From 7fb9b9c5818436008d54b1be71a55129036a8d8f Mon Sep 17 00:00:00 2001 From: shokollm <270575765+shokollm@users.noreply.github.com> Date: Mon, 30 Mar 2026 03:37:07 +0000 Subject: [PATCH 1/5] feat(issue-11): add SSH setup script and kugetsu-setup documentation - Add sshd-setup.sh: automated SSH setup inside container - Checks for systemd prerequisite - Creates non-root user (configurable via argument, fallback to 'kugetsu') - Configures sshd for key-only authentication - Configures passwordless sudo for the user - Enables and starts sshd via systemd - Add docs/kugetsu-setup.md: unified setup documentation - Container setup (Incus, Docker) - SSH setup (automated + manual steps) - Host-side port forwarding (Incus, firewall) - kugetsu installation - Usage guide - Remote access via SSH --- docs/kugetsu-setup.md | 327 +++++++++++++++++++++++++++ skills/kugetsu/scripts/sshd-setup.sh | 79 +++++++ 2 files changed, 406 insertions(+) create mode 100644 docs/kugetsu-setup.md create mode 100755 skills/kugetsu/scripts/sshd-setup.sh diff --git a/docs/kugetsu-setup.md b/docs/kugetsu-setup.md new file mode 100644 index 0000000..823269e --- /dev/null +++ b/docs/kugetsu-setup.md @@ -0,0 +1,327 @@ +# kugetsu Setup Guide + +This guide covers setting up a server/container with kugetsu for remote agent interaction. + +## Table of Contents + +1. [Prerequisites](#prerequisites) +2. [Container Setup](#container-setup) +3. [SSH Setup](#ssh-setup) +4. [kugetsu Installation](#kugetsu-installation) +5. [Usage](#usage) +6. [Remote Access via SSH](#remote-access-via-ssh) + +--- + +## Prerequisites + +- Linux container (Incus, Docker, Podman, etc.) +- systemd available inside container +- SSH key for authentication (RSA, ED25519, or ECDSA) + +--- + +## Container Setup + +### Incus + +```bash +# Create container +incus launch images:debian/12 + +# Or use an existing container +incus exec -- bash + +# Ensure systemd is installed (Debian/Ubuntu) +incus exec -- apt-get update +incus exec -- apt-get install -y systemd + +# Enable systemd as PID 1 (if using systemd in container) +incus config set init.launchd.systemd true +``` + +### Docker/Podman + +```bash +# Use an image with systemd support +docker run -d --name \ + --systemd=always \ + -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ + debian:12 \ + /sbin/init +``` + +--- + +## SSH Setup + +### Quick Setup (Automated) + +Run the setup script inside your container: + +```bash +curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/sshd-setup.sh | bash -s -- +``` + +Replace `` with your preferred username, or omit to use default `kugetsu`. + +### Manual Setup + +If you prefer to set up SSH manually: + +#### 1. Install openssh-server + +```bash +apt-get update && apt-get install -y openssh-server sudo +``` + +#### 2. Create non-root user + +```bash +# Create user (e.g., 'agent') +useradd -m -s /bin/bash agent + +# Or use an existing user +``` + +#### 3. Configure SSH + +Edit `/etc/ssh/sshd_config`: + +``` +PasswordAuthentication no +PubkeyAuthentication yes +PermitRootLogin no +``` + +#### 4. Add SSH public key + +```bash +mkdir -p /home//.ssh +chmod 700 /home//.ssh +echo 'YOUR_PUBLIC_KEY' >> /home//.ssh/authorized_keys +chmod 600 /home//.ssh/authorized_keys +chown -R : /home//.ssh +``` + +#### 5. Configure sudo for passwordless access + +```bash +echo ' ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/ +chmod 0440 /etc/sudoers.d/ +``` + +#### 6. Start sshd + +```bash +systemctl enable sshd +systemctl start sshd +``` + +### Host-Side Port Forwarding + +To access SSH from outside the host, configure port forwarding: + +#### Incus + +```bash +# On the HOST (not inside container) +incus config device add sshd proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22 +``` + +#### Firewall + +```bash +# Allow SSH on host +ufw allow 2222/tcp + +# Or using iptables +iptables -A INPUT -p tcp --dport 2222 -j ACCEPT +``` + +### Verify SSH Setup + +```bash +# Test connection from host to container +ssh -p 2222 @localhost + +# Verify sudo access +ssh -p 2222 @localhost sudo systemctl status sshd +``` + +--- + +## kugetsu Installation + +### Automated Install + +```bash +curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/kugetsu-install.sh | bash +``` + +### Manual Install + +```bash +# Clone repository +git clone https://git.fbrns.co/shoko/kugetsu.git + +# Run install script +bash kugetsu/skills/kugetsu/scripts/kugetsu-install.sh + +# Reload shell or source bashrc +source ~/.bashrc +``` + +--- + +## Usage + +kugetsu provides session management for opencode. + +### Initialize + +```bash +# Create base session (requires TTY) +kugetsu init +``` + +### Start Task + +```bash +# Start new session for an issue +kugetsu start + +# Example +kugetsu start github.com/shoko/kugetsu#11 "Implement SSH setup" +``` + +### Continue Task + +```bash +# Continue existing session +kugetsu continue [message] + +# Resume with auto-filled last message +kugetsu continue github.com/shoko/kugetsu#11 +``` + +### List Sessions + +```bash +# List interrupted sessions (default) +kugetsu list + +# List all sessions +kugetsu list --all +``` + +### Destroy Session + +```bash +# Destroy session for issue +kugetsu destroy [-y] + +# Destroy base session +kugetsu destroy --base [-y] +``` + +### Help + +```bash +kugetsu help +``` + +--- + +## Remote Access via SSH + +Once SSH is configured, you can interact with kugetsu from anywhere: + +### Basic SSH Access + +```bash +# Connect to container +ssh -p 2222 @ + +# Run kugetsu commands +kugetsu list +kugetsu start github.com/shoko/kugetsu#11 "Fix bug" +``` + +### Spawn and Forget + +For long-running tasks, SSH and spawn: + +```bash +ssh -p 2222 @ \ + "kugetsu start github.com/shoko/kugetsu#11 'Implement feature' && echo 'Task done' | tee /tmp/task.log" +``` + +### Port Forwarding for Web UI + +If opencode has a web UI: + +```bash +ssh -p 2222 -L 3000:localhost:3000 @ +``` + +### SCP/File Transfer + +```bash +# Copy files from container +scp -P 2222 @:/path/in/container ./local-path + +# Copy files to container +scp -P 2222 ./local-file @:/path/in/container +``` + +--- + +## Security Notes + +- **Key-only authentication**: Password authentication is disabled +- **Non-root user**: SSH user has limited privileges but can sudo +- **Firewall**: Only port 2222 is exposed (not 22 on host) +- **Container isolation**: Host filesystem is protected by container boundaries + +--- + +## Troubleshooting + +### SSH Connection Refused + +```bash +# Check sshd status inside container +ssh -p 2222 @ sudo systemctl status sshd + +# Restart sshd +ssh -p 2222 @ sudo systemctl restart sshd +``` + +### Permission Denied (Public Key) + +```bash +# Verify authorized_keys on container +ssh -p 2222 @ cat ~/.ssh/authorized_keys + +# Check key permissions +ssh -p 2222 @ ls -la ~/.ssh/ +``` + +### kugetsu Command Not Found + +```bash +# Check PATH +ssh -p 2222 @ 'echo $PATH' + +# Re-run install +ssh -p 2222 @ 'bash ~/.kugetsu/scripts/kugetsu-install.sh' +``` + +--- + +## See Also + +- [kugetsu Skill](../skills/kugetsu/SKILL.md) - Full kugetsu documentation +- [kugetsu Architecture](kugetsu-architecture.md) - Technical details +- [Subagent Workflow](SUBAGENT_WORKFLOW.md) - Multi-agent orchestration \ No newline at end of file diff --git a/skills/kugetsu/scripts/sshd-setup.sh b/skills/kugetsu/scripts/sshd-setup.sh new file mode 100755 index 0000000..1eca205 --- /dev/null +++ b/skills/kugetsu/scripts/sshd-setup.sh @@ -0,0 +1,79 @@ +#!/bin/bash +set -euo pipefail + +USERNAME="${1:-kugetsu}" + +echo "=== kugetsu SSH Setup ===" +echo "Target user: $USERNAME" +echo "" + +if ! command -v systemctl &> /dev/null; then + echo "ERROR: systemd not found." + echo "" + echo "This script requires systemd to be installed and running inside the container." + echo "Please install systemd first:" + echo " apt-get update && apt-get install -y systemd" + echo "" + echo "If you are running in a container that doesn't support systemd, consider:" + echo " - Using a container image with systemd support" + echo " - Running sshd directly (without systemd) - manual setup required" + exit 1 +fi + +echo "[1/6] Updating package lists..." +apt-get update -qq + +echo "[2/6] Installing openssh-server..." +apt-get install -y -qq openssh-server sudo + +echo "[3/6] Creating user '$USERNAME' if not exists..." +if ! id "$USERNAME" &> /dev/null; then + useradd -m -s /bin/bash "$USERNAME" + echo "User '$USERNAME' created." +else + echo "User '$USERNAME' already exists." +fi + +echo "[4/6] Configuring SSH for key-only authentication..." +SSHD_CONFIG="/etc/ssh/sshd_config" +sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG" +sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONFIG" +sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONFIG" +echo "SSH configured: key-only auth, root login disabled." + +echo "[5/6] Configuring sudo for passwordless access..." +SUDOERS_FILE="/etc/sudoers.d/$USERNAME" +echo "$USERNAME ALL=(ALL) NOPASSWD: ALL" > "$SUDOERS_FILE" +chmod 0440 "$SUDOERS_FILE" +echo "Sudo configured: $USERNAME can run sudo without password." + +echo "[6/6] Enabling and starting sshd..." +systemctl enable sshd +systemctl restart sshd + +if systemctl is-active --quiet sshd; then + echo "sshd is running." +else + echo "WARNING: sshd may not have started correctly. Check with: systemctl status sshd" +fi + +echo "" +echo "=== Setup Complete ===" +echo "" +echo "Next steps:" +echo "" +echo "1. Add your SSH public key to authorized_keys:" +echo " mkdir -p /home/$USERNAME/.ssh" +echo " chmod 700 /home/$USERNAME/.ssh" +echo " echo 'YOUR_PUBLIC_KEY' >> /home/$USERNAME/.ssh/authorized_keys" +echo " chmod 600 /home/$USERNAME/.ssh/authorized_keys" +echo " chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh" +echo "" +echo "2. Connect from remote:" +echo " ssh -p 2222 $USERNAME@" +echo "" +echo " (Requires host-side port forwarding - see docs/kugetsu-setup.md)" +echo "" +echo "3. Verify SSH access:" +echo " ssh -p 2222 $USERNAME@ sudo systemctl status sshd" +echo "" \ No newline at end of file From 1e2d88d811c59f4124ccebd429a54c2232ba2103 Mon Sep 17 00:00:00 2001 From: shokollm <270575765+shokollm@users.noreply.github.com> Date: Mon, 30 Mar 2026 03:39:51 +0000 Subject: [PATCH 2/5] docs(kugetsu): add SSH remote