diff --git a/scripts/cloudron-support b/scripts/cloudron-support index 71c10074d..03783c9a0 100755 --- a/scripts/cloudron-support +++ b/scripts/cloudron-support @@ -11,6 +11,7 @@ fi readonly RED='\033[31m' readonly GREEN='\033[32m' readonly YELLOW='\033[33m' +readonly BOLD='\033[1m' readonly DONE='\033[m' readonly PASTEBIN="https://paste.cloudron.io" @@ -23,6 +24,7 @@ readonly HELP_MESSAGE=" Options: --disable-dnssec Disable DNSSEC --enable-remote-support Enable SSH Remote Access for the Cloudron support team + --disable-remote-support Disable SSH Remote Access for the Cloudron support team --fix-docker-version Ensures the correct docker version is installed --owner-login Login as owner --patch Apply a patch from git. WARNING: Do not use unless you know what you are doing! @@ -57,7 +59,51 @@ function enable_remote_support() { local -r ssh_user="cloudron-support" local -r keys_file="/home/cloudron-support/.ssh/authorized_keys" - echo -n "Enabling Remote Access for the Cloudron support team..." + echo -e " +================= ${BOLD}SSH ACCESS DISCLAIMER${DONE} ================= + +By granting us SSH or remote access to your systems, you acknowledge and +agree to the following: + +1. ${BOLD}Access to Customer Data${DONE} + Our team may have visibility into customer data during the course of + investigating or resolving issues. While we take all reasonable steps to + respect your privacy and handle data securely, you acknowledge that such + access may occur as part of the support process. + +2. ${BOLD}No Liability for Data Loss or System Changes${DONE} + Although we strive to exercise caution and due diligence, you acknowledge + and accept that: + ${BOLD}-${DONE} There is an inherent risk of data loss, corruption, or system + disruption during troubleshooting or configuration changes. + ${BOLD}-${DONE} We shall not be held liable for any loss of data, service + downtime, or unintended consequences arising from our access or any + actions taken during the support process. + +3. ${BOLD}Backups and Safeguards${DONE} + You are solely responsible for ensuring that up-to-date and complete + backups of your systems and data exist prior to granting us access. + +4. ${BOLD}Local Changes and Auto-Updates${DONE} + Your system may receive automatic updates as part of regular maintenance or + feature releases. Any local modifications or patches applied during support + may be overwritten by future updates. ${BOLD}-${DONE} It is the customer's + responsibility to track such changes and reapply them if necessary, or to + coordinate with us for permanent integration where applicable. + +5. ${BOLD}Consent to Proceed${DONE} + By providing access, you confirm that you have read, understood, and agreed + to the terms above and expressly authorize us to proceed with accessing + your systems for support purposes. + +======================================================================= +" + read -p "Do you accept these terms? [y/N] " choice + choice=${choice:-n} + + [[ ! $choice =~ ^[Yy]$ ]] && exit 1 + + echo -n "Terms accepted. Enabling Remote Access for the Cloudron support team..." mkdir -p $(dirname "${keys_file}") # .ssh does not exist sometimes touch "${keys_file}" # required for concat to work if ! grep -q "${cloudron_support_public_key}" "${keys_file}"; then @@ -69,6 +115,21 @@ function enable_remote_support() { echo "Done" } +function disable_remote_support() { + local -r cloudron_support_public_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWS+930b8QdzbchGljt3KSljH9wRhYvht8srrtQHdzg support@cloudron.io" + local -r ssh_user="cloudron-support" + local -r keys_file="/home/cloudron-support/.ssh/authorized_keys" + + echo -n "Disabling Remote Access for the Cloudron support team..." + mkdir -p $(dirname "${keys_file}") # .ssh does not exist sometimes + touch "${keys_file}" # required for del below to work + if grep -q "${cloudron_support_public_key}" "${keys_file}"; then + sed "/${cloudron_support_public_key}/d" "${keys_file}" + fi + + echo "Done" +} + function wait_systemd_service() { local -r service="$1" @@ -794,6 +855,7 @@ while true; do # fall through ;& --enable-remote-support) enable_remote_support; exit 0;; + --disable-remote-support) disable_remote_support; exit 0;; --admin-login) # fall through ;&