Skip to content

Add a temporary firewall rule for current SSH port#66

Merged
buildplan merged 4 commits intomainfrom
fix_firewall
Oct 19, 2025
Merged

Add a temporary firewall rule for current SSH port#66
buildplan merged 4 commits intomainfrom
fix_firewall

Conversation

@buildplan
Copy link
Copy Markdown
Owner

@buildplan buildplan commented Oct 19, 2025

No description provided.

@buildplan buildplan added the bug Something isn't working label Oct 19, 2025
@buildplan buildplan requested a review from Copilot October 19, 2025 19:08
Copilot AI reviewed Oct 19, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves SSH port transition handling by adding temporary firewall rules during SSH port changes and fixing SSH port validation logic. The changes ensure that users don't lose SSH access when changing ports by maintaining connectivity to both the old and new ports during the transition.

  • Fix SSH port validation to properly handle existing SSH ports during configuration
  • Add temporary firewall rules for the current SSH port during transitions
  • Improve rollback functionality to handle firewall rules when SSH changes fail

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
du_setup.sh Core script updates with improved SSH port handling and firewall transition logic
du_setup.sh.sha256 Updated checksum for the modified script
README.md Updated checksum reference in documentation

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread du_setup.sh

print_section "SSH Hardening"
local CURRENT_SSH_PORT USER_HOME SSH_DIR SSH_KEY AUTH_KEYS NEW_SSH_CONFIG PREVIOUS_SSH_PORT
local CURRENT_SSH_PORT USER_HOME SSH_DIR SSH_KEY AUTH_KEYS
Copy link

Copilot AI Oct 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable CURRENT_SSH_PORT is declared but never used in this function. Consider removing it or using the global PREVIOUS_SSH_PORT variable instead to maintain consistency.

Suggested change
local CURRENT_SSH_PORT USER_HOME SSH_DIR SSH_KEY AUTH_KEYS
local USER_HOME SSH_DIR SSH_KEY AUTH_KEYS

Copilot uses AI. Check for mistakes.
Comment thread du_setup.sh
# Store the current active port as the previous port for rollback purposes
PREVIOUS_SSH_PORT=$(ss -tlpn | grep sshd | grep -oP ':\K\d+' | head -n 1)

# Check globally detected port, falling back to 22 if detection failed
Copy link

Copilot AI Oct 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment mentions 'falling back to 22' but the actual fallback logic is not visible in this diff. The comment should be updated to accurately reflect what happens when PREVIOUS_SSH_PORT is empty.

Suggested change
# Check globally detected port, falling back to 22 if detection failed
# Check globally detected port; if PREVIOUS_SSH_PORT is empty, set it to 22 as fallback

Copilot uses AI. Check for mistakes.
@buildplan buildplan merged commit 5ae5051 into main Oct 19, 2025
6 checks passed
@buildplan buildplan deleted the fix_firewall branch October 19, 2025 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@buildplan