#!/bin/sh

set -eu

# 强制清理残留 SSH 进程，然后在 22 端口拉起一份 usbnet 自带的 OpenSSH。
# 这份 sshd 会优先读取 /mnt/us/usbnet/etc/dot.ssh/authorized_keys。

TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
OUT_DIR="/mnt/us/ssh-debug/${TS}"
LOG_FILE="${OUT_DIR}/force-openssh-22.log"
PID_FILE="/mnt/us/usbnet/run/sshd-force-22.pid"
SOURCE_KEYS="/mnt/us/usbnet/etc/authorized_keys"
TARGET_KEYS="/mnt/us/usbnet/etc/dot.ssh/authorized_keys"

mkdir -p "${OUT_DIR}" /mnt/us/usbnet/run /mnt/us/usbnet/etc/dot.ssh
exec >"${LOG_FILE}" 2>&1

echo "=== FORCE OPENSSH 22 ==="
date 2>/dev/null || true
id 2>/dev/null || true

if [ -f "${SOURCE_KEYS}" ]; then
    cp "${SOURCE_KEYS}" "${TARGET_KEYS}"
    chmod 600 "${TARGET_KEYS}" 2>/dev/null || true
fi
chmod 755 /mnt/us/usbnet/etc/dot.ssh 2>/dev/null || true

killall sshd 2>/dev/null || true
killall dropbear 2>/dev/null || true
killall dropbearmulti 2>/dev/null || true
sleep 1

rm -f "${PID_FILE}" 2>/dev/null || true
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT 2>/dev/null || true

(
    exec /mnt/us/usbnet/sbin/sshd -D -e \
        -f /mnt/us/usbnet/etc/sshd_config \
        -o ListenAddress=0.0.0.0 \
        -o Port=22 \
        -o PidFile="${PID_FILE}" \
        -o AuthorizedKeysFile="${TARGET_KEYS}" \
        -o PasswordAuthentication=no \
        -o KbdInteractiveAuthentication=no \
        -o PubkeyAuthentication=yes \
        -o PermitRootLogin=yes \
        -o HostKey=/mnt/us/usbnet/etc/ssh_host_rsa_key \
        -o HostKey=/mnt/us/usbnet/etc/ssh_host_ecdsa_key \
        -o HostKey=/mnt/us/usbnet/etc/ssh_host_ed25519_key
) &

LAUNCHER_PID="$!"
echo "${LAUNCHER_PID}" > "${OUT_DIR}/launcher.pid"
sleep 1

echo "launcher pid: ${LAUNCHER_PID}"
echo "pid file: ${PID_FILE}"
if [ -x /mnt/us/usbnet/bin/lsof ]; then
    /mnt/us/usbnet/bin/lsof -n -P -iTCP:22 2>/dev/null || true
fi

echo "=== DONE ==="
echo "${OUT_DIR}"