Refactor SSH service checks and error handling

du_setup.sh

@@ -750,6 +750,7 @@ cleanup_and_exit() {
             print_error "Rollback failed. SSH may not be accessible. Please check 'systemctl status $SSH_SERVICE' and 'journalctl -u $SSH_SERVICE'."
         fi
     fi
+    trap - ERR
     exit $exit_code
 }
 
@@ -762,6 +763,7 @@ configure_ssh() {
     # Ensure openssh-server is installed
     if ! dpkg -l openssh-server | grep -q ^ii; then
         print_error "openssh-server package is not installed."
+        trap - ERR
         return 1
     fi
 
@@ -775,6 +777,7 @@ configure_ssh() {
         SSH_SERVICE="sshd.service"
     else
         print_error "No SSH service or daemon detected."
+        trap - ERR
         return 1
     fi
     print_info "Using SSH service: $SSH_SERVICE"
@@ -799,6 +802,7 @@ configure_ssh() {
         # Verify the key was added
         if [[ ! -s "$AUTH_KEYS" ]]; then
             print_error "Failed to create authorized_keys file."
+            trap - ERR
             return 1
         fi
         chmod 600 "$AUTH_KEYS"; chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
@@ -808,15 +812,16 @@ configure_ssh() {
 
     print_warning "SSH Key Authentication Required for Next Steps!"
     echo -e "${CYAN}Test SSH access from a SEPARATE terminal now:${NC}"
-    if [[ "$SERVER_IP_V4" != "unknown" ]]; then
+    if [[ -n "$SERVER_IP_V4" && "$SERVER_IP_V4" != "unknown" ]]; then
         echo -e "${CYAN}  Using IPv4: ssh -p $CURRENT_SSH_PORT $USERNAME@$SERVER_IP_V4${NC}"
     fi
-    if [[ "$SERVER_IP_V6" != "not available" ]]; then
+    if [[ -n "$SERVER_IP_V6" && "$SERVER_IP_V6" != "not available" ]]; then
         echo -e "${CYAN}  Using IPv6: ssh -p $CURRENT_SSH_PORT $USERNAME@$SERVER_IP_V6${NC}"
     fi
 
     if ! confirm "Can you successfully log in using your SSH key?"; then
         print_error "SSH key authentication is mandatory to proceed."
+        trap - ERR
         return 1
     fi
 
@@ -858,12 +863,13 @@ EOF
         print_info "This may be due to existing configuration files on the system."
         if ! confirm "Continue despite configuration warnings?"; then
             print_error "Aborting SSH configuration."
-            rm /etc/ssh/sshd_config.d/99-hardening.conf
+            rm -f /etc/ssh/sshd_config.d/99-hardening.conf
-            rm /etc/issue.net
+            rm -f /etc/issue.net
-            rm -rf /etc/systemd/system/ssh.socket.d
+            rm -f /etc/systemd/system/ssh.socket.d/override.conf
-            rm -rf /etc/systemd/system/ssh.service.d
+            rm -f /etc/systemd/system/ssh.service.d/override.conf
-            rm -rf /etc/systemd/system/sshd.service.d
+            rm -f /etc/systemd/system/sshd.service.d/override.conf
             systemctl daemon-reload
+            trap - ERR
             return 1
         fi
     fi
@@ -873,6 +879,7 @@ EOF
     sleep 5
     if ! ss -tuln | grep -q ":$SSH_PORT"; then
         print_error "SSH not listening on port $SSH_PORT after restart!"
+        trap - ERR
         return 1
     fi
     print_success "SSH service restarted on port $SSH_PORT."
@@ -882,16 +889,17 @@ EOF
     sleep 2
     if ssh -p "$SSH_PORT" -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@localhost true 2>/dev/null; then
         print_error "Root SSH login is still possible! Check configuration."
+        trap - ERR
         return 1
     else
         print_success "Confirmed: Root SSH login is disabled."
     fi
 
     print_warning "CRITICAL: Test new SSH connection in a SEPARATE terminal NOW!"
-    if [[ "$SERVER_IP_V4" != "unknown" ]]; then
+    if [[ -n "$SERVER_IP_V4" && "$SERVER_IP_V4" != "unknown" ]]; then
         print_info "Use IPv4: ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V4"
     fi
-    if [[ "$SERVER_IP_V6" != "not available" ]]; then
+    if [[ -n "$SERVER_IP_V6" && "$SERVER_IP_V6" != "not available" ]]; then
         print_info "Use IPv6: ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V6"
     fi
 
@@ -915,6 +923,7 @@ EOF
                 else
                     print_success "Rollback successful. SSH restored on original port $PREVIOUS_SSH_PORT."
                 fi
+                trap - ERR
                 return 1
             fi
         fi