access section to SKILL.md - Add 'Remote Access via SSH (Optional)' section - Documents automated sshd-setup.sh usage - Explains what the setup does - Shows remote usage examples - Links to full docs/kugetsu-setup.md for host-side configuration --- skills/kugetsu/SKILL.md | 42 ++++++++++++++++++++++++++++ skills/kugetsu/scripts/sshd-setup.sh | 0 2 files changed, 42 insertions(+) mode change 100755 => 100644 skills/kugetsu/scripts/sshd-setup.sh diff --git a/skills/kugetsu/SKILL.md b/skills/kugetsu/SKILL.md index 17f0537..ee3217b 100644 --- a/skills/kugetsu/SKILL.md +++ b/skills/kugetsu/SKILL.md @@ -192,6 +192,48 @@ If opencode sessions become out of sync: 2. `kugetsu prune` removes orphaned files 3. For full reset: `kugetsu destroy --base -y && kugetsu init` +## Remote Access via SSH (Optional) + +To access kugetsu from a remote machine, SSH setup is required. + +### Automated Setup + +Run the SSH setup script inside your container: + +```bash +bash skills/kugetsu/scripts/sshd-setup.sh +``` + +Omit `` to use default user `kugetsu`. + +### What It Does + +- Checks systemd prerequisite +- Creates non-root user +- Configures SSH for key-only authentication +- Enables passwordless sudo for the user +- Starts sshd via systemd + +### After Setup + +1. Add your SSH public key to `~/.ssh/authorized_keys` on the container +2. Configure port forwarding on the host (see [docs/kugetsu-setup.md](../../docs/kugetsu-setup.md)) +3. Connect: `ssh -p 2222 @` + +### Remote Usage + +Once connected via SSH, kugetsu works the same as local: + +```bash +kugetsu list +kugetsu start github.com/shoko/kugetsu#14 "fix bug" +kugetsu continue github.com/shoko/kugetsu#14 +``` + +### Documentation + +See [docs/kugetsu-setup.md](../../docs/kugetsu-setup.md) for full remote access setup including host-side port forwarding and firewall configuration. + ## Without kugetsu If kugetsu is not available, use opencode directly: diff --git a/skills/kugetsu/scripts/sshd-setup.sh b/skills/kugetsu/scripts/sshd-setup.sh old mode 100755 new mode 100644 From 0563e7bced5b92ff5b1c23e2a1377aea863316ab Mon Sep 17 00:00:00 2001 From: shokollm <270575765+shokollm@users.noreply.github.com> Date: Mon, 30 Mar 2026 03:42:53 +0000 Subject: [PATCH 3/5] docs: add chmod +x instruction before executing scripts Users should explicitly grant execute permission to downloaded scripts for transparency and security best practices. --- docs/kugetsu-setup.md | 11 ++++++++++- skills/kugetsu/SKILL.md | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/kugetsu-setup.md b/docs/kugetsu-setup.md index 823269e..0a826b7 100644 --- a/docs/kugetsu-setup.md +++ b/docs/kugetsu-setup.md @@ -60,7 +60,16 @@ docker run -d --name \ Run the setup script inside your container: ```bash -curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/sshd-setup.sh | bash -s -- +curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/sshd-setup.sh -o sshd-setup.sh +chmod +x sshd-setup.sh +bash sshd-setup.sh +``` + +Or if you have cloned the repository: + +```bash +chmod +x skills/kugetsu/scripts/sshd-setup.sh +bash skills/kugetsu/scripts/sshd-setup.sh ``` Replace `` with your preferred username, or omit to use default `kugetsu`. diff --git a/skills/kugetsu/SKILL.md b/skills/kugetsu/SKILL.md index ee3217b..6cb7cc4 100644 --- a/skills/kugetsu/SKILL.md +++ b/skills/kugetsu/SKILL.md @@ -201,6 +201,7 @@ To access kugetsu from a remote machine, SSH setup is required. Run