diff options
author | Alex Landau <alex.landau@xorcom.com> | 2007-12-10 07:46:31 +0000 |
---|---|---|
committer | Alex Landau <alex.landau@xorcom.com> | 2007-12-10 07:46:31 +0000 |
commit | def7ed2832cbb6d183b8c195ac7f58b788053487 (patch) | |
tree | cd02dfb44bf984ac1b5499041b6991e422865a50 |
Added rapid-tunneling.
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@5085 283159da-0705-0410-b60c-f2062b4bb6ad
-rwxr-xr-x | create-invitation | 24 | ||||
-rwxr-xr-x | finish-ra | 17 | ||||
-rwxr-xr-x | from-remote | 29 | ||||
-rwxr-xr-x | prepare-connect | 34 | ||||
-rwxr-xr-x | remote-access | 27 |
5 files changed, 131 insertions, 0 deletions
diff --git a/create-invitation b/create-invitation new file mode 100755 index 0000000..c2a5faa --- /dev/null +++ b/create-invitation @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +if [ $# -ne 2 ]; then + echo "Usage: $0 <tunnel-port> <comment>" 1>&2 + exit 1 +fi + +KEY=tmp/key +TUNNEL_PORT=$1 +COMMENT=$2 + +rm -rf tmp +mkdir tmp +ssh-keygen -q -t rsa -b 1024 -f tmp/key -N "" -C ra-$TUNNEL_PORT-$COMMENT-`date '+%Y%m%d%H%M%S'` +sed -i 's|^|no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="~/bin/from-remote '$TUNNEL_PORT'" |' tmp/key.pub +echo "post" > tmp/host +echo "22" > tmp/port +echo "alex" > tmp/user +echo $TUNNEL_PORT > tmp/tunnelport +tar -czf remote-access.tar.gz -C tmp host port user tunnelport key --owner root --group root +echo "Run the following command to allow login with the newly-generated key." 1>&2 +echo "cat `realpath tmp/key.pub` >> ~/.ssh/authorized_keys" diff --git a/finish-ra b/finish-ra new file mode 100755 index 0000000..8836b9f --- /dev/null +++ b/finish-ra @@ -0,0 +1,17 @@ +#!/bin/sh + +if [ -z "$1" ]; then + echo "Usage: $0 <comment>" 1>&2 + exit 1 +fi + +comment=$1 +perl -i -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config +sed -i "/ra-[0-8]\+-$comment-[0-9]\+$/d" ~/.ssh/authorized_keys +count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l` +if [ $count -eq 0 ]; then + echo "No files with name $comment in ~/ra." 1>&2 + ls ~/ra-*-$comment-*.tar.gz + exit 1 +fi +mv -f ~/ra/ra-*-$comment-*.tar.gz ~/ra/ra-*-$comment-*-key ~/ra/old 2>/dev/null diff --git a/from-remote b/from-remote new file mode 100755 index 0000000..45347d3 --- /dev/null +++ b/from-remote @@ -0,0 +1,29 @@ +#!/bin/sh + +exec 2>err + +log() +{ + echo `date` "$@" >> log +} + +bad() +{ + mv $file bad/ra-$$.tar.gz + log "Bad connection attempt. SSH_CONNECTION='$SSH_CONNECTION', file=bad/ra-$$.tar.gz" + exit 1 +} + +mkdir -p ra ra/old bad +file=ra/ra-$$.tar.gz +dd of=$file bs=100k count=1 2>/dev/null +tar tzf $file >/dev/null 2>&1 || bad +pubkey=`tar xzf $file -O origkey | ssh-keygen -y -f /proc/self/fd/0 | awk '$1 == "ssh-rsa" {print $2}'` +[ -z "$pubkey" ] && bad +comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'` +[ -z "$comment" ] && bad +mv -f ra/$comment-* ra/old 2>/dev/null +mv $file ra/$comment-$$.tar.gz +file=ra/$comment-$$.tar.gz +log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file" +exec -a sleep-$comment sleep 1d diff --git a/prepare-connect b/prepare-connect new file mode 100755 index 0000000..8a10b91 --- /dev/null +++ b/prepare-connect @@ -0,0 +1,34 @@ +#!/bin/sh + +if [ -z "$1" ]; then + echo "Usage: $0 <comment>" 1>&2 + exit 1 +fi + +comment=$1 +count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l` +if [ $count -gt 1 ]; then + echo "More than 1 file from $comment in ~/ra. Leave only one file." 1>&2 + ls ~/ra-*-$comment-*.tar.gz + exit 1 +fi +if [ $count -eq 0 ]; then + echo "No files with name $comment in ~/ra." 1>&2 + ls ~/ra-*-$comment-*.tar.gz + exit 1 +fi +file=`ls ~/ra/ra-*-$comment-*.tar.gz` +port=`echo $file | sed 's/.*ra-\([^-]\+\)-.*/\1/'` +keyfile=`echo $file | sed 's/.tar.gz$/-key/'` +tar xzf $file -O key > $keyfile +chmod 600 $keyfile +perl -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config > ~/.ssh/config.new +cat >> ~/.ssh/config.new <<EOF +Host ra-$comment + HostName localhost + User support + Port $port + IdentityFile $keyfile + ForwardX11 no +EOF +mv -f ~/.ssh/config.new ~/.ssh/config diff --git a/remote-access b/remote-access new file mode 100755 index 0000000..02ae4e7 --- /dev/null +++ b/remote-access @@ -0,0 +1,27 @@ +#!/bin/sh + +if [ -z "$1" ]; then + echo "Usage: $0 <remote-access-file-name>" 1>&2 + exit 1 +fi + +rm -rf /tmp/ra +mkdir -m 700 /tmp/ra +mkdir /tmp/ra/recv /tmp/ra/send +gunzip -cf $1 | tar xf - -C /tmp/ra/recv +dropbearconvert openssh dropbear /tmp/ra/recv/key /tmp/ra/recv/key.db +chmod 600 /tmp/ra/recv/key.db +user=`cat /tmp/ra/recv/user` +host=`cat /tmp/ra/recv/host` +port=`cat /tmp/ra/recv/port` +tunnelport=`cat /tmp/ra/recv/tunnelport` + +dropbearkey -t rsa -f /tmp/ra/send/key.db | grep '^ssh-rsa ' > /tmp/ra/send/key.pub +dropbearconvert dropbear openssh /tmp/ra/send/key.db /tmp/ra/send/key +cp /tmp/ra/recv/key /tmp/ra/send/origkey +tar czf /tmp/ra/send/ra-params.tar.gz -C /tmp/ra/send key origkey + +mkdir -m 700 /tmp/ra/.ssh +cat /tmp/ra/send/key.pub >> /tmp/ra/.ssh/authorized_keys +chmod 644 /tmp/ra/.ssh/authorized_keys +start-stop-daemon -S -b -x /bin/sh -- -c "ssh -y -K 10 -T -p $port -i /tmp/ra/recv/key.db -R $tunnelport:127.0.0.1:22 -l $user $host < /tmp/ra/send/ra-params.tar.gz" |