@underpostnet/underpost 2.92.0 → 2.95.0

package/src/cli/ssh.js

@@ -6,9 +6,10 @@
 
 import { generateRandomPasswordSelection } from '../client/components/core/CommonJs.js';
 import Dns from '../server/dns.js';
-import { shellExec } from '../server/process.js';
+import { pbcopy, shellExec } from '../server/process.js';
 import { loggerFactory } from '../server/logger.js';
 import fs from 'fs-extra';
+import UnderpostRootEnv from './env.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -19,6 +20,173 @@ const logger = loggerFactory(import.meta);
  */
 class UnderpostSSH {
   static API = {
+    /**
+     * Loads configuration node from disk or returns default empty config.
+     * @private
+     * @function loadConfigNode
+     * @memberof UnderpostSSH
+     * @param {string} deployId - Deployment ID for the config path
+     * @returns {{confNode: Object, confNodePath: string}} Configuration node and its file path
+     * @description Loads or creates a config node with users object structure
+     */
+    loadConfigNode: (deployId) => {
+      const confNodePath = `./engine-private/conf/${deployId}/conf.node.json`;
+      const confNode = fs.existsSync(confNodePath) ? JSON.parse(fs.readFileSync(confNodePath, 'utf8')) : { users: {} };
+      return { confNode, confNodePath };
+    },
+
+    /**
+     * Saves configuration node to disk.
+     * @private
+     * @function saveConfigNode
+     * @memberof UnderpostSSH
+     * @param {string} confNodePath - Path to the configuration file
+     * @param {Object} confNode - Configuration object to save
+     * @returns {void}
+     */
+    saveConfigNode: (confNodePath, confNode) => {
+      fs.outputFileSync(confNodePath, JSON.stringify(confNode, null, 4), 'utf8');
+    },
+
+    /**
+     * Checks if a system user exists.
+     * @private
+     * @function checkUserExists
+     * @memberof UnderpostSSH
+     * @param {string} username - Username to check
+     * @returns {boolean} True if user exists, false otherwise
+     */
+    checkUserExists: (username) => {
+      const result = shellExec(`id -u ${username} 2>/dev/null || echo "not_found"`, {
+        silent: true,
+        stdout: true,
+      }).trim();
+      return result !== 'not_found';
+    },
+
+    /**
+     * Gets the home directory for a given user.
+     * @private
+     * @function getUserHome
+     * @memberof UnderpostSSH
+     * @param {string} username - Username to get home directory for
+     * @returns {string} User's home directory path
+     */
+    getUserHome: (username) => {
+      return shellExec(`getent passwd ${username} | cut -d: -f6`, {
+        silent: true,
+        stdout: true,
+      }).trim();
+    },
+
+    /**
+     * Creates a system user with password and groups.
+     * @private
+     * @function createSystemUser
+     * @memberof UnderpostSSH
+     * @param {string} username - Username to create
+     * @param {string} password - Password for the user
+     * @param {string} groups - Comma-separated list of groups
+     * @returns {void}
+     */
+    createSystemUser: (username, password, groups) => {
+      shellExec(`useradd -m -s /bin/bash ${username}`);
+      shellExec(`echo "${username}:${password}" | chpasswd`);
+      if (groups) {
+        for (const group of groups.split(',').map((g) => g.trim())) {
+          shellExec(`usermod -aG "${group}" "${username}"`);
+        }
+      }
+    },
+
+    /**
+     * Ensures SSH directory exists with proper permissions.
+     * @private
+     * @function ensureSSHDirectory
+     * @memberof UnderpostSSH
+     * @param {string} sshDir - Path to SSH directory
+     * @returns {void}
+     */
+    ensureSSHDirectory: (sshDir) => {
+      if (!fs.existsSync(sshDir)) {
+        shellExec(`mkdir -p ${sshDir}`);
+        shellExec(`chmod 700 ${sshDir}`);
+      }
+    },
+
+    /**
+     * Sets proper permissions on SSH files.
+     * @private
+     * @function setSSHFilePermissions
+     * @memberof UnderpostSSH
+     * @param {string} sshDir - SSH directory path
+     * @param {string} username - Username for ownership
+     * @param {string} [keyPath] - Optional private key path
+     * @param {string} [pubKeyPath] - Optional public key path
+     * @returns {void}
+     */
+    setSSHFilePermissions: (sshDir, username, keyPath, pubKeyPath) => {
+      shellExec(`chmod 600 ${sshDir}/authorized_keys`);
+      shellExec(`chmod 644 ${sshDir}/known_hosts`);
+      if (keyPath) shellExec(`chmod 600 ${keyPath}`);