the SSH setup script inside your container: ```bash +chmod +x skills/kugetsu/scripts/sshd-setup.sh bash skills/kugetsu/scripts/sshd-setup.sh ``` From 4da4d46bd1886abc9a8b6b74dca5ef3310a3205f Mon Sep 17 00:00:00 2001 From: shokollm <270575765+shokollm@users.noreply.github.com> Date: Mon, 30 Mar 2026 04:03:00 +0000 Subject: [PATCH 4/5] docs(kugetsu-setup): simplify - remove Docker section and curl downloads - Remove Docker/Podman section (not tested by maintainer) - Remove curl download instructions (assume user cloned repo) - Add note that Incus systemd config may vary by version - Update troubleshooting to reflect cloned repo path --- docs/kugetsu-setup.md | 44 +++++++++---------------------------------- 1 file changed, 9 insertions(+), 35 deletions(-) diff --git a/docs/kugetsu-setup.md b/docs/kugetsu-setup.md index 0a826b7..a0098cd 100644 --- a/docs/kugetsu-setup.md +++ b/docs/kugetsu-setup.md @@ -36,37 +36,20 @@ incus exec -- bash incus exec -- apt-get update incus exec -- apt-get install -y systemd -# Enable systemd as PID 1 (if using systemd in container) -incus config set init.launchd.systemd true -``` +# Enable systemd in container (Incus specific - verify with your setup) +incus config set security.syscalls.intercept.systemd true -### Docker/Podman - -```bash -# Use an image with systemd support -docker run -d --name \ - --systemd=always \ - -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ - debian:12 \ - /sbin/init -``` +> **Note:** Container must be privileged or have CAP_SYS_ADMIN for systemd features. +> The exact command may vary by Incus version - check Incus documentation for your setup. --- ## SSH Setup -### Quick Setup (Automated) +### Automated Setup Run the setup script inside your container: -```bash -curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/sshd-setup.sh -o sshd-setup.sh -chmod +x sshd-setup.sh -bash sshd-setup.sh -``` - -Or if you have cloned the repository: - ```bash chmod +x skills/kugetsu/scripts/sshd-setup.sh bash skills/kugetsu/scripts/sshd-setup.sh @@ -165,17 +148,8 @@ ssh -p 2222 @localhost sudo systemctl status sshd ### Automated Install ```bash -curl -fsSL https://raw.githubusercontent.com/shoko/kugetsu/main/skills/kugetsu/scripts/kugetsu-install.sh | bash -``` - -### Manual Install - -```bash -# Clone repository -git clone https://git.fbrns.co/shoko/kugetsu.git - -# Run install script -bash kugetsu/skills/kugetsu/scripts/kugetsu-install.sh +# If you have cloned the repository +bash skills/kugetsu/scripts/kugetsu-install.sh # Reload shell or source bashrc source ~/.bashrc @@ -323,8 +297,8 @@ ssh -p 2222 @ ls -la ~/.ssh/ # Check PATH ssh -p 2222 @ 'echo $PATH' -# Re-run install -ssh -p 2222 @ 'bash ~/.kugetsu/scripts/kugetsu-install.sh' +# Re-run install (if repo is cloned on container) +ssh -p 2222 @ 'bash ~/path/to/kugetsu/skills/kugetsu/scripts/kugetsu-install.sh' ``` --- From 3c92a12f28e647fd41d590f8c10445341e2ffe6c Mon Sep 17 00:00:00 2001 From: shokollm <270575765+shokollm@users.noreply.github.com> Date: Mon, 30 Mar 2026 04:27:23 +0000 Subject: [PATCH 5/5] feat(sshd-setup): multi-distro support and verification steps - sshd-setup.sh: Auto-detect OS (Debian/Ubuntu/Fedora/RHEL/CentOS) - Use appropriate package manager (apt-get vs dnf) - Add verification steps after each major phase - Exit with error if sshd installation fails - Exit with error if sshd doesn't start successfully - Add troubleshooting