 'nmcli' not found. Configuration file '$config_name' saved in current directory.${NC}"
echo -e "${YELLOW}Import the configuration to your StartOS manually by going to NetworkManager or using wg-quick up <config> command${NC}"
fi
fi
return 0
}
# Function to download the install script
download_install_script() {
echo -e "${BLUE}Downloading latest WireGuard install script...${NC}"
# Download the script
if ! curl -sSf "$WIREGUARD_INSTALL_URL" -o wireguard-install.sh; then
echo -e "${RED}Failed to download WireGuard installation script.${NC}"
return 1
fi
chmod +x wireguard-install.sh
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to chmod +x wireguard install script.${NC}"
return 1
fi
echo -e "${GREEN}WireGuard install script downloaded successfully!${NC}"
return 0
}
# Function to install WireGuard
install_wireguard() {
echo -e "\n${BLUE}Installing WireGuard...${NC}"
# Check if install script exist
if [ ! -f "wireguard-install.sh" ]; then
echo -e "${RED}WireGuard install script is missing. Did it failed to download?${NC}"
return 1
fi
# Run the remote install script and let it complete
if ! ssh -o ConnectTimeout=60 -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" -t "$SSH_USER@$VPS_IP" "bash -c 'export TERM=xterm-256color; export STARTOS_HOSTNAME=clearnet; bash ~/wireguard-install.sh'"; then
echo -e "${RED}WireGuard installation failed on remote server.${NC}"
return 1
fi
# Test if wireguard installed
if ! ssh -q -o BatchMode=yes -o ConnectTimeout=5 -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" "test -f /etc/wireguard/wg0.conf"; then
echo -e "\n${RED}WireGuard installation failed because /etc/wireguard/wg0.conf is missing, which means the script removed it.${NC}"
return 1
fi
echo -e "\n${GREEN}WireGuard installation completed successfully!${NC}"
return 0
}
# Function to enable root login via SSH
enable_root_login() {
echo -e "${BLUE}Checking and configuring root SSH access...${NC}"
# Try to modify sshd config using sudo
if ! ssh -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" '
# Check if we can use sudo without password
if ! sudo -n true 2>/dev/null; then
echo -e "\033[1;33mNOTE: You may be prompted for your sudo password.\033[0m"
fi
# Check if user is in sudo group
if ! groups | grep -q sudo; then
echo -e "\033[1;31mError: Your user is not in the sudo group. Root access cannot be configured.\033[0m"
exit 1
fi
# Backup sshd config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# Enable root login with SSH keys only
if sudo grep -q "^PermitRootLogin" /etc/ssh/sshd_config; then
sudo sed -i "s/^PermitRootLogin.*/PermitRootLogin prohibit-password/" /etc/ssh/sshd_config
else
echo "PermitRootLogin prohibit-password" | sudo tee -a /etc/ssh/sshd_config
fi
# Ensure password authentication is disabled
if sudo grep -q "^PasswordAuthentication" /etc/ssh/sshd_config; then
sudo sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
else
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
fi
# Set up root SSH directory and keys
echo -e "\033[1;33mSetting up root SSH access...\033[0m"
sudo mkdir -p /root/.ssh
sudo cp ~/.ssh/authorized_keys /root/.ssh/
sudo chown -R root:root /root/.ssh
sudo chmod 700 /root/.ssh
sudo chmod 600 /root/.ssh/authorized_keys
# Reload SSH service
sudo systemctl reload sshd
# Verify the changes
if ! sudo grep -q "^PermitRootLogin prohibit-password" /etc/ssh/sshd_config; then
echo -e "\033[1;31mError: Failed to verify root login configuration.\033[0m"
exit 1
fi
# Test root SSH access
if ! sudo -n true 2>/dev/null; then
echo -e "\033[1;33mNOTE: Please try to log in as root now using your SSH key.\033[0m"
echo -e "\033[1;33mIf successful, run this script again without the -u parameter.\033[0m"
else
echo -e "\033[1;32mRoot SSH access has been configured successfully!\033[0m"
fi
'; then
echo -e "${RED}Failed to configure root SSH access.${NC}"
return 1
fi
echo -e "${GREEN}Root SSH access has been configured successfully!${NC}"
echo -e "${YELLOW}Please try to log in as root now using your SSH key. If successful, run this script again without the -u parameter.${NC}"
return 0
}
# --- Main Script ---
# Initialize variables
VPS_IP=""
SSH_USER="root"
SSH_PORT="22"
CUSTOM_SSH_KEY=""
CONFIG_NAME=""
# Check if the script is run as root before anything else
check_root
# Print banner
print_banner
# Parse command line arguments
while getopts "hi:u:p:k:" opt; do
case $opt in
h)
print_usage
exit 0
;;
i)
VPS_IP=$OPTARG
;;
u)
SSH_USER=$OPTARG
;;
p)
SSH_PORT=$OPTARG
;;
k)
CUSTOM_SSH_KEY=$OPTARG
;;
\?)