+      if (pubKeyPath) shellExec(`chmod 644 ${pubKeyPath}`);
+      shellExec(`chown -R ${username}:${username} ${sshDir}`);
+    },
+
+    /**
+     * Configures authorized_keys for a user.
+     * @private
+     * @function configureAuthorizedKeys
+     * @memberof UnderpostSSH
+     * @param {string} sshDir - SSH directory path
+     * @param {string} pubKeyPath - Public key file path
+     * @param {boolean} disablePassword - Whether to add no-forwarding restrictions
+     * @returns {void}
+     */
+    configureAuthorizedKeys: (sshDir, pubKeyPath, disablePassword) => {
+      if (disablePassword) {
+        shellExec(`cat >> ${sshDir}/authorized_keys <<EOF
+no-port-forwarding,no-X11-forwarding,no-agent-forwarding ${fs.readFileSync(pubKeyPath, 'utf8')}
+EOF`);
+      } else {
+        shellExec(`cat ${pubKeyPath} >> ${sshDir}/authorized_keys`);
+      }
+    },
+
+    /**
+     * Configures known_hosts with SSH server keys.
+     * @private
+     * @function configureKnownHosts
+     * @memberof UnderpostSSH
+     * @param {string} sshDir - SSH directory path
+     * @param {number} port - SSH port number
+     * @param {string} [host] - Optional external host to add
+     * @returns {void}
+     */
+    configureKnownHosts: (sshDir, port, host) => {
+      shellExec(`ssh-keyscan -p ${port} -H localhost >> ${sshDir}/known_hosts`);
+      shellExec(`ssh-keyscan -p ${port} -H 127.0.0.1 >> ${sshDir}/known_hosts`);
+      if (host) shellExec(`ssh-keyscan -p ${port} -H ${host} >> ${sshDir}/known_hosts`);
+    },
+
+    /**
+     * Configures sudoers for passwordless sudo or sets user password.
+     * @private
+     * @function configureSudoAccess
+     * @memberof UnderpostSSH
+     * @param {string} username - Username to configure
+     * @param {string} password - User password
+     * @param {boolean} disablePassword - Whether to enable passwordless sudo
+     * @returns {void}
+     */
+    configureSudoAccess: (username, password, disablePassword) => {
+      if (disablePassword) {
+        shellExec(`echo '${username} ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/90_${username}`);
+      } else {
+        shellExec(`echo "${username}:${password}" | sudo chpasswd`);
+      }
+    },
+
     /**
      * Main callback function for SSH operations including user management, key import/export, and SSH service configuration.
      * @async
@@ -40,9 +208,12 @@ class UnderpostSSH {
      * @param {boolean} [options.reset=false] - Reset SSH configuration (clear authorized_keys and known_hosts)
      * @param {boolean} [options.keysList=false] - List authorized SSH keys
      * @param {boolean} [options.hostsList=false] - List known SSH hosts
-     * @param {boolean} [options.importKeys=false] - Import keys from private backup to user's SSH directory
-     * @param {boolean} [options.exportKeys=false] - Export keys from user's SSH directory to private backup
-     * @param {boolean} [options.disablePassword=false] - If true, do not set a password for the user
+     * @param {boolean} [options.disablePassword=false] - If true, enable passwordless sudo and add SSH restrictions
+     * @param {boolean} [options.keyTest=false] - Test SSH key generation
+     * @param {boolean} [options.stop=false] - Stop SSH service
+     * @param {boolean} [options.status=false] - Check SSH service status
+     * @param {boolean} [options.connectUri=false] - Output SSH connection URI
+     * @param {boolean} [options.copy=false] - Copy SSH connection URI to clipboard
      * @returns {Promise<void>}
      * @description
      * Handles various SSH operations:
@@ -70,46 +241,67 @@ class UnderpostSSH {
         keysList: false,
         hostsList: false,
         disablePassword: false,
+        keyTest: false,
+        stop: false,
+        status: false,
+        connectUri: false,
+        copy: false,
       },
     ) => {
       let confNode, confNodePath;
+
+      // Set defaults
       if (!options.user) options.user = 'root';
       if (!options.host) options.host = await Dns.getPublicIp();
       if (!options.password) options.password = options.disablePassword ? '' : generateRandomPasswordSelection(16);
       if (!options.groups) options.groups = 'wheel';
-      if (!options.port) options.port = 22;
+      if (!options.port) options.port = 22; // Handle connect uri
+
+      const userHome = UnderpostSSH.API.getUserHome(options.user);
+      options.userHome = userHome;
 