section in output - kugetsu-install.sh: Add verification that kugetsu binary exists - kugetsu-setup.md: Document multi-distro installation commands --- docs/kugetsu-setup.md | 28 +++++- skills/kugetsu/scripts/kugetsu-install.sh | 8 ++ skills/kugetsu/scripts/sshd-setup.sh | 100 +++++++++++++++++++--- 3 files changed, 121 insertions(+), 15 deletions(-) diff --git a/docs/kugetsu-setup.md b/docs/kugetsu-setup.md index a0098cd..aa3d77b 100644 --- a/docs/kugetsu-setup.md +++ b/docs/kugetsu-setup.md @@ -26,16 +26,23 @@ This guide covers setting up a server/container with kugetsu for remote agent in ### Incus ```bash -# Create container +# Create container (Debian/Ubuntu) incus launch images:debian/12 +# Or create Fedora container +incus launch images:fedora/43 + # Or use an existing container incus exec -- bash -# Ensure systemd is installed (Debian/Ubuntu) +# Ensure systemd is installed +# For Debian/Ubuntu: incus exec -- apt-get update incus exec -- apt-get install -y systemd +# For Fedora: +incus exec -- dnf install -y systemd + # Enable systemd in container (Incus specific - verify with your setup) incus config set security.syscalls.intercept.systemd true @@ -57,16 +64,33 @@ bash skills/kugetsu/scripts/sshd-setup.sh Replace `` with your preferred username, or omit to use default `kugetsu`. +**The script automatically detects your OS and installs the correct packages.** + +Supported OSes: Debian, Ubuntu, Fedora, RHEL, CentOS + ### Manual Setup If you prefer to set up SSH manually: #### 1. Install openssh-server +**Debian/Ubuntu:** ```bash apt-get update && apt-get install -y openssh-server sudo ``` +**Fedora/RHEL/CentOS:** +```bash +dnf install -y openssh-server sudo +``` + +#### 2. Verify installation + +```bash +which sshd +sshd -V +``` + #### 2. Create non-root user ```bash diff --git a/skills/kugetsu/scripts/kugetsu-install.sh b/skills/kugetsu/scripts/kugetsu-install.sh index 6ecec37..767cc6b 100755 --- a/skills/kugetsu/scripts/kugetsu-install.sh +++ b/skills/kugetsu/scripts/kugetsu-install.sh @@ -38,6 +38,14 @@ add_to_shell "$HOME/.bashrc" add_to_shell "$HOME/.zshrc" echo "" +echo "=== Verifying installation ===" +if [ ! -f "$BIN_DIR/kugetsu" ]; then + echo "ERROR: kugetsu was not installed correctly." + exit 1 +fi +echo "kugetsu installed at: $BIN_DIR/kugetsu" +echo "" + echo "Installation complete!" echo "" echo "Run this to start using kugetsu immediately:" diff --git a/skills/kugetsu/scripts/sshd-setup.sh b/skills/kugetsu/scripts/sshd-setup.sh index 1eca205..a9588e5 100644 --- a/skills/kugetsu/scripts/sshd-setup.sh +++ b/skills/kugetsu/scripts/sshd-setup.sh @@ -7,12 +7,44 @@ echo "=== kugetsu SSH Setup ===" echo "Target user: $USERNAME" echo "" +detect_os() { + if [ -f /etc/os-release ]; then + . /etc/os-release + case "$ID" in + debian|ubuntu|"noble"|"jammy"|"focal"|"bionic"|"bullseye"|"bookworm"|"trixie"|"sid") + echo "debian" + ;; + fedora|rhel|centos|rocky|alma) + echo "fedora" + ;; + *) + echo "unknown" + ;; + esac + else + echo "unknown" + fi +} + +OS_TYPE=$(detect_os) +echo "Detected OS: $OS_TYPE" + if ! command -v systemctl &> /dev/null; then echo "ERROR: systemd not found." echo "" echo "This script requires systemd to be installed and running inside the container." echo "Please install systemd first:" - echo " apt-get update && apt-get install -y systemd" + case "$OS_TYPE" in + debian) + echo " apt-get update && apt-get install -y systemd" + ;; + fedora) + echo " dnf install -y systemd" + ;; + *) + echo " Install systemd using your package manager" + ;; + esac echo "" echo "If you are running in a container that doesn't support systemd, consider:" echo " - Using a container image with systemd support" @@ -20,13 +52,36 @@ if ! command -v systemctl &> /dev/null; then exit 1 fi -echo "[1/6] Updating package lists..." -apt-get update -qq +echo "" +echo "=== Step 1: Install openssh-server ===" +case "$OS_TYPE" in + debian) + echo "Using apt-get (Debian/Ubuntu)..." + apt-get update -qq + apt-get install -y -qq openssh-server sudo + ;; + fedora) + echo "Using dnf (Fedora/RHEL)..." + dnf install -y -q openssh-server sudo + ;; + *) + echo "ERROR: Unsupported OS. Please install openssh-server and sudo manually." + exit 1 + ;; +esac -echo "[2/6] Installing openssh-server..." -apt-get install -y -qq openssh-server sudo +echo "" +echo "=== Step 2: Verify installation ===" +if ! command -v sshd &> /dev/null; then + echo "ERROR: sshd installation failed." + echo "Please verify openssh-server was installed correctly." + exit 1 +fi +echo "sshd binary: $(which sshd)" +echo "sshd version: $(sshd -V 2>&1 | head -1)" -echo "[3/6] Creating user '$USERNAME' if not exists..." +echo "" +echo "=== Step 3: Create user '$USERNAME' ===" if ! id "$USERNAME" &> /dev/null; then useradd -m -s /bin/bash "$USERNAME" echo "User '$USERNAME' created." @@ -34,27 +89,40 @@ else echo "User '$USERNAME' already exists." fi -echo "[4/6] Configuring SSH for key-only authentication..." +echo "" +echo "=== Step 4: Configure SSH for key-only authentication ===" SSHD_CONFIG="/etc/ssh/sshd_config" sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG" sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONFIG" sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONFIG" echo "SSH configured: key-only auth, root login disabled." -echo "[5/6] Configuring sudo for passwordless access..." +echo "" +echo "=== Step 5: Configure sudo for passwordless access ===" SUDOERS_FILE="/etc/sudoers.d/$USERNAME" echo "$USERNAME ALL=(ALL) NOPASSWD: ALL" > "$SUDOERS_FILE" chmod 0440 "$SUDOERS_FILE" echo "Sudo configured: $USERNAME can run sudo without password." -echo "[6/6] Enabling and starting sshd..." +echo "" +echo "=== Step 6: Enable and start sshd ===" systemctl enable sshd systemctl restart sshd +sleep 1 + +echo "" +echo "=== Step 7: Verify sshd is running ===" if systemctl is-active --quiet sshd; then - echo "sshd is running." + echo "SUCCESS: sshd is running." + echo "Status:" + systemctl status sshd --no-pager | head -5 else - echo "WARNING: sshd may not have started correctly. Check with: systemctl status sshd" + echo "ERROR: sshd is not running." + echo "Debug info:" + systemctl status sshd --no-pager + journalctl -u sshd -n 10 --no-pager + exit 1 fi echo "" @@ -72,8 +140,14 @@ echo "" echo "2. Connect from remote:" echo " ssh -p 2222 $USERNAME@" echo "" -echo " (Requires host-side port forwarding - see docs/kugetsu-setup.md)" -echo "" echo "3. Verify SSH access:" echo " ssh -p 2222 $USERNAME@ sudo systemctl status sshd" +echo "" +echo "=== Troubleshooting ===" +echo "" +echo "If SSH connection fails:" +echo " - Check sshd is running: systemctl status sshd" +echo " - Check sshd logs: journalctl -u sshd -n 20" +echo " - Verify user exists: id $USERNAME" +echo " - Verify SSH key was added: cat /home/$USERNAME/.ssh/authorized_keys" echo "" \ No newline at end of file