#!/bin/sh USERNAME=support FROM_REMOTE_COMMAND=/usr/share/rapid-tunneling/bin/rt-from-remote UPLOAD_TARGET="xorcom@updates.xorcom.com" CFG_FILE=/etc/rapid-tunneling/rtadm if [ -r $CFG_FILE ]; then . $CFG_FILE; fi verify_config_is_set() { if [ -z "$HOSTNAME" -o -z "$PORT" ]; then echo "ERROR: Hostname or port not set in configuration file $CFG_FILE." 1>&2 exit 1 fi } create() { set -e TUNNEL_PORT=$1 COMMENT=$2 verify_config_is_set if grep -q "ra-[0-9]\+-$COMMENT-[0-9]\+" $HOME/.ssh/authorized_keys 2>/dev/null; then echo "Connection name '$COMMENT' already exists. Aborting." 1>&2 exit 1 fi if ! [ $TUNNEL_PORT -ge 1024 -a $TUNNEL_PORT -le 65535 ] 2>/dev/null; then echo "Tunnel-port should be an integer in the range 1024-65535. Aborting." exit 1 fi rm -rf ~/tmp mkdir ~/tmp key_comment=ra-$TUNNEL_PORT-$COMMENT-`date '+%Y%m%d%H%M%S'` ssh-keygen -q -t rsa -f ~/tmp/key -N "" -C $key_comment sed -i 's|^|#DISABLED#no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="'"$FROM_REMOTE_COMMAND $TUNNEL_PORT"'" |' ~/tmp/key.pub echo $HOSTNAME > ~/tmp/host echo $PORT > ~/tmp/port echo $USERNAME > ~/tmp/user echo $TUNNEL_PORT > ~/tmp/tunnelport echo $COMMENT > ~/tmp/basename mkdir -p "$HOME/tar" tarball="$HOME/tar/remote-access-$COMMENT.tar.gz" tar -czf $tarball -C ~/tmp basename host key port tunnelport user --owner root --group root mkdir -m 700 -p ~/.ssh # Remove conflicting entries fron a non-hashed known_hosts file: if [ -r $HOME/.ssh/known_hosts ]; then sed -i -e "/^\[localhost\]:$PORT /d" $HOME/.ssh/known_hosts fi umask 022 cat ~/tmp/key.pub >> ~/.ssh/authorized_keys perl -e '$host="'ra-$COMMENT'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config > ~/.ssh/config.new 2>/dev/null cat >> ~/.ssh/config.new <&2 "Tarball for $comment ($tarball) missing. Not uploading." exit 1 fi cat "$tarball" | ssh -T $UPLOAD_TARGET \ | tee -a "$HOME/upload.log" } delete() { comment="$1" perl -i -e '$host="'ra-$comment'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config sed -i "/ra-[0-9]\+-$comment-[0-9]\+$/d" ~/.ssh/authorized_keys count=`ls ~/ra/ra-*-$comment-*.tar.gz 2>/dev/null | wc -l` [ $count -gt 0 ] && mv -f ~/ra/ra-*-$comment-*.tar.gz ~/ra/ra-*-$comment-*-key ~/ra/old 2>/dev/null } show() { comments=`sed -n 's/.*ra-[0-9]\+-$.*$-[0-9]\+$/\1/p' ~/.ssh/authorized_keys` for i in $comments; do if grep -q "^#DISABLED#.*ra-[0-9]\+-$i-[0-9]\+\$" ~/.ssh/authorized_keys; then enabled="disabled" else enabled="enabled " fi sleep_ppid=`ps axj | awk '/sleep-ra-[0-9]+-'$i'-[0-9]+/ {print $1}' | tail -n 1` if [ -z "$sleep_ppid" ]; then connected="disconnected" else [ "$sleep_ppid" = "1" ] && connected="disconnected" || connected="connected" fi port=`grep "ra-[0-9]\+-$i-[0-9]\+\$" ~/.ssh/authorized_keys | sed -e 's/.*command="[^ ]\+ $[0-9]\+$".*/\1/'` printf "$port\\t$i\\t\\t$enabled\\t$connected\n" done } disconnect() { comment="$1" pids=`ps axj | awk '/sleep-ra-[0-9]+-'$comment'-[0-9]+/ {print $1 " " $2}'` for i in $pids; do [ "$i" = "1" ] && continue kill $i 2>/dev/null done } usage() { exec 1>&2 echo "Usage: $0 [options]" echo "Commands:" echo " create [-e]

" echo " # create invitation tar.gz, if -e specified, enable it" echo " show" echo " # show current connections" echo " enable " echo " disable " echo " # enable/disable future connections" echo " disconnect " echo " # disconnect connection" echo " upload " echo " # upload a copy of the key" echo " delete " echo " # disconnect, disable and delete any trace of the connection" exit 1 } if [ $# = 0 -o "$1" = "-h" -o "$1" = "--help" ]; then usage fi case "$1" in create) shift [ "$1" = "-e" ] && do_enable=1 && shift [ -z "$1" -o -z "$2" -o -n "$3" ] && usage create "$1" "$2" [ "$do_enable" = 1 ] && enable "$2" ;; show) shift show ;; enable) shift [ -z "$1" -o -n "$2" ] && usage enable "$1" ;; disable) shift [ -z "$1" -o -n "$2" ] && usage disable "$1" ;; disconnect) shift [ -z "$1" -o -n "$2" ] && usage disconnect "$1" ;; upload) shift [ -z "$1" -o -n "$2" ] && usage upload "$1" ;; delete) shift [ -z "$1" -o -n "$2" ] && usage delete "$1" disconnect "$1" ;; *) usage ;; esac