       // Load config and override password and host if user exists in config
       if (options.deployId) {
-        confNodePath = `./engine-private/conf/${options.deployId}/conf.node.json`;
-        confNode = fs.existsSync(confNodePath) ? JSON.parse(fs.readFileSync(confNodePath, 'utf8')) : { users: {} };
+        const config = UnderpostSSH.API.loadConfigNode(options.deployId);
+        confNode = config.confNode;
+        confNodePath = config.confNodePath;
 
         if (confNode.users && confNode.users[options.user]) {
-          if (confNode.users[options.user].password) {
-            options.password = confNode.users[options.user].password;
-            logger.info(`Using saved password for user ${options.user}`);
-          }
           if (confNode.users[options.user].host) {
             options.host = confNode.users[options.user].host;
             logger.info(`Using saved host for user ${options.user}: ${options.host}`);
           }
+          if (confNode.users[options.user].password === '') {
+            options.disablePassword = true;
+            options.password = '';
+            logger.info(`Using saved empty password for user ${options.user}`);
+          } else if (confNode.users[options.user].password) {
+            options.disablePassword = false;
+            options.password = confNode.users[options.user].password;
+            logger.info(`Using saved password for user ${options.user}`);
+          }
+          options.port = confNode.users[options.user].port || options.port;
         }
       }
 
-      let userHome = shellExec(`getent passwd ${options.user} | cut -d: -f6`, { silent: true, stdout: true }).trim();
-      options.userHome = userHome;
-
       logger.info('options', options);
 
+      // Handle connect uri
+      if (options.connectUri) {
+        const keyPath = `${userHome}/.ssh/id_rsa`;
+        const uri = `ssh ${options.user}@${options.host} -i ${keyPath} -p ${options.port}`;
+        if (options.copy) {
+          pbcopy(uri);
+        } else console.log(uri);
+        return;
+      }
+
+      // Handle reset operation
       if (options.reset) {
         shellExec(`> ${userHome}/.ssh/authorized_keys`);
         shellExec(`> ${userHome}/.ssh/known_hosts`);
-        return;
       }
 
-      if (options.keysList) shellExec(`cat ${userHome}/.ssh/authorized_keys`);
-      if (options.hostsList) shellExec(`cat ${userHome}/.ssh/known_hosts`);
-
       if (options.userLs) {
         const filter = options.filter ? `${options.filter}` : '';
         const groupsOut = shellExec(`getent group${filter ? ` | grep '${filter}'` : ''}`, {
@@ -128,50 +320,72 @@ class UnderpostSSH {
         console.log(filter ? usersOut.replaceAll(filter, filter.red) : usersOut);
       }
 
-      if (options.deployId) {
-        // Config already loaded above, just use it
-        if (!confNode) {
-          confNodePath = `./engine-private/conf/${options.deployId}/conf.node.json`;
-          confNode = fs.existsSync(confNodePath) ? JSON.parse(fs.readFileSync(confNodePath, 'utf8')) : { users: {} };
+      // Handle user removal (works with or without deployId)
+      if (options.userRemove) {
+        const groups = shellExec(`id -Gn ${options.user}`, { silent: true, stdout: true }).trim().replace(/ /g, ', ');
+        shellExec(`userdel -r ${options.user}`);
+
+        // Remove sudoers file if it exists
+        const sudoersFile = `/etc/sudoers.d/90_${options.user}`;
+        if (fs.existsSync(sudoersFile)) {
+          shellExec(`sudo rm -f ${sudoersFile}`);
+          logger.info(`Sudoers file removed: ${sudoersFile}`);
         }
 
