#!/bin/bash # license gpl V3 # Author Dominique Chabord SISalp since 2007 # dominique.chabord@sisalp.org # http://sisalp.fr ##-L # This program is Free Software; you can redistribute it and/or ##-L # modify it under the terms of the GNU General Public License ##-L # as published by the Free Software Foundation; either version 2 ##-L # of the License, or (at your option) any later version. ##-L # ##-L # This program is distributed in the hope that it will be useful, ##-L # but WITHOUT ANY WARRANTY; without even the implied warranty of ##-L # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ##-L # GNU General Public License for more details. ##-L # ##-L # You should have received a copy of the GNU General Public License ##-L # along with this program; if not, write to the Free Software ##-L # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. SSH_VERSION="SSH version 23 March 2023 -rev 4" DOWNLOAD_URL="http://download.sisalp.net/scripts" # version 23 March 2023 # ====================== # large refactoring of all commands # support of reverse tunnel, options -auto, -background, -status # remove conversion of old scripts xkey # Allow to store password in command config # # version 05 October 2021 # ====================== # support ed25519 keys # draft support of reverse tunnel # # # version 16 April 2021 # ====================== # tunnel parameters can be stored in command configuration # --keep update command code with no change in configuration # generated command updates itself with SSH --keep # # version 18 january 2021 # ==================== # generated scripts are the same, only configs differ # generation is based on a template, #template easier to edit # version 29 july 2019 # ==================== # improve auto-setup of generated scripts like backup command # # version 16 july 2019 # ==================== # simplification of command configuration file # new functions delete and purge in generated script # new functions --forget and --sort to erase old data and sort data # # version 21 may 2019 # ==================== # code refactoring from xkey previous script # SSH is now only a command creator # All xkey functions not often used are deleted # #------------------------------------------------------------------------- CHECK_GET_NOT_EMPTY () #------------------------------------------------------------------------- { QUESTION="$1" shift RESULT="$*" if [ -z "$RESULT" ] ; then echo -n "$QUESTION : " read RESULT if [ -z "$RESULT" ] ; then echo "$QUESTION is mandatory" exit $LINENO fi fi } #------------------------------------------------------------------------- CHECK_GET_DEFAULT () #------------------------------------------------------------------------- { QUESTION="$1" shift RESULT="$1" shift if [ "${RESULT}" = ":" ] ; then RESULT="" else shift fi default_result="$*" if [ -z "$RESULT" ] ; then echo -n "$QUESTION, default is <$default_result> : " read RESULT fi case "$RESULT" in Y|y|o|O) echo "$QUESTION is set to default value $default_result" RESULT="$default_result" ;; esac if [ -z "$RESULT" ] ; then echo "$QUESTION is set to default value $default_result" RESULT="$default_result" fi } #------------------------------------------------------------------------- GET_COMMAND_PARAMETERS () #------------------------------------------------------------------------- { CHECK_GET_NOT_EMPTY "Remote user" $2 REMOTE_USER="$RESULT" CHECK_GET_NOT_EMPTY "Remote host name" $3 REMOTE_HOST="$RESULT" CHECK_GET_DEFAULT "Connection port" $4 : 22 CONNECT_PORT="$RESULT" case "$REMOTE_HOST" in [0-9]*) IP_HOST="-" ;; *) CHECK_GET_DEFAULT "IP address for a host when on the local network, else dns resolution" $5 : - IP_HOST="$RESULT" ;; esac REMOTE_FQDN="-" REMOTE_FQDN_PORT="22" case "$IP_HOST" in -) ;; [0-9]*) CHECK_GET_DEFAULT "Alternate url for dns resolution if $IP_HOST is not reachable" $6 : - REMOTE_FQDN="$RESULT" case "$REMOTE_FQDN" in -) ;; *) CHECK_GET_DEFAULT "Remote port for connecting to alternate url $REMOTE_FQDN" $7 : 22 REMOTE_FQDN_PORT="$RESULT" ;; esac ;; esac CHECK_GET_DEFAULT "Remote Password < optional >" $8 : REMOTE_PASSWORD="$RESULT" HOST_DEFAULT_NAME=`echo "$REMOTE_HOST" | cut -d. -f1` HOST_DEFAULT_DOMAIN=`echo "$REMOTE_HOST" | cut -d. -f2-` if [ -e "/usr/local/bin/$HOST_DEFAULT_NAME" ] ; then CHECK_GET_NOT_EMPTY "Command name" $1 else CHECK_GET_DEFAULT "Command name" $1 : $HOST_DEFAULT_NAME fi SshScript="$RESULT" } #------------------------------------------------------------------------- PARAMETERS="$*" COMMAND="$1" shift