# Setup Passwordless SSH Access to RMM Server
# This script configures SSH key authentication for automated deployments

param(
    [string]$Password
)

$ErrorActionPreference = "Stop"

$RMM_HOST = "guru@172.16.3.30"
$SSH_PUB_KEY = Get-Content "$env:USERPROFILE\.ssh\id_rsa.pub"

Write-Host "[INFO] Setting up passwordless SSH access to RMM server..." -ForegroundColor Cyan
Write-Host ""

# Step 1: Copy public key to RMM server
Write-Host "[1/4] Copying SSH public key to RMM server..." -ForegroundColor Yellow

# Create temp file with public key
$tempKeyFile = "$env:TEMP\claude_ssh_key.pub"
$SSH_PUB_KEY | Out-File -FilePath $tempKeyFile -Encoding ASCII -NoNewline

# Copy to RMM server /tmp
if ($Password) {
    # Use password if provided
    $env:PLINK_PASSWORD = $Password
    echo y | pscp -pw $Password $tempKeyFile "${RMM_HOST}:/tmp/claude_key.pub" 2>&1 | Out-Null
} else {
    # Interactive password prompt
    echo y | pscp $tempKeyFile "${RMM_HOST}:/tmp/claude_key.pub"
}

if ($LASTEXITCODE -ne 0) {
    Write-Host "[ERROR] Failed to copy SSH key to server" -ForegroundColor Red
    exit 1
}

Write-Host "[OK] Public key copied to /tmp/claude_key.pub" -ForegroundColor Green
Write-Host ""

# Step 2: Create .ssh directory on RMM server
Write-Host "[2/4] Creating .ssh directory on RMM server..." -ForegroundColor Yellow

if ($Password) {
    plink -batch -pw $Password $RMM_HOST "mkdir -p ~/.ssh && chmod 700 ~/.ssh" 2>&1 | Out-Null
} else {
    plink $RMM_HOST "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
}

if ($LASTEXITCODE -ne 0) {
    Write-Host "[WARNING] .ssh directory may already exist" -ForegroundColor Yellow
}

Write-Host "[OK] .ssh directory ready" -ForegroundColor Green
Write-Host ""

# Step 3: Append public key to authorized_keys
Write-Host "[3/4] Adding public key to authorized_keys..." -ForegroundColor Yellow

$setupCommand = @"
cat /tmp/claude_key.pub >> ~/.ssh/authorized_keys && \
chmod 600 ~/.ssh/authorized_keys && \
rm /tmp/claude_key.pub && \
echo 'SSH key installed successfully'
"@

if ($Password) {
    plink -batch -pw $Password $RMM_HOST $setupCommand
} else {
    plink $RMM_HOST $setupCommand
}

if ($LASTEXITCODE -ne 0) {
    Write-Host "[ERROR] Failed to configure authorized_keys" -ForegroundColor Red
    exit 1
}

Write-Host "[OK] Public key added to authorized_keys" -ForegroundColor Green
Write-Host ""

# Step 4: Test passwordless access
Write-Host "[4/4] Testing passwordless SSH access..." -ForegroundColor Yellow
Start-Sleep -Seconds 2

$testResult = plink -batch $RMM_HOST "echo 'Passwordless SSH working!'" 2>&1

if ($LASTEXITCODE -eq 0) {
    Write-Host "[SUCCESS] Passwordless SSH is configured!" -ForegroundColor Green
    Write-Host ""
    Write-Host "You can now use plink/pscp without passwords:" -ForegroundColor White
    Write-Host "  pscp file.txt ${RMM_HOST}:/tmp/" -ForegroundColor Gray
    Write-Host "  plink ${RMM_HOST} 'ls -l'" -ForegroundColor Gray
    Write-Host ""
    Write-Host "The deploy.ps1 script will now work without prompts." -ForegroundColor White
} else {
    Write-Host "[ERROR] Passwordless SSH test failed" -ForegroundColor Red
    Write-Host "Output: $testResult" -ForegroundColor Gray
    exit 1
}

# Clean up
Remove-Item $tempKeyFile -ErrorAction SilentlyContinue

Write-Host ""
Write-Host "=" * 70 -ForegroundColor Green
Write-Host "SSH KEY AUTHENTICATION CONFIGURED" -ForegroundColor Green
Write-Host "=" * 70 -ForegroundColor Green