rapid-tunneling: delete old authorized_keys entries

* rapid-tunneling-status -s (Stop) will also delete entries from authorized
  keys.
* rapid-tunneling-status -r (Remove) will do that - if not connected.
* Note the authorized_keys file in the man page.
* Better initialize variables.
* More documentation updates.


git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@9429 283159da-0705-0410-b60c-f2062b4bb6ad

4 files changed, 61 insertions, 8 deletions

diff --git a/README b/README
index efd1256..40cca1e 100644
--- a/README
+++ b/README
@@ -95,6 +95,10 @@ you should run:
 
   rapid-tunneling-status
 
+To disconnect: run
+
+  rapid-tunneling-status -s
+
 
 Server Operation
 ----------------
@@ -180,6 +184,13 @@ Feel free to send Tzafrir any questions or patches.
 
 Security
 --------
+Ideally this system should be simple to set up (assuming you have an SSH
+server with a public IP address) and thus would be a handy and more secure
+replacement to sending a password in the clear, or installing some Big
+Binary Blob.
+
+The Server
+~~~~~~~~~~
 The remote access tarball is sent potentially over an untrusted channel
 (read: the Internet). It contains potentially sensitive information: a 
 private ssh key. An imposter could try to impersionate as the client.
@@ -194,17 +205,20 @@ no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",comman
 A key can also be used to flood the server's disk, which means that the
 support user's quota should be limited.
 
+The Client
+~~~~~~~~~~
 The client then sends the connection information over the already
 established connection.
 
-
 Alternatively, if an attacker manages to send her own key (pointing to
 her own RapidTunneling server) to the user, while pretending that this
 key comes from a trusted support contact, the attacker will gain access
 to the user's system. Thus the user should be careful about the key he gets.
 
+I believe that there's no inherent issue with adding an extra key to the
+user's authorized_keys file: If the user has explicitly asked for remote
+support from a trusted party, the user might as well have sent the
+password. If the connection was not disconnected explicitly by the user
+(`rapid-tunneling-status -s`), those entries will remain and the client
+should delete them manually (`rapid-tunneling-status -r`).
 
-Ideally this system should be simple to set up (assuming you have an SSH
-server with a public IP address) and thus would be a handy and more secure
-replacement to sending a password in the clear, or installing some Big
-Binary Blob.
diff --git a/rapid-tunneling-status b/rapid-tunneling-status
index 8040616..1b9753b 100755
--- a/rapid-tunneling-status
+++ b/rapid-tunneling-status
@@ -3,18 +3,25 @@
 base_dir="$HOME/.rapid-tunneling"
 
 if [ "$1" = "--help" ]; then
-	echo "Usage: $0 [-p] [<pid-file>]" 1>&2
+	echo "Usage: $0 [-p] [-r] [-s] [<pid-file>]" 1>&2
 	echo "       -p: Print only pid of SSH process (if connecting or connected)." 1>&2
 	echo "           Otherwise, print status" 1>&2
 	echo "       Exit code: 0 if connected, 1 if connecting, 2 if not connected." 1>&2
-	echo "       $0 -s [<pid-file>]" 1>&2
 	echo "       -s: Stop the tunnel" 1>&2
+	echo "       -r: Remove the SSH keys (if not connected)" 1>&2
 	exit 255
 fi
 
+remove=0
+showpid=0
+stop=0
+
 if [ "$1" = "-p" ]; then
 	showpid=1
 	shift
+elif [ "$1" = "-r" ]; then
+	remove=1
+	shift
 elif [ "$1" = "-s" ]; then
 	stop=1
 	shift
@@ -37,15 +44,25 @@ connecting()
 not_connected()
 {
 	[ "$showpid" = 1 ] || echo "Not connected"
+	if [ "$remove" = 1 ]; then
+		remove_ssh_keys
+		exit 0
+	fi
 	exit 2
 }
 
 stop_it()
 {
 	kill $pid 2>/dev/null
+	remove_ssh_keys
 	exit 0
 }
 
+remove_ssh_keys()
+{
+	sed -i '/ rapid-tunneling$/d' "$HOME/.ssh/authorized_keys"
+}
+
 pid=`cat "$pidfile" 2>/dev/null`
 [ "$pid" ] || not_connected
 kill -s 0 $pid 2>/dev/null || not_connected
diff --git a/rapid-tunneling-status.8 b/rapid-tunneling-status.8
index 009d88c..b47b020 100644
--- a/rapid-tunneling-status.8
+++ b/rapid-tunneling-status.8
@@ -6,6 +6,9 @@ rapid-tunneling-status \- Monitor a RapidTunneling tunnel
 .I [\-p] [\-s] [<pid-file>]
 - show and/or kill a running connection.
 
+.I \-r [<pid-file>]
+- Remove left-over entries from .ssh/authorized_keys
+
 .B rapid-tunneling-status
 .I \-\-help
 - Just prints a help message
@@ -24,7 +27,8 @@ home directory of that user.
 .B \-s
 .RS
 Terminate a running connection. If this option is not provided, the 
-status of the connection will be reported.
+status of the connection will be reported. Also deletes the entry from
+the authorized_keys file.
 .RE
 
 .B \-p
@@ -33,6 +37,12 @@ If a process is running, print its PID rather than "Connected". Return
 status remains the same.
 .RE
 
+.B \-r
+.RS
+Remove any entries for rapid-runneling if the connection is no longer
+active.
+.RE
+
 .B pid-file
 .RS
 A file in which to check the PID of the running ssh process. Defaults to
@@ -64,6 +74,12 @@ PID of the potentially currently running process. Set by rapid\-tunneling .
 That directory may include several other files.
 .RE
 
+.B $HOME/.ssh/authorized_keys
+.RS
+The entry added there by rapid\-tunneling is removed at disconnect (\-s)
+time.
+.RE
+
 .SH SEE ALSO
 Full description of the operation is provided in the README file, which 
 may be /usr/share/doc/rapid\-runneling/README.gz (Debian) 
diff --git a/rapid-tunneling.8 b/rapid-tunneling.8
index f73b312..ce93082 100644
--- a/rapid-tunneling.8
+++ b/rapid-tunneling.8
@@ -61,6 +61,12 @@ rapid\-tunneling\-status to check for it. That directory may include
 several other files.
 .RE
 
+.B $HOME/.ssh/authorized_keys
+.RS
+Adds an entry here with the key sent over to the server. The comment
+for the key is 'rapid\-tunneling'.
+.RE
+
 .SH SEE ALSO
 Full description of the operation is provided in the README file, which 
 may be /usr/share/doc/rapid\-runneling/README.gz (Debian)