echo "Invalid option: -$OPTARG" >&2
print_usage
exit 1
;;
esac
done
# Check if custom SSH key is passed and update the private key variable
if [ -n "$CUSTOM_SSH_KEY" ]; then
if [ ! -f "$CUSTOM_SSH_KEY" ]; then
echo -e "${RED}Custom SSH key '$CUSTOM_SSH_KEY' not found.${NC}"
exit 1
fi
SSH_PRIVATE_KEY="$CUSTOM_SSH_KEY"
SSH_PUBLIC_KEY="$CUSTOM_SSH_KEY.pub"
else
# Use default StartOS SSH key
if [ ! -f "$SSH_PRIVATE_KEY" ]; then
echo -e "${RED}No SSH key found at default location '$SSH_PRIVATE_KEY'. Please ensure StartOS SSH keys are properly configured.${NC}"
exit 1
fi
fi
if [ ! -f "$SSH_PUBLIC_KEY" ]; then
echo -e "${RED}Public key '$SSH_PUBLIC_KEY' not found. Please ensure both private and public keys exist.${NC}"
exit 1
fi
# If VPS_IP is not provided via command line, ask for it
if [ -z "$VPS_IP" ]; then
while true; do
echo -n "Please enter your VPS IP address: "
read VPS_IP
if validate_ip "$VPS_IP"; then
break
else
echo -e "${RED}Invalid IP address format. Please try again.${NC}"
fi
done
fi
# Confirm SSH connection details
echo -e "\n${GREEN}Connection details:${NC}"
echo "VPS IP: $VPS_IP"
echo "SSH User: $SSH_USER"
echo "SSH Port: $SSH_PORT"
echo -e "\n${GREEN}Proceeding with SSH key-based authentication...${NC}\n"
# Copy SSH public key to the remote server
if ! ssh-copy-id -i "$SSH_PUBLIC_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP"; then
echo -e "${RED}Failed to copy SSH key to the remote server. Please ensure you have correct credentials.${NC}"
exit 1
fi
echo -e "${GREEN}SSH key-based authentication configured successfully!${NC}"
# Test SSH connection using key-based authentication
echo -e "\nTesting SSH connection with key-based authentication..."