-        if (options.userAdd) {
-          // Check if user already exists in config
-          const userExistsInConfig = confNode.users && confNode.users[options.user];
+        // Remove the private key copy folder and update config only if deployId is provided
+        if (options.deployId) {
+          if (!confNode) {
+            const config = UnderpostSSH.API.loadConfigNode(options.deployId);
+            confNode = config.confNode;
+            confNodePath = config.confNodePath;
+          }
+
           const privateCopyDir = `./engine-private/conf/${options.deployId}/users/${options.user}`;
-          const privateKeyPath = `${privateCopyDir}/id_rsa`;
-          const publicKeyPath = `${privateCopyDir}/id_rsa.pub`;
-          const keysExistInBackup = fs.existsSync(privateKeyPath) && fs.existsSync(publicKeyPath);
+          if (fs.existsSync(privateCopyDir)) {
+            fs.removeSync(privateCopyDir);
+            logger.info(`Private key copy removed from ${privateCopyDir}`);
+          }
 
+          delete confNode.users[options.user];
+          UnderpostSSH.API.saveConfigNode(confNodePath, confNode);
+        }
+
+        logger.info(`User removed`);
+        if (groups) logger.info(`User removed from groups: ${groups}`);
+        return;
+      }
+
+      // Handle user addition (works with or without deployId)
+      if (options.userAdd) {
+        let privateCopyDir, privateKeyPath, publicKeyPath, keysExistInBackup, userExistsInConfig;
+
+        // If deployId is provided, check for existing config and backup keys
+        if (options.deployId) {
+          if (!confNode) {
+            const config = UnderpostSSH.API.loadConfigNode(options.deployId);
+            confNode = config.confNode;
+            confNodePath = config.confNodePath;
+          }
+
+          userExistsInConfig = confNode.users && confNode.users[options.user];
+          privateCopyDir = `./engine-private/conf/${options.deployId}/users/${options.user}`;
+          privateKeyPath = `${privateCopyDir}/id_rsa`;
+          publicKeyPath = `${privateCopyDir}/id_rsa.pub`;
+          keysExistInBackup = fs.existsSync(privateKeyPath) && fs.existsSync(publicKeyPath);
+
+          // If user exists in config AND keys exist in backup, import those keys
           if (userExistsInConfig && keysExistInBackup) {
             logger.info(`User ${options.user} already exists in config. Importing existing keys...`);
 
-            // Check if system user exists
-            const userExists =
-              shellExec(`id -u ${options.user} 2>/dev/null || echo "not_found"`, {
-                silent: true,
-                stdout: true,
-              }).trim() !== 'not_found';
-
+            // Create system user if it doesn't exist
+            const userExists = UnderpostSSH.API.checkUserExists(options.user);
             if (!userExists) {
-              shellExec(`useradd -m -s /bin/bash ${options.user}`);
-              shellExec(`echo "${options.user}:${options.password}" | chpasswd`);
-              if (options.groups)
-                for (const group of options.groups.split(',').map((g) => g.trim())) {
-                  shellExec(`usermod -aG "${group}" "${options.user}"`);
-                }
+              UnderpostSSH.API.createSystemUser(options.user, options.password, options.groups);
             }
 
-            const userHome = shellExec(`getent passwd ${options.user} | cut -d: -f6`, {
-              silent: true,
-              stdout: true,
-            }).trim();
+            const userHome = UnderpostSSH.API.getUserHome(options.user);
             const sshDir = `${userHome}/.ssh`;
-
-            if (!fs.existsSync(sshDir)) {
-              shellExec(`mkdir -p ${sshDir}`);
-              shellExec(`chmod 700 ${sshDir}`);
-            }
+            UnderpostSSH.API.ensureSSHDirectory(sshDir);
 