case `whoami` in root) if [ ! -d /usr/local/etc ] ; then mkdir /usr/local/etc fi if [ ! -d /usr/local/etc/SSH ] ; then mkdir /usr/local/etc/SSH fi rm -f /usr/local/etc/SSH/SSH.conf ;; esac case "$COMMAND" in -v|--version|version) echo "$SSH_VERSION" ;; -u|--update|update) case `whoami` in root) source="http://download.sisalp.net/scripts/SSH" if [ ! -z "$1" ] ; then source="$1" fi cd /usr/local/bin mv SSH SSH.previous_version wget -q $source -O SSH chmod 755 SSH diff SSH.previous_version SSH $0 --version echo "SSH program is uptodate" if [ ! -d /usr/local/etc ] ; then mkdir -p /usr/local/etc fi if [ ! -d /usr/local/etc/SSH ] ; then mkdir -p /usr/local/etc/SSH fi ;; *) echo "You must have root priviledge for --update, trying sudo" sudo $0 $PARAMETERS ;; esac ;; -c|--command|command) case `whoami` in root) GET_COMMAND_PARAMETERS $* if [ -e "/usr/local/bin/$SshScript" ] ; then echo "File /usr/local/bin/$SshScript already exists" exit 1 else if $SshScript > /dev/null 2>&1 ; then echo "Command should not have the name of another valid unix command" exit 1 fi fi echo "# SSH identifyer: This file has been generated automatically by $SSH_VERSION on `date` on $HOSTNAME # $SshScript version on $HOSTNAME generated by $SSH_VERSION on `date` on $HOSTNAME HostName=\"\$HOSTNAME\" MyScriptName=\"$SshScript\" RemoteHost=\"$REMOTE_HOST\" RemoteIp=\"$IP_HOST\" RemotePort=\"$CONNECT_PORT\" RemoteFqdn=\"$REMOTE_FQDN\" RemoteFqdnPort=\"$REMOTE_FQDN_PORT\" RemoteUser=\"$REMOTE_USER\" RemotePassword=\"$REMOTE_PASSWORD\" DownloadUrl=\"$DOWNLOAD_URL\" " > /usr/local/etc/SSH/$SshScript.conf chmod 755 /usr/local/etc/SSH/$SshScript.conf echo "#! /bin/bash # SSH identifyer: This file has been generated automatically by $SSH_VERSION on `date` on $HOSTNAME CreationDate=\"`date`\" Generator=\"$SSH_VERSION\" # ========================================== " > /usr/local/bin/$SshScript cat $0 | grep "^#template:" | cut -f2- >> /usr/local/bin/$SshScript chmod 755 /usr/local/bin/$SshScript echo "A new $SshScript command has been created" echo "==========================================" $SshScript --help ;; *) echo "You must have root priviledge for $COMMAND, trying sudo" sudo $0 $PARAMETERS ;; esac ;; -f|--forget|forget) ForgottenCommands="$*" case `whoami` in root) for command in $ForgottenCommands ; do rm -f /usr/local/etc/SSH/$command.conf rm -f /usr/local/bin/$command done ;; *) echo "You must have root priviledge for $COMMAND for erase data of access/tunnelling commands, trying sudo" sudo $0 $PARAMETERS ;; esac ;; -r|--refurbish|refurbish|--keep) #--keep syntax stands for old versions of commands case `whoami` in root) case "$1" in All) if [ -d /usr/local/etc/SSH ] ; then cd /usr/local/etc/SSH for refurbishcommand in * ; do $0 --refurbish `basename $refurbishcommand .conf` done fi ;; *) CHECK_GET_NOT_EMPTY "Command names" $* SshScripts="$RESULT" for script in $SshScripts ; do if [ -e "/usr/local/bin/$script" ] ; then mv /usr/local/bin/$script /usr/local/bin/previous.$script echo "File $script is saved to previous.$script" fi echo "#! /bin/bash # SSH identifyer: This file has been generated automatically by $SSH_VERSION on `date` on $HOSTNAME CreationDate=\"`date`\" Generator=\"$SSH_VERSION\" # ========================================== " > /usr/local/bin/$script cat $0 | grep "^#template:" | cut -f2- >> /usr/local/bin/$script chmod 755 /usr/local/bin/$script echo "A new $script command has been created" echo "==========================================" diff /usr/local/bin/previous.$script /usr/local/bin/$script done ;; esac ;; *) echo "You must have root priviledge for $COMMAND, trying sudo" sudo $0 $PARAMETERS ;; esac ;; -l|--list|list|-t|--test|test) if [ -d /usr/local/etc/SSH ] ; then cd /usr/local/etc/SSH/ echo "list of commands generated by SSH" echo "----------------------------------" for SSH_conf in * ; do case "$SSH_conf" in SSH.conf) ;; *) case "$COMMAND" in -l|--list|list) SSH_command=`basename $SSH_conf .conf` if [ -f /usr/local/bin/$SSH_command ] ; then /usr/local/bin/$SSH_command --version else echo "Configuration $SSH_conf has no program in /usr/local/bin/" fi ;; -t|--test|test) SSH_command=`basename $SSH_conf .conf` if [ -f /usr/local/bin/$SSH_command ] ; then echo "test of $SSH_command :" /usr/local/bin/$SSH_command --check echo "====================" else echo "Configuration $SSH_conf has no program in /usr/local/bin/" fi ;; esac ;; esac done echo "----------------------------------" fi ;; h|-h|--help|help|*) echo "SSH : create shortcut commands for connecting and tunnelling" echo "SSH is designed for virtual machines which migrate over several hosts" echo "usage : SSH option parameters" echo "==============================" echo "possible options are :" echo "SSH -h|--help|help" echo " print this help" echo "SSH -c|--command|command command_name remote_user remote_host connection_port [ip_address [alternate_fqdn [alternate_fqdn_port]]]]" echo " create a command for ssh login" echo " optional arguments can be replaced by - when empty" echo "SSH -f|--forget|forget list_of_command_names" echo " delete command_names and their parameters" echo "SSH -l|--list|list" echo " print the list of all commands generated locally and versions" echo "SSH -r|--refurbish|refurbish list_of_command_names|All" echo " update program of a command and keep its configuration unchanged" echo "SSH -t|--test|test" echo " test all commands generated locally" echo "SSH -u|--update|update" echo " download a fresh copy of this script" echo "SSH -v|--version|version" echo " print the version of this script" echo "==============================" echo "==============================" ;; esac exit 0 #keep tab after #template: #template: # SSH is available at http://download.sisalp.net/scripts/SSH #template: # license gpl V3 #template: # Author Dominique Chabord SISalp https://sisalp.fr #template: # dominique.chabord@sisalp.org #template: # This program is Free Software; you can redistribute it and/or #template: # modify it under the terms of the GNU General Public License #template: # as published by the Free Software Foundation; either version 2 #template: # of the License, or (at your option) any later version. #template: # #template: # This program is distributed in the hope that it will be useful, #template: # but WITHOUT ANY WARRANTY; without even the implied warranty of #template: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #template: # GNU General Public License for more details. #template: # #template: # You should have received a copy of the GNU General Public License #template: # along with this program; if not, write to the Free Software #template: # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #template: #========================================== #template: # specific values #template: MyScriptName=`basename $0` #template: ScriptConf=" /usr/local/etc/SSH/$MyScriptName.conf" #template: DATE=`date +%d-%m-%y-%H-%M-%S` #template: #template: if [ ! -d /usr/local/etc/SSH ] ; then #template: echo "$LINENO $DATE Configuration directory /usr/local/etc/SSH is not found" #template: case `whoami` in #template: root) #template: mkdir /usr/local/etc/SSH #template: echo "$LINENO $DATE Configuration directory /usr/local/etc/SSH is created" #template: ;; #template: esac #template: fi #template: if [ -f $ScriptConf ] ; then #template: . $ScriptConf #template: else #template: echo "$LINENO $DATE Configuration file $ScriptConf is not found" #template: case `whoami` in #template: root) #template: cd /usr/local/etc/SSH #template: if wget -q http://download.sisalp.net/scripts/$MyScriptName.conf ; then #template: echo "$LINENO $DATE Configuration file $ScriptConf is downloaded" #template: else #template: echo "$LINENO $DATE Configuration file $ScriptConf could not be downloaded" #template: fi #template: ;; #template: esac #template: exit 1 #template: fi #template: #------------------------------------------------------------------------- #template: CHECK_GET_NOT_EMPTY () #template: #------------------------------------------------------------------------- #template: { #template: Question="$1" #template: shift #template: Result="$*" #template: if [ -z "$Result" ] ; then #template: echo -n "$Question : " #template: read Result #template: if [ -z "$Result" ] ; then #template: echo "$LINENO $DATE $Question is mandatory" #template: exit 1 #template: fi #template: fi #template: } #template: #------------------------------------------------------------------------- #template: CHECK_GET_DEFAULT () #template: #------------------------------------------------------------------------- #template: { #template: Question="$1" #template: shift #template: Result="$1" #template: shift #template: case "${Result}" in #template: :) #template: Result="" #template: ;; #template: *) #template: shift #template: ;; #template: esac #template: default_result="$*" #template: if [ -z "$Result" ] ; then #template: echo -n "$LINENO| $Question, default is <$default_result> : " #template: read Result #template: fi #template: case "$Result" in #template: Y|y|o|O) #template: echo "$LINENO| $Question is set to default value $default_result" #template: Result="$default_result" #template: ;; #template: esac #template: if [ -z "$Result" ] ; then #template: echo -cv "$LINENO| $Question is set to default value $default_result" #template: Result="$default_result" #template: fi #template: } #template: #------------------------------------------------------------------------- #template: CHECK_LAN_OR_WAN () #template: #------------------------------------------------------------------------- #template: { #template: ssh_remote_server="$RemoteHost" #template: ssh_remote_port="$RemotePort" #template: case "$RemoteFqdn" in #template: -) #template: ;; #template: *) #template: echo -n "Checking local availability of $RemoteHost ..." #template: if ! ping -c 1 $RemoteHost > /dev/null 2>&1 ; then #template: ssh_remote_server="$RemoteFqdn" #template: ssh_remote_port="$RemoteFqdnPort" #template: echo "........Not responding" #template: echo -n "Connect to $RemoteUser@$RemoteFqdn -p $RemoteFqdnPort is tried instead ..." #template: if ! ping -c 1 $RemoteFqdn > /dev/null 2>&1 ; then #template: echo "........Not responding either" #template: return 1 #template: else #template: echo "..OK" #template: fi #template: else #template: echo "..OK" #template: fi #template: esac #template: } #template: #------------------------------------------------------------------------- #template: CHECK_LOCAL_IP () #template: #------------------------------------------------------------------------- #template: { #template: case "$RemoteIp" in #template: -) #template: ;; #template: [0-9]*) #template: if ! cat /etc/hosts | grep -v "^#" | grep -qw "$RemoteHost" ; then #template: case `whoami` in #template: root) #template: echo "$RemoteIp $RemoteHost" >> /etc/hosts #template: echo "$RemoteIp $RemoteHost has been added to /etc/hosts" #template: ;; #template: *) #template: echo "$RemoteIp $RemoteHost is not found in to /etc/hosts, consider $0 --help as root to add it" #template: exit 1 #template: ;; #template: esac #template: fi #template: ;; #template: esac #template: } #template: #------------------------------------------------------------------------- #template: #------------------------------------------------------------------------- #template: CHECK_LOCAL_IP #template: Parameters="$*" #template: Command="$1" #template: shift #template: case "$Command" in #template: #------------------------------------------------------------------------- #template: -h|help|--help) #template: $MyScriptName --version #template: echo "Syntax of $MyScriptName command #template: Missing parameters are prompted #template: #template: $MyScriptName -h|help|--help #template: Print this documentation #template: #template: $MyScriptName #template: Connect to ssh $RemoteUser@$RemoteHost -p $RemotePort #template: #template: $MyScriptName command #template: Execute command to ssh $RemoteUser@$RemoteHost -p $RemotePort command #template: " #template: case "$RemoteFqdn" in #template: -) #template: ;; #template: *) #template: echo "If $RemoteHost doesn't respond to ping, $RemoteUser@$RemoteFqdn -p $RemoteFqdnPort will be tried instead" #template: ;; #template: esac #template: echo " #template: Other options: #template: -------------- #template: $MyScriptName -c|check|--check #template: Check password-less connection effectiveness, print ok or failure #template: #template: $MyScriptName -cv|check_verbose|--check_verbose #template: Check password-less connection effectiveness, configuration and print messages #template: #template: $MyScriptName -cvv|check_very_verbose|--check_very_verbose #template: Check password-less connection effectiveness, configuration and print debug messages #template: #template: $MyScriptName -d|delete|--delete #template: Delete $MyScriptName if remote server is not reachable #template: #template: $MyScriptName -df|delete-force|--delete-force #template: Delete $MyScriptName #template: #template: $MyScriptName -k|keys|--keys #template: Exchange keys for password-less connection to $RemoteUser account #template: #template: $MyScriptName -kr|keys-root|--keys-root #template: Exchange keys for password-less connection to root account #template: #template: $MyScriptName -p|parameters|--parameters [scp | ssh | user | port | password [password_string]] #template: Print configuration, ssh or scp appropriate command or just connection id #template: #template: $MyScriptName -pw|password|--password [password_string] #template: Print or set password #template: #template: $MyScriptName -r|root|--root #template: Connect to ssh root@$RemoteHost -p $RemotePort or alternate remote target #template: #template: $MyScriptName -s|status|--status #template: List all active connections and tunnels #template: #template: $MyScriptName -t|tunnel|--tunnel local_port [remote_port [remote_ip [L|R]]] #template: Establish a tunnel (L direct, R reverse) from port local_port to remote_ip:remote_port over connection $RemoteUser@$RemoteHost port $RemotePort #template: #template: $MyScriptName -t|tunnel|--tunnel tunnel_name local_port [remote_port [remote_ip [L|R|other_options]]] #template: Register a new tunnel (L direct, R reverse). Missing parameters are prompted (requires root priviledge) #template: #template: $MyScriptName -t|tunnel|--tunnel tunnel_name #template: Establish a pre-registered tunnel in foreground #template: #template: $MyScriptName -ta|auto|--auto tunnel_name #template: Establish a tunnel permanently in background, watch and restart in root crontab #template: #template: $MyScriptName -tb|background|--background local_port [remote_port [remote_ip [L|R]]] #template: Establish a tunnel in background (L direct, R reverse) from port local_port to remote_ip:remote_port over connection $RemoteUser@$RemoteHost port $RemotePort #template: #template: $MyScriptName -tb|background|--background tunnel_name #template: Establish a pre-registered tunnel in background #template: #template: $MyScriptName -tc|close|--close tunnel_name #template: cancels a pre-registered tunnel active, and deletes its automation in crontab #template: #template: $MyScriptName -u|update|--update #template: Update $MyScriptName program by SSH --refurbish $MyScriptName #template: #template: $MyScriptName -v|version|--version #template: Print version of $MyScriptName command #template: #template: =========================================== #template: Current private keys #template: `for key in ~/.ssh/id_*; do ssh-keygen -l -f $key ; done | uniq` #template: #template: To generate a new local key #template: ssh-keygen -t ed25519 [best) or #template: ssh-keygen -t rsa #template: #template: =========================================== #template: installation #template: =========================================== #template: This command is generated by SSH script. #template: cd /usr/local/bin ; wget http://download.sisalp.net/scripts/SSH ; chmod 755 SSH ; SSH --help ; #template: #template: =========================================== #template: Examples: #template: =========================================== #template: Distant: name of a distant server protected by a firewall #template: $RemoteHost: name of a trusted server in the middle, #template: $RemoteHost is at $RemoteFqdn and listens port $RemotePort, natted from $RemoteFqdnPort #template: #template: Open the Distant server to a trusted server #template: =========================================== #template: #template: Open a reverse tunnel from the Distant server to $RemoteFqdn trusted server #template: #template: On the Distant server: #template: Get SSH #template: Create the $MyScriptName command and connect once to $RemoteFqdn and exit #template: Exchange keys: $MyScriptName --keys #template: Register the tunnel named $MyScriptName #template: $MyScriptName --tunnel $MyScriptName 22222 22 localhost R #template: Open the tunnel permanently: #template: $MyScriptName --auto $MyScriptName #template: After next crontab activation, the tunnel is open. #template: Check with $MyScriptName --status #template: #template: Connect to the Distant server through the trusted server #template: ======================================================== #template: #template: On Desktop, connect to $MyScriptName trusted server #template: ssh $RemoteUser@$RemoteFqdn -p $RemoteFqdnPort #template: or create $MyScriptName SSH command to connect to $RemoteFqdn trusted server easily #template: #template: on $RemoteFqdn trusted server: #template: ssh root@localhost -p 22222 #template: or create Distant SSH command on $MyScriptName trusted server to connect to Distant easily #template: #template: To skip password authentification, copy public key to a server #template: ============================================================== #template: When a command is created by SSH, the --keys option prompts for the password once and copies keys. #template: #template: ===============================================" #template: echo "" #template: ;; #template: #------------------------------------------------------------------------- #template: -c|check|--check) #template: CHECK_LAN_OR_WAN > /dev/null #template: if ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port ls > /dev/null ; then #template: echo "ok" #template: exit 0 #template: else #template: echo "failure" #template: exit 1 #template: fi #template: ;; #template: #------------------------------------------------------------------------- #template: -cv|check_verbose|--check_verbose) #template: echo "connection parameters in $ScriptConf" #template: cat $ScriptConf #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: CHECK_LAN_OR_WAN #template: echo "Connect to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port and list home directory" #template: if ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port ls ; then #template: echo "ssh return code : ok" #template: echo "Closed connection to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: exit 0 #template: else #template: echo "ssh return code : failure" #template: echo "Closed connection to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: exit 1 #template: fi #template: ;; #template: #------------------------------------------------------------------------- #template: -cvv|check_very_verbose|--check_very_verbose) #template: echo "connection parameters" #template: cat $ScriptConf #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: CHECK_LAN_OR_WAN #template: echo "Connect to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port and list home directory" #template: if ssh -vvv $RemoteUser@$ssh_remote_server -p $ssh_remote_port ls ; then #template: echo "ssh return code : ok" #template: echo "Closed connection to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: exit 0 #template: else #template: echo "ssh return code : failure" #template: echo "Closed connection to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: exit 1 #template: fi #template: ;; #template: #------------------------------------------------------------------------- #template: -d|delete|--delete|-df|delete-force|--delete-force) #template: #------------------------------------------------------------------------- #template: DELETE () #template: #------------------------------------------------------------------------- #template: { #template: case `whoami` in #template: root) #template: echo "rm $0" #template: rm $0 #template: echo "rm -f /usr/local/etc/SSH/$MyScriptName.conf" #template: rm -f /usr/local/etc/SSH/$MyScriptName.conf #template: ;; #template: *) #template: echo "Failed to delete $0, you must be root, trying sudo" #template: sudo $0 $Parameters #template: ;; #template: esac #template: } #template: #------------------------------------------------------------------------- #template: case "$Command" in #template: -df|*-force) #template: echo "$0 is deleted" #template: DELETE #template: ;; #template: *) #template: if ! CHECK_LAN_OR_WAN ; then #template: echo "Failed to reach remote server, $0 is deleted" #template: DELETE #template: else #template: echo "Succeeded in reaching remote server, $0 is not deleted" #template: fi #template: ;; #template: esac #template: ;; #template: #------------------------------------------------------------------------- #template: -k|keys|--keys|-kr|keys-root|--keys-root) #template: echo "Command keys $Command" #template: cd #template: if ! expect -v > /dev/null 2>&1 ; then #template: echo "programme expect must be installed : apt-get install expect; nothing done" #template: exit 1 #template: fi #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: case "$Command" in #template: -kr|keys-root|--keys-root) #template: remote_user="root" #template: ;; #template: *) #template: remote_user="$RemoteUser" #template: ;; #template: esac #template: #ssh-copy-id -i .ssh/id_ed25519.pub $remote_user@IP_SERVEUR_B #template: if [ -f .ssh/id_ed25519.pub ] ; then #template: key="id_ed25519.pub" #template: else #template: echo "SSH ed25519 generation" #template: if ssh-keygen -t ed25519 -N "" -f $HOME/.ssh/id_ed25519 ; then #template: echo "Generated ed25519 key" #template: key="id_ed25519.pub" #template: else #template: echo "Failed to create ed25519 key, trying ecdsa" #template: if [ -f $HOME/.ssh/id_ecdsa.pub ] ; then #template: key="id_ecdsa.pub" #template: else #template: echo "SSH ecdsa generation" #template: if ssh-keygen -t ecdsa -N "" -f $HOME/.ssh/id_ecdsa ; then #template: echo "Generated ecdsa key" #template: key="id_ecdsa.pub" #template: else #template: echo "Failed to create ecdsa key, trying RSA" #template: if [ -f $HOME/.ssh/id_rsa.pub ] ; then #template: key="id_rsa.pub" #template: else #template: echo "SSH rsa generation" #template: if ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa ; then #template: echo "Generated RSA key" #template: key="id_rsa.pub" #template: else #template: echo "Failed to create RSA key" #template: exit 1 #template: fi #template: fi #template: fi #template: fi #template: fi #template: fi #template: echo "Key is $key" #template: CHECK_LAN_OR_WAN #template: if [ -z "$RemotePassword" ] ; then #template: echo -n "Provide once $remote_user@$ssh_remote_server -p $ssh_remote_port password : " #template: read -s remote_password #template: else #template: remote_password="$RemotePassword" #template: fi #template: echo "controle de l existence du repertoire .ssh sur la cible" #template: expect -c "set timeout -1;\ #template: spawn ssh $remote_user@$ssh_remote_server -p $ssh_remote_port \"mkdir .ssh > /dev/null 2>&1\";\ #template: expect *password:*;\ #template: send -- $remote_password\r;\ #template: interact;" #template: #ssh $remote_user@$ssh_remote_server -p $ssh_remote_port "mkdir .ssh > /dev/null 2>&1" #template: echo "scp -P $ssh_remote_port $HOME/.ssh/$key $remote_user@$ssh_remote_server:/tmp/SSH.$RemoteUser.$HostName.key.pub" #template: expect -c "set timeout -1;\ #template: spawn scp -P $ssh_remote_port $HOME/.ssh/$key $remote_user@$ssh_remote_server:/tmp/SSH.$remote_user.$HostName.key.pub;expect *password:*;\ #template: send -- $remote_password\r;\ #template: interact;" #template: #scp -P $ssh_remote_port $HOME/.ssh/$key $remote_user@$ssh_remote_server:/tmp/SSH.$remote_user.$HostName.key.pub #template: echo "ssh $remote_user@$ssh_remote_server -p $ssh_remote_port cat /tmp/SSH.$remote_user.$HostName.key.pub >> .ssh/authorized_keys" #template: expect -c "set timeout -1;\ #template: spawn ssh $remote_user@$ssh_remote_server -p $ssh_remote_port \"cat /tmp/SSH.$remote_user.$HostName.key.pub >> .ssh/authorized_keys\";expect *password:*;\ #template: send -- $remote_password\r;\ #template: interact;" #template: #ssh $remote_user@$ssh_remote_server -p $ssh_remote_port \"cat /tmp/SSH.$remote_user.$HostName.key.pub >> .ssh/authorized_keys\" #template: echo "`whoami` can connect now to $remote_user @ $ssh_remote_server without password" #template: ;; #template: #------------------------------------------------------------------------- #template: -p|parameters|--parameters) #template: CHECK_LAN_OR_WAN > /dev/null 2>&1 #template: param_name="$1" #template: shift #template: case "$param_name" in #template: scp) #template: echo "scp -r -P $ssh_remote_port $RemoteUser@$ssh_remote_server" #template: ;; #template: user) #template: echo "$RemoteUser@$ssh_remote_server" #template: ;; #template: port) #template: echo "$ssh_remote_port" #template: ;; #template: password) #template: $0 --password $* #template: ;; #template: ssh) #template: echo "ssh -p $ssh_remote_port $RemoteUser@$ssh_remote_server" #template: ;; #template: *) #template: cat $ScriptConf #template: ;; #template: esac #template: ;; #template: #------------------------------------------------------------------------- #template: -pw|password|--password) #template: newpassword="$1" #template: if [ -z "$newpassword" ] && [ -z "$RemotePassword" ] ; then #template: echo "Password for $RemoteUser on remote server is not set" #template: else #template: if [ -z "$newpassword" ] ; then #template: echo "RemotePassword=\"$RemotePassword\"" #template: else #template: case `whoami` in #template: root) #template: echo "RemotePassword=\"$newpassword\"" >> $ScriptConf #template: echo "Password is set in configuration" #template: ;; #template: *) #template: echo "you must be root to set remote password, trying sudo" #template: sudo $0 $Parameters #template: ;; #template: esac #template: fi #template: fi #template: ;; #template: #------------------------------------------------------------------------- #template: -r|root|--root) #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: CHECK_LAN_OR_WAN #template: echo "Connect to ssh root@$ssh_remote_server -p $ssh_remote_port" #template: ssh