if ! ssh -q -o BatchMode=yes -o ConnectTimeout=5 -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" 'exit'; then
echo -e "${RED}SSH connection test failed. Please check your credentials and try again.${NC}"
exit 1
fi
# If we're connecting as a non-root user, set up root access first
if [ "$SSH_USER" != "root" ]; then
echo -e "\n${YELLOW}You are connecting as a non-root user. This script needs to enable root SSH access.${NC}"
echo -e "${YELLOW}This is a one-time setup that will allow direct root login for WireGuard installation.${NC}"
echo -n -e "${YELLOW}Would you like to proceed? (y/N): ${NC}"
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
if enable_root_login; then
echo -e "\n${BLUE}------------------------------------------------------------------${NC}"
echo -e "${GREEN}Root SSH access has been configured successfully!${NC}"
echo -e "${YELLOW}Please run this script again without the -u parameter to continue setup.${NC}"
echo -e "${BLUE}------------------------------------------------------------------${NC}"
exit 0
else
echo -e "${RED}Failed to configure root SSH access. Please check your sudo privileges and try again.${NC}"
exit 1
fi
else
echo -e "\n${BLUE}------------------------------------------------------------------${NC}"
echo -e "${YELLOW}To manually configure SSH for root access:${NC}"
echo -e "\n ${YELLOW}1. Connect to your VPS and edit sshd_config:${NC}"
echo " sudo nano /etc/ssh/sshd_config"
echo -e "\n ${YELLOW}2. Find and uncomment or add these lines:${NC}"
echo " PubkeyAuthentication yes"
echo " PermitRootLogin yes"
echo " AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2"
echo -e "\n ${YELLOW}3. Restart the SSH service:${NC}"
echo " sudo systemctl restart sshd"
echo -e "\n ${YELLOW}4. Copy your SSH key to root user:${NC}"
echo " sudo mkdir -p /root/.ssh"
echo " sudo cp ~/.ssh/authorized_keys /root/.ssh/"
echo " sudo chown -R root:root /root/.ssh"
echo " sudo chmod 700 /root/.ssh"
echo " sudo chmod 600 /root/.ssh/authorized_keys"
echo -e "${BLUE}------------------------------------------------------------------${NC}"
echo -e "\n${YELLOW}After completing these steps, run this script again without the -u parameter.${NC}"
exit 1
fi
fi
# Check if root login is permitted when connecting as root
if [ "$SSH_USER" = "root" ]; then
# Check for both "yes" and "prohibit-password" as valid root login settings
if ! ssh -q -o BatchMode=yes -o ConnectTimeout=5 -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_USER@$VPS_IP" 'grep -q "^PermitRootLogin.*\(yes\|prohibit-password\)" /etc/ssh/sshd_config'; then
echo -e "\n${RED}Root SSH login is not enabled on your VPS.${NC}"
echo -e "\n${YELLOW}Would you like this script to automatically enable root SSH access? (y/N):${NC} "
read -r answer
if [[ "$answer" =~ ^[Yy]$ ]]; then
configure_ssh_key_auth
else
echo -e "\n${BLUE}------------------------------------------------------------------${NC}"
echo -e "${YELLOW}To manually configure SSH for root access:${NC}"
echo -e "\n ${YELLOW}1. Connect to your VPS and edit sshd_config:${NC}"
echo " sudo nano /etc/ssh/sshd_config"
echo -e "\n ${YELLOW}2. Find and uncomment or add these lines:${NC}"
echo " PubkeyAuthentication yes"
echo " PermitRootLogin prohibit-password"
echo " AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2"
echo -e "\n ${YELLOW}3. Restart the SSH service:${NC}"
echo " sudo systemctl restart sshd"
echo -e "${BLUE}------------------------------------------------------------------${NC}"
echo -e "\n${YELLOW}Please enable root SSH access and run this script again.${NC}"
exit 1
fi
fi
fi
echo -e "${GREEN}SSH connection successful with key-based authentication!${NC}"
# Download the WireGuard install script locally
if ! download_install_script; then
echo -e "${RED}Failed to download the latest install script. Exiting...${NC}"
exit 1
fi
# Upload the install script to the remote server
if ! scp -i "$SSH_PRIVATE_KEY" -o StrictHostKeyChecking=no -P "$SSH_PORT" wireguard-install.sh "$SSH_USER@$VPS_IP":~/; then
echo -e "${RED}Failed to upload WireGuard install script to the remote server.${NC}"
exit 1
fi
# Install WireGuard on remote server using the downloaded script
if ! install_wireguard; then
echo -e "${RED}WireGuard installation failed.${NC}"
exit 1
fi
# Remove the local install script
rm wireguard-install.sh >/dev/null 2>&1
# Handle the StartOS config (download)
if ! handle_startos_connection; then
echo -e "${RED}StartOS configuration download failed!${NC}"
exit 1
fi
# Import the configuration
if ! import_wireguard_config "$CONFIG_NAME"; then
echo -e "${RED}StartOS configuration import failed or skipped!${NC}"
fi