             const userKeyPath = `${sshDir}/id_rsa`;
             const userPubKeyPath = `${sshDir}/id_rsa.pub`;
@@ -179,78 +393,42 @@ class UnderpostSSH {
             // Import keys from backup
             fs.copyFileSync(privateKeyPath, userKeyPath);
             fs.copyFileSync(publicKeyPath, userPubKeyPath);
-            if (options.disablePassword) {
-              shellExec(`cat >> ${sshDir}/authorized_keys <<EOF
-no-port-forwarding,no-X11-forwarding,no-agent-forwarding ${fs.readFileSync(userPubKeyPath, 'utf8')}
-EOF`);
-              shellExec(`echo '${options.user} ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/90_${options.user}`);
-            } else {
-              shellExec(`cat ${userPubKeyPath} >> ${sshDir}/authorized_keys`);
-              shellExec(`echo "${options.user}:${options.password}" | sudo chpasswd`);
-            }
-            shellExec(`ssh-keyscan -p ${options.port} -H localhost >> ${sshDir}/known_hosts`);
-            shellExec(`ssh-keyscan -p ${options.port} -H 127.0.0.1 >> ${sshDir}/known_hosts`);
-            if (options.host) shellExec(`ssh-keyscan -p ${options.port} -H ${options.host} >> ${sshDir}/known_hosts`);
 
-            shellExec(`chmod 600 ${sshDir}/authorized_keys`);
-            shellExec(`chmod 644 ${sshDir}/known_hosts`);
-            shellExec(`chmod 600 ${userKeyPath}`);
-            shellExec(`chmod 644 ${userPubKeyPath}`);
-            shellExec(`chown -R ${options.user}:${options.user} ${sshDir}`);
+            UnderpostSSH.API.configureAuthorizedKeys(sshDir, userPubKeyPath, options.disablePassword);
+            UnderpostSSH.API.configureSudoAccess(options.user, options.password, options.disablePassword);
+            UnderpostSSH.API.configureKnownHosts(sshDir, options.port, options.host);
+            UnderpostSSH.API.setSSHFilePermissions(sshDir, options.user, userKeyPath, userPubKeyPath);
 
             logger.info(`Keys imported from ${privateCopyDir} to ${sshDir}`);
             logger.info(`User added with existing keys`);
             return;
           }
+        }
 
-          // New user or no existing keys - create new user and generate keys
-          shellExec(`useradd -m -s /bin/bash ${options.user}`);
-          shellExec(`echo "${options.user}:${options.password}" | chpasswd`);
-          if (options.groups)
-            for (const group of options.groups.split(',').map((g) => g.trim())) {
-              shellExec(`usermod -aG "${group}" "${options.user}"`);
-            }
-
-          const userHome = shellExec(`getent passwd ${options.user} | cut -d: -f6`, {
-            silent: true,
-            stdout: true,
-          }).trim();
-          const sshDir = `${userHome}/.ssh`;
+        // New user or no existing keys - create new user and generate keys
+        UnderpostSSH.API.createSystemUser(options.user, options.password, options.groups);
 
-          if (!fs.existsSync(sshDir)) {
-            shellExec(`mkdir -p ${sshDir}`);
-            shellExec(`chmod 700 ${sshDir}`);
-          }
+        const userHome = UnderpostSSH.API.getUserHome(options.user);
+        const sshDir = `${userHome}/.ssh`;
+        UnderpostSSH.API.ensureSSHDirectory(sshDir);
 
-          const keyPath = `${sshDir}/id_rsa`;
-          const pubKeyPath = `${sshDir}/id_rsa.pub`;
+        const keyPath = `${sshDir}/id_rsa`;
+        const pubKeyPath = `${sshDir}/id_rsa.pub`;
 
-          if (!fs.existsSync(keyPath)) {
-            shellExec(
-              `ssh-keygen -t ed25519 -f ${keyPath} -N "${options.password}" -q -C "${options.user}@${options.host}"`,
-            );
-          }
-
-          if (options.disablePassword) {
-            shellExec(`cat >> ${sshDir}/authorized_keys <<EOF
-no-port-forwarding,no-X11-forwarding,no-agent-forwarding ${fs.readFileSync(pubKeyPath, 'utf8')}
-EOF`);
-            shellExec(`echo '${options.user} ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/90_${options.user}`);
-          } else {
-            shellExec(`cat ${pubKeyPath} >> ${sshDir}/authorized_keys`);
-            shellExec(`echo "${options.user}:${options.password}" | sudo chpasswd`);
-          }
-          shellExec(`ssh-keyscan -p ${options.port} -H localhost >> ${sshDir}/known_hosts`);
-          shellExec(`ssh-keyscan -p ${options.port} -H 127.0.0.1 >> ${sshDir}/known_hosts`);
-          if (options.host) shellExec(`ssh-keyscan -p ${options.port} -H ${options.host} >> ${sshDir}/known_hosts`);
+        if (!fs.existsSync(keyPath)) {
+          shellExec(
+            `ssh-keygen -t ed25519 -f ${keyPath} -N "${options.password}" -q -C "${options.user}@${options.host}"`,
+          );
+        }
 
