#!/usr/bin/env bash # Probe Dev VM SSH: LAN IP vs Cloudflare FQDN (tunnel + Access). # See: docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md # # Usage: # ./scripts/deployment/probe-dev-vm-ssh.sh # DEV_VM_USER=dev1 DEV_VM_FQDN=ssh.dev.d-bis.org ./scripts/deployment/probe-dev-vm-ssh.sh set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # shellcheck source=/dev/null source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true USER_NAME="${DEV_VM_USER:-dev1}" IP="${IP_DEV_VM:-192.168.11.59}" FQDN="${DEV_VM_FQDN:-ssh.dev.d-bis.org}" echo "=== Dev VM SSH probes (user=$USER_NAME) ===" echo "" echo "1) LAN: BatchMode SSH to $IP" if ssh -o BatchMode=yes -o ConnectTimeout=8 -o StrictHostKeyChecking=accept-new "${USER_NAME}@${IP}" true 2>/dev/null; then echo " OK ${USER_NAME}@${IP}" else echo " FAIL ${USER_NAME}@${IP} (no route, firewall, or key not accepted)" fi echo "" echo "2) DNS: $FQDN" if command -v dig >/dev/null 2>&1; then dig +short "$FQDN" A 2>/dev/null | head -3 | sed 's/^/ A: /' || true dig +short "$FQDN" AAAA 2>/dev/null | head -2 | sed 's/^/ AAAA: /' || true else echo " (dig not installed; skip)" fi echo "" echo "3) Plain SSH to $FQDN:22 (usually FAILS behind Cloudflare — tunnel expects cloudflared client)" set +e out=$(ssh -4 -o BatchMode=yes -o ConnectTimeout=12 -o StrictHostKeyChecking=accept-new "${USER_NAME}@${FQDN}" true 2>&1) code=$? set -e if [[ "$code" -eq 0 ]]; then echo " OK (unexpected for CF tunnel host — you may be using port-forward / direct)" else echo " FAIL (expected for tunnel hostname): $out" fi echo "" echo "4) FQDN via cloudflared access ssh (needs cloudflared on PATH + Access policy / service token)" PATH="$HOME/bin:$PATH" if command -v cloudflared >/dev/null 2>&1; then set +e out=$(ssh -o BatchMode=yes -o ConnectTimeout=25 \ -o ProxyCommand="cloudflared access ssh --hostname %h" \ -o StrictHostKeyChecking=accept-new \ "${USER_NAME}@${FQDN}" true 2>&1) code=$? set -e if [[ "$code" -eq 0 ]]; then echo " OK ProxyCommand → ${USER_NAME}@${FQDN}" else echo " FAIL: $out" fi else echo " SKIP: cloudflared not in PATH" echo " Install: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/" echo " Then set CF_ACCESS_CLIENT_ID / CF_ACCESS_CLIENT_SECRET if using service tokens (see DEV_VM_SSH_REMOTE_ACCESS.md)." fi echo "" echo "Done."