Changeset 8572


Ignore:
Timestamp:
Oct 16, 2010, 5:15:29 PM (14 years ago)
Author:
rick
Message:

Liked the idea, but now it is actually secure and really usable/readable

File:
1 edited

Legend:

Unmodified
Added
Removed

  • 2.0/nanobsd/nanobsd/files/usr/local/sshtun/sshtun.sh

    r8571 r8572  
    11#!/bin/sh
     2#
    23# Simple deamon which does remote connecting to a sertain host for tunnel
    34# forwarding.
     
    67# !!                                                                   !!
    78# !!  THIS IS A HACK AND REQUIRES INTERACTIVE LOGIN ON THE REMOTE SIDE !!
    8 # !!  CANNOT BE USED WITHOUT ANY OTHER PROPER SECURITY MEASURES LIKE   !!
    9 # !!  BUT LIMITED TO IP BLOCKING/USER LIMITED ACCESS AND PROPER LOGS.  !!
     9# !!  MAKE SURE TO LIMIT AND SECURE YOUR SETUP IN ANY WAYS YOU CAN     !!
     10# !!  INCLUDING BUT NOT LIMITED TO FIREWALL RULES, PROPER LOGGING,     !!
     11# !!                                                                   !!
     12# !!  MAKE SURE TO SURE YOUR PUBLIC SSH KEY TO AVOID HARM BY USING:    !!
     13# !!    from="example.org",no-user-rc,no-X11-forwarding,no-pty,        !!
     14# !!    no-agent-forwarding,command="",permitopen="127.0.0.1:1"        !!
    1015# !!                                                                   !!
    1116# !!WARNING!!!!!!!!!!WARNING!!!!!!!!!!!WARNING!!!!!!!!!!WARNING!!!!!!!!!!
    1217#
     18# Licence: BSDLike - https://www.wirelessleiden.nl/LICENSE
     19#
    1320# Created by Richard van Mansom - Jan 2010
    14 # Make deamon friendly by Rick van der Zwet  - Feb 2010
     21# Make daemon friendly by Rick van der Zwet  - Feb 2010
     22# Revamp to secure and reuse in multiple setups Rick van der Zwet - Oct 2010
    1523
     24# User variables
     25SSH_HOST=${SSH_HOST:-sshtun.wirelessleiden.nl}
     26SSH_USER=${SSH_USER:-ssh-tun}
     27SSH_KEY=${SSH_KEY:-${PWD}/sshkey}
    1628
    17 # Define some vars
    18 PWD=`dirname $0`
    19 SSH_FLAGS=$@
     29PIDFILE=${PIDFILE:-/var/run/sshtun.pid}
     30LOGFILE=${LOGFILE:-/var/log/sshtun.log}
    2031
    21 HOST="sshtun.wirelessleiden.nl"
    22 USER="ssh-tun"
    23 SSHKEY="${PWD}/sshkey"
    24 PID='/var/run/sshtun.pid'
    25 LOGFILE='/var/log/sshtun.log'
    26 
    27 # Program internal variables
    28 WAIT="600"
    29 REMOTEWAIT=`expr 3600 \* 24 \* 365`
    30 
    31 # Make sure a port is specified
    32 if [ -z "$SSH_FLAGS" ]; then
    33   echo "Usage: $0 <SSH_CLIENT_FLAGS>"
    34   exit 64
    35 fi
     32RECONNECT_TIMEOUT=${RECONNECT_TIMEOUT:-`expr 60 \* 5`}
    3633
    3734log() {
     
    3936}
    4037
    41 # Store script PID in right location
    42 echo $$ > $PID || exit 1
     38# Internal helpers, storage and shortcuts
     39PWD=`dirname $0`
     40SSH_PID=""
    4341
    44 SSHPIDFILE=`mktemp -t $(basename $0)`
    45 
     42# On (forced) exit, close tunnel and make sure to cleanup the leftovers.
    4643trap_exit() {
    47    if [ -s $SSHPID ]; then
    48      kill `cat $SSHPID`
    49      rm $SSHPID
     44   if [ -n "$SSH_PID" ]; then
     45     kill $SSH_PID
    5046   fi
    51    exit
     47   rm -f $PIDFILE
    5248}
    5349
    54 # Don't leave the ssh client process behind
    55 trap "trap_exit" 0 1 2 15
     50# Don't leave the ssh client process behind and exit with proper exit code
     51for SIGNAL in 1 2 15; do
     52  trap "trap_exit; exit $SIGNAL" $SIGNAL
     53done
    5654
    5755
    58 # Main program
     56# Make sure a port is specified
     57SSH_FLAGS=$@
     58if [ -z "$SSH_FLAGS" ]; then
     59  echo "Usage: $0 <SSH_CLIENT_FLAGS>"
     60  echo ""
     61  echo "Example: $0 -R 127.0.0.1:10022:127.0.0.1:22"
     62  exit 64
     63fi
     64
     65# Store script PID in right location
     66echo $$ > $PIDFILE || exit 1
     67
    5968log "[INFO] Connecting with args: $SSH_FLAGS"
    6069
     
    6372do
    6473  # Connect to remote site
    65   ssh ${SSH_FLAGS} -i ${SSHKEY} ${USER}@${HOST} -o ServerAliveInterval=5 \
     74  ssh ${SSH_FLAGS} -i ${SSH_KEY} ${SSH_USER}@${SSH_HOST} -o ServerAliveInterval=5 \
    6675    -o ExitOnForwardFailure=yes -o BatchMode=yes  -o StrictHostKeyChecking=no \
    67     -n -N "sh -c 'sleep ${REMOTEWAIT}'" &
     76    -n -N  1>&2 2>> $LOGFILE &
    6877
    6978  # Save the sshtun PID
    70   SSHPID=$!
    71   echo ${SSHPID} > ${SSHPIDFILE}
    72   log "[NOTICE] Used PID: $SSHPID"
     79  SSH_PID=$!
     80  log "[NOTICE] Used PID: $SSH_PID"
    7381
    74   # As long the client is running make sure to sleep and relax, don't make it very
    75   # long as a sleeping shell script cannot receive sigtals
    76   while [ `ps ax | awk '{ print $1 }' | grep "^$SSHPID\$"` ]; do
    77      sleep 10
    78   done
    79   log "[NOTICE] SSHTUN Disconnected ${SSHPID}"
     82  # As long the client is running make sure to sleep and relax
     83  wait
    8084
    8185  # Mark process disconnected
    82   echo "" > ${SSHPIDFILE}
     86  log "[NOTICE] SSHTUN Disconnected ${SSH_PID}"
     87  SSH_PID=""
    8388
    84   log "[INFO] Sleeping $WAIT seconds before reconnect"
    85   sleep ${WAIT}
     89  log "[INFO] Sleeping $RECONNECT_TIMEOUT seconds before reconnect"
     90  sleep $RECONNECT_TIMEOUT
    8691done
    8792
     93log "[ERROR] Should never be able to get here"
     94trap_exit
     95
Note: See TracChangeset for help on using the changeset viewer.