-          shellExec(`chmod 600 ${sshDir}/authorized_keys`);
-          shellExec(`chmod 644 ${sshDir}/known_hosts`);
-          shellExec(`chmod 600 ${keyPath}`);
-          shellExec(`chmod 644 ${pubKeyPath}`);
-          shellExec(`chown -R ${options.user}:${options.user} ${sshDir}`);
+        UnderpostSSH.API.configureAuthorizedKeys(sshDir, pubKeyPath, options.disablePassword);
+        UnderpostSSH.API.configureSudoAccess(options.user, options.password, options.disablePassword);
+        UnderpostSSH.API.configureKnownHosts(sshDir, options.port, options.host);
+        UnderpostSSH.API.setSSHFilePermissions(sshDir, options.user, keyPath, pubKeyPath);
 
-          // Save a copy of the keys to the private folder
+        // Save a copy of the keys to the private folder only if deployId is provided
+        if (options.deployId) {
+          if (!privateCopyDir) privateCopyDir = `./engine-private/conf/${options.deployId}/users/${options.user}`;
           fs.ensureDirSync(privateCopyDir);
 
           const privateKeyCopyPath = `${privateCopyDir}/id_rsa`;
@@ -269,43 +447,78 @@ EOF`);
             privateKeyCopyPath,
             publicKeyCopyPath,
           };
-          fs.outputFileSync(confNodePath, JSON.stringify(confNode, null, 4), 'utf8');
-          logger.info(`User added`);
-          return;
+          UnderpostSSH.API.saveConfigNode(confNodePath, confNode);
         }
-        if (options.userRemove) {
-          const groups = shellExec(`id -Gn ${options.user}`, { silent: true, stdout: true }).trim().replace(/ /g, ', ');
-          shellExec(`userdel -r ${options.user}`);
 
-          // Remove the private key copy folder
-          const privateCopyDir = `./engine-private/conf/${options.deployId}/users/${options.user}`;
-          if (fs.existsSync(privateCopyDir)) {
-            fs.removeSync(privateCopyDir);
-            logger.info(`Private key copy removed from ${privateCopyDir}`);
-          }
+        logger.info(`User added`);
+        return;
+      }
 
-          delete confNode.users[options.user];
-          fs.outputFileSync(confNodePath, JSON.stringify(confNode, null, 4), 'utf8');
-          logger.info(`User removed`);
-          if (groups) logger.info(`User removed from groups: ${groups}`);
-          return;
+      // Handle config user listing (only with deployId)
+      if (options.deployId) {
+        if (!confNode) {
+          const config = UnderpostSSH.API.loadConfigNode(options.deployId);
+          confNode = config.confNode;
+          confNodePath = config.confNodePath;
         }
-        if (options.userLs) {
-          logger.info(`Users:`);
+
+        if (options.userLs && confNode && confNode.users) {
+          logger.info(`Users in config:`);
           Object.keys(confNode.users).forEach((user) => {
             logger.info(`- ${user}`);
           });
-          return;
         }
       }
 
