Added rapid-tunneling.

git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@5085 283159da-0705-0410-b60c-f2062b4bb6ad

5 files changed, 131 insertions, 0 deletions

diff --git a/create-invitation b/create-invitation
new file mode 100755
index 0000000..c2a5faa
--- /dev/null
+++ b/create-invitation
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+if [ $# -ne 2 ]; then
+	echo "Usage: $0 <tunnel-port> <comment>" 1>&2
+	exit 1
+fi
+
+KEY=tmp/key
+TUNNEL_PORT=$1
+COMMENT=$2
+
+rm -rf tmp
+mkdir tmp
+ssh-keygen -q -t rsa -b 1024 -f tmp/key -N "" -C ra-$TUNNEL_PORT-$COMMENT-`date '+%Y%m%d%H%M%S'`
+sed -i 's|^|no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="~/bin/from-remote '$TUNNEL_PORT'" |' tmp/key.pub
+echo "post" > tmp/host
+echo "22" > tmp/port
+echo "alex" > tmp/user
+echo $TUNNEL_PORT > tmp/tunnelport
+tar -czf remote-access.tar.gz -C tmp host port user tunnelport key --owner root --group root
+echo "Run the following command to allow login with the newly-generated key." 1>&2
+echo "cat `realpath tmp/key.pub` >> ~/.ssh/authorized_keys"
diff --git a/finish-ra b/finish-ra
new file mode 100755
index 0000000..8836b9f
--- /dev/null
+++ b/finish-ra
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if [ -z "$1" ]; then
+	echo "Usage: $0 <comment>" 1>&2
+	exit 1
+fi
+
+comment=$1
+perl -i -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config
+sed -i "/ra-[0-8]\+-$comment-[0-9]\+$/d" ~/.ssh/authorized_keys
+count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l`
+if [ $count -eq 0 ]; then
+	echo "No files with name $comment in ~/ra." 1>&2
+	ls ~/ra-*-$comment-*.tar.gz
+	exit 1
+fi
+mv -f ~/ra/ra-*-$comment-*.tar.gz ~/ra/ra-*-$comment-*-key ~/ra/old 2>/dev/null
diff --git a/from-remote b/from-remote
new file mode 100755
index 0000000..45347d3
--- /dev/null
+++ b/from-remote
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+exec 2>err
+
+log()
+{
+	echo `date` "$@" >> log
+}
+
+bad()
+{
+	mv $file bad/ra-$$.tar.gz
+	log "Bad connection attempt. SSH_CONNECTION='$SSH_CONNECTION', file=bad/ra-$$.tar.gz"
+	exit 1
+}
+
+mkdir -p ra ra/old bad
+file=ra/ra-$$.tar.gz
+dd of=$file bs=100k count=1 2>/dev/null
+tar tzf $file >/dev/null 2>&1 || bad
+pubkey=`tar xzf $file -O origkey | ssh-keygen -y -f /proc/self/fd/0 | awk '$1 == "ssh-rsa" {print $2}'`
+[ -z "$pubkey" ] && bad
+comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'`
+[ -z "$comment" ] && bad
+mv -f ra/$comment-* ra/old 2>/dev/null
+mv $file ra/$comment-$$.tar.gz
+file=ra/$comment-$$.tar.gz
+log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file"
+exec -a sleep-$comment sleep 1d
diff --git a/prepare-connect b/prepare-connect
new file mode 100755
index 0000000..8a10b91
--- /dev/null
+++ b/prepare-connect
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+if [ -z "$1" ]; then
+	echo "Usage: $0 <comment>" 1>&2
+	exit 1
+fi
+
+comment=$1
+count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l`
+if [ $count -gt 1 ]; then
+	echo "More than 1 file from $comment in ~/ra. Leave only one file." 1>&2
+	ls ~/ra-*-$comment-*.tar.gz
+	exit 1
+fi
+if [ $count -eq 0 ]; then
+	echo "No files with name $comment in ~/ra." 1>&2
+	ls ~/ra-*-$comment-*.tar.gz
+	exit 1
+fi
+file=`ls ~/ra/ra-*-$comment-*.tar.gz`
+port=`echo $file | sed 's/.*ra-\([^-]\+\)-.*/\1/'`
+keyfile=`echo $file | sed 's/.tar.gz$/-key/'`
+tar xzf $file -O key > $keyfile
+chmod 600 $keyfile
+perl -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config > ~/.ssh/config.new
+cat >> ~/.ssh/config.new <<EOF
+Host ra-$comment
+	HostName localhost
+	User support
+	Port $port
+	IdentityFile $keyfile
+	ForwardX11 no
+EOF
+mv -f ~/.ssh/config.new ~/.ssh/config
diff --git a/remote-access b/remote-access
new file mode 100755
index 0000000..02ae4e7
--- /dev/null
+++ b/remote-access
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+if [ -z "$1" ]; then
+	echo "Usage: $0 <remote-access-file-name>" 1>&2
+	exit 1
+fi
+
+rm -rf /tmp/ra
+mkdir -m 700 /tmp/ra
+mkdir /tmp/ra/recv /tmp/ra/send
+gunzip -cf $1 | tar xf - -C /tmp/ra/recv
+dropbearconvert openssh dropbear /tmp/ra/recv/key /tmp/ra/recv/key.db
+chmod 600 /tmp/ra/recv/key.db
+user=`cat /tmp/ra/recv/user`
+host=`cat /tmp/ra/recv/host`
+port=`cat /tmp/ra/recv/port`
+tunnelport=`cat /tmp/ra/recv/tunnelport`
+
+dropbearkey -t rsa -f /tmp/ra/send/key.db | grep '^ssh-rsa ' > /tmp/ra/send/key.pub
+dropbearconvert dropbear openssh /tmp/ra/send/key.db /tmp/ra/send/key
+cp /tmp/ra/recv/key /tmp/ra/send/origkey
+tar czf /tmp/ra/send/ra-params.tar.gz -C /tmp/ra/send key origkey
+
+mkdir -m 700 /tmp/ra/.ssh
+cat /tmp/ra/send/key.pub >> /tmp/ra/.ssh/authorized_keys
+chmod 644 /tmp/ra/.ssh/authorized_keys
+start-stop-daemon -S -b -x /bin/sh -- -c "ssh -y -K 10 -T -p $port -i /tmp/ra/recv/key.db -R $tunnelport:127.0.0.1:22 -l $user $host < /tmp/ra/send/ra-params.tar.gz"