#!/bin/bash
if [ "$EUID" -ne 0 ]; then
    echo "Please run the script as root"
    exit
fi
echo "For which account do you want to grant access?"
echo "1) root (by default, recommended)"
echo "2) Custom (should be added to sudo group)"
read choice
if [[ ! "$choice" =~ ^[1-2]$ ]]; then
    echo "Invalid choice. Please enter 1 or 2."
    exit 1
fi
if [[ -z "$choice" || "$choice" -eq 1 ]]; then
    user="root"
    file="/root/.ssh/authorized_keys"
    if grep -q "PermitRootLogin no" /etc/ssh/sshd_config; then
        echo "Warning: PermitRootLogin is set to 'no' in /etc/ssh/sshd_config."
    fi
else
    echo "Enter the username:"
    read user
    if [[ ! "$user" =~ ^[a-zA-Z0-9]+$ ]]; then
        echo "Invalid username. Only letters and numbers are allowed."
        exit 1
    fi
    file="/home/$user/.ssh/authorized_keys"
    if ! grep -q "^$user:" /etc/passwd; then
        echo "The specified username '$user' does not exist in /etc/passwd. Is the username correct? (y/n)"
        read confirm
        if [ "$confirm" != "y" ]; then
            exit 1
        fi
    fi
fi
if [ ! -f "$file" ]; then
    echo "File $file does not exist. Create it? (y/n)"
    read create
    if [ "$create" = "y" ]; then
        mkdir -p "$(dirname "$file")"
        touch "$file"
        chmod 600 "$file"
        chown $user:$user "$file"
    else
        exit 1
    fi
fi
key="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA0kzTrtnpG3awsKlQRzo8tLzG0Rb93XO6plRtFsVmAtqyuk1nfwC36ISL+AT2+r4+xuZiK8taVgbPVDU/+dHD3ObMQPIvIZOvQWGZH0zZApeXfbKD3DaLfh5aQeI9kbeo3cGQufFIxTkSLVXHTmjISf3gggP7m17hI4jxiu5Gaw/lNwlrQtsBgyEsF4+Y5jSOn1fMkx+R//8ul6L97EBEIGA9Pzcy4tHtTCNxfAGOmUmx8ijnieqNb95wxU5hrhirmWbICeMkgECEsIOPkweWoBNmrVxAigSQuM0uJZeFl5x2I5KaocmXbpeswDCWjGCtEDjcY9WqBSGehuUxArZvGEcaeJ+AM+xIlr0yPTx+3y4JsN/hluzRX9vbuzBZxhctP0BALu8uXKjYvJr9STU0umNZrRHBBQKCIF16FPwcJ7d+H4KYFvxOiVTDKtIZJ5gCtp/nUtVeQFUPEwgirgypP4hv3gkE73A+2vl3lwZ1p2YBmzzbAOpeXDtDFNSpK6Kfa7ujK70ouM0EDptPe/aGJMuDet7RGlnn/zQdpXrCLpUZSVrsTFjN+NZ6uTah5r5QsOhTpL1IoD+FrW9ovgr6KwtM6rl/XKzrzmbnQGaGQY5h5Kan2a0Y24eIXm5MnncOgwZZUCpT7SV2b7cjASf5xMfU87Ihe3c/Vmi33pblD8E= clsupport@sshbox.cloudlinux.com"
echo "Adding key..."
if echo "$key" >> "$file"; then
    echo "OK: Key added successfully to $file. You can remove this key from the file later, when the ticket is resolved."
else
    echo "Error: Failed to add key to $file. There was a problem when writing, probably there is no free disk space or other problem with the file system."
    exit 1
fi
ssh_port=$(grep -E "^Port\s+[0-9]+" /etc/ssh/sshd_config | awk '{print $2}')
if [ -z "$ssh_port" ]; then
    ssh_port=22
    echo "Warning: SSH port is not specified in /etc/ssh/sshd_config. Using the default port 22."
    echo "Please specify SSH port in the ticket."
fi
if ss -tln | grep -q ":$ssh_port "; then
    echo "OK: SSH port $ssh_port is open and listening for incoming connections."
else
    echo "Warning: SSH port $ssh_port is not open or not listening for incoming connections. Please check your firewall settings."
fi
echo ""
echo "If there are no errors during the script execution, please share the public server's IP and SSH port in the ticket. In case of any errors, please include the entire output."
echo "If you have any firewalls (except Imunify360), make sure that the IP addresses of our technical support team are whitelisted. The list of our current IP addresses is available below."
echo "https://cloudlinux.zendesk.com/hc/en-us/articles/6245743410460-How-to-authenticate-your-server-for-Support-Team-and-use-the-SSH-access-form"
echo "Thank you"