+      // Handle generate root keys
       if (options.generate)
         UnderpostSSH.API.generateKeys({ user: options.user, password: options.password, host: options.host });
+
+      // Handle list operations
+      if (options.keysList) shellExec(`cat ${userHome}/.ssh/authorized_keys`);
+      if (options.hostsList) shellExec(`cat ${userHome}/.ssh/known_hosts`);
+
+      // Handle key test
+      if (options.keyTest) {
+        const keyPath = `${userHome}/.ssh/id_rsa`;
+        shellExec(`ssh-keygen -y -f ${keyPath} -P "${options.password}"`);
+      }
+
+      // Handle stop server
+      if (options.stop) shellExec('service sshd stop');
+
+      // Handle start server
       if (options.start) {
         UnderpostSSH.API.chmod({ user: options.user });
         UnderpostSSH.API.initService({ port: options.port });
       }
+
+      // Handle status server
+      if (options.status) shellExec('service sshd status');
+    },
+
+    /**
+     * Loads saved SSH credentials from config and sets them in the UnderpostRootEnv API.
+     * @async
+     * @function setDefautlSshCredentials
+     * @memberof UnderpostSSH
+     * @param {Object} options - Options for setting default SSH credentials
+     * @param {string} options.deployId - Deployment ID for the config path
+     * @param {string} options.user - SSH user name
+     * @returns {Promise<void>}
+     */
+    setDefautlSshCredentials: async (options = { deployId: '', user: '' }) => {
+      const confNodePath = `./engine-private/conf/${options.deployId}/conf.node.json`;
+      if (fs.existsSync(confNodePath)) {
+        const { users } = JSON.parse(fs.readFileSync(confNodePath, 'utf8'));
+        const { user, host, keyPath, port } = users[options.user];
+        UnderpostRootEnv.API.set('DEFAULT_SSH_USER', user);
+        UnderpostRootEnv.API.set('DEFAULT_SSH_HOST', host);
+        UnderpostRootEnv.API.set('DEFAULT_SSH_KEY_PATH', keyPath);
+        UnderpostRootEnv.API.set('DEFAULT_SSH_PORT', port);
+      } else logger.warn(`No SSH config found at ${confNodePath}`);
     },
+
     /**
      * Generates new SSH ED25519 key pair and stores copies in multiple locations.
      * @function generateKeys
@@ -336,6 +549,7 @@ EOF`);
       shellExec(`sudo rm -rf ./id_rsa`);
       shellExec(`sudo rm -rf ./id_rsa.pub`);
     },
+
     /**
      * Sets proper permissions and ownership for SSH directories and files.
      * @function chmod
@@ -360,6 +574,7 @@ EOF`);
       shellExec(`sudo chmod 600 /etc/ssh/ssh_host_ed25519_key`);
       shellExec(`chown -R ${user}:${user} ~/.ssh`);
     },
+
     /**
      * Initializes and hardens SSH service configuration for RHEL-based systems.
      * @function initService
@@ -447,9 +662,11 @@ EOF`,
       shellExec(`sudo systemctl restart sshd`);
 
       const status = shellExec(`sudo systemctl status sshd`, { silent: true, stdout: true });
-      console.log(
-        status.match('running') ? status.replaceAll(`running`, `running`.green) : `ssh service not running`.red,
-      );
+      if (status.match('running')) console.log(status.replaceAll(`running`, `running`.green));
+      else {
+        logger.error('SSHD service failed to start');
+        console.log(status);
+      }
     },
   };
 }

package/src/index.js

@@ -36,7 +36,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.92.0';
+  static version = 'v2.95.0';
   /**
    * Repository cli API
    * @static

package/src/monitor.js

@@ -19,6 +19,16 @@ const logger = loggerFactory(import.meta);
 
 await logger.setUpInfo();
 
-UnderpostMonitor.API.callback(process.argv[2], process.argv[3], { type: 'blue-green', sync: true });
+const deployId = process.argv[2];
+const env = process.argv[3] || 'production';
+const replicas = process.argv[4] || '1';
+const namespace = process.argv[5] || 'default';
+
+UnderpostMonitor.API.callback(deployId, env, {
+  type: 'blue-green',
+  sync: true,
+  replicas,
+  namespace,
+});
 
 ProcessController.init(logger);

package/src/server/backup.js

@@ -86,7 +86,7 @@ class BackUp {
           ` && underpost cmt . backup cron-job '${new Date().toLocaleDateString()}'` +
           ` && underpost push . ${process.env.GITHUB_USERNAME}/cron-backups`,
         {
-          disableLog: true,
+          silent: true,
         },
       );
     }

package/src/server/conf.js

@@ -124,7 +124,7 @@ const Config = {
         fs.readFileSync(`./.github/workflows/engine-test.ci.yml`, 'utf8').replaceAll('test', deployId.split('dd-')[1]),
         'utf8',
       );
-      shellExec(`node bin/deploy update-default-conf ${deployId}`);
+      shellExec(`node bin new --default-conf --deploy-id ${deployId}`);
 
       if (!fs.existsSync(`./engine-private/deploy/dd.router`))
         fs.writeFileSync(`./engine-private/deploy/dd.router`, '', 'utf8');