root@$ssh_remote_server -p $ssh_remote_port #template: ;; #template: #------------------------------------------------------------------------- #template: -s|status|--status) #template: WorkingProcesses=`ps axo pid,cmd` #template: if echo "$WorkingProcesses" | grep -q "ssh " ; then #template: echo "List of open ssh connections" #template: echo "============================" #template: echo "$WorkingProcesses" | grep "ssh " #template: else #template: echo "No open ssh connection is detected" #template: fi #template: ;; #template: #------------------------------------------------------------------------- #template: -t|tunnel|--tunnel|-ta|auto|--auto|-tb|background|--background|-tc|close|--close) #template: Background="" #template: case "$Command" in #template: -ta|auto|--auto) #template: CHECK_GET_NOT_EMPTY "Tunnel name" $1 #template: TunnelName=`echo "$Result" | iconv -f utf-8 -t US-ASCII//TRANSLIT | sed s/" "/_/g | sed s/\'/_/g | tr '[:upper:]' '[:lower:]'` #template: case "$TunnelName" in #template: [1-9][0-9]*) #template: echo "Only registrered tunnel names can be automated" #template: exit 1 #template: ;; #template: esac #template: if ! crontab -l | grep -v "^#" | grep "$MyScriptName background $TunnelName" ; then #template: crontab -l > /tmp/crontab_$$.txt #template: echo "*/12 * * * * $MyScriptName background $TunnelName >> /tmp/$MyScriptName.log 2>&1" >> /tmp/crontab_$$.txt #template: crontab /tmp/crontab_$$.txt #template: rm /tmp/crontab_$$.txt #template: else #template: echo "$DATE| Tunnel $TunnelName is already activated by crontab of `whoami`" #template: fi #template: exit 0 #template: ;; #template: -tc|cloe|--close) #template: CHECK_GET_NOT_EMPTY "Tunnel name" $1 #template: TunnelName=`echo "$Result" | iconv -f utf-8 -t US-ASCII//TRANSLIT | sed s/" "/_/g | sed s/\'/_/g | tr '[:upper:]' '[:lower:]'` #template: for tunnel in $Tunnels ; do #template: case "$tunnel" in #template: :$TunnelName:*) #template: TunnelLocalPort=`echo "$tunnel" | cut -d: -f3` #template: TunnelRemoteIP=`echo "$tunnel" | cut -d: -f4` #template: TunnelRemotePort=`echo "$tunnel" | cut -d: -f5` #template: TunnelDirection=`echo "$tunnel" | cut -d: -f6` #template: if [ -z "$TunnelDirection" ] ; then #template: TunnelDirection="-L" #template: fi #template: tunnelisfound="found" #template: echo "Found" #template: break #template: ;; #template: esac #template: done #template: WorkingProcesses=`ps axo pid,cmd` #template: CHECK_LAN_OR_WAN #template: SshCommand="$TunnelDirection $TunnelLocalPort:$TunnelRemoteIP:$TunnelRemotePort $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: if echo "$WorkingProcesses" | grep -q "$SshCommand" ; then #template: echo "$DATE| Close a tunnel $TunnelName: $SshCommand" #template: TunnelPid=`echo "$WorkingProcesses" | grep "$SshCommand" | xargs | cut -d" " -f1` #template: kill -9 $TunnelPid #template: crontab -l | grep -v "$MyScriptName background $TunnelName" > /tmp/crontab_$$.txt #template: crontab /tmp/crontab_$$.txt #template: rm -f /tmp/crontab_$$.txt #template: #template: rm -f /tmp/$MyScriptName.$TunnelName.flag #template: echo "Tunnel $SshCommand is already active, kill -9 $TunnelPid to close it" #template: fi #template: exit 0 #template: ;; #template: -tb|background|--background) #template: Background="-f -N" #template: ;; #template: esac #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: CHECK_GET_NOT_EMPTY "Tunnel name or Local port" $1 #template: TunnelLocalPort="$Result" #template: TunnelName=`echo "$Result" | iconv -f utf-8 -t US-ASCII//TRANSLIT | sed s/" "/_/g | sed s/\'/_/g | tr '[:upper:]' '[:lower:]'` #template: shift #template: tunnelisfound="no" #template: case "$TunnelLocalPort" in #template: [1-9][0-9]*) #template: echo "$MyScriptName set tunnel" #template: CHECK_GET_DEFAULT "Remote port" $1 : $TunnelLocalPort #template: TunnelRemotePort="$Result" #template: shift #template: CHECK_GET_DEFAULT "Remote ip" $1 : localhost #template: TunnelRemoteIP="$Result" #template: shift #template: CHECK_GET_DEFAULT "Other options local-to-distant = L, distant-to-local = R" $* : L #template: TunnelDirection="$Result" #template: #tunnel is explicit #template: TunnelName="default" #template: tunnelisfound="found" #template: ;; #template: *) #template: echo -n "$MyScriptName search configured tunnel ..." #template: for tunnel in $Tunnels ; do #template: case "$tunnel" in #template: :$TunnelName:*) #template: TunnelLocalPort=`echo "$tunnel" | cut -d: -f3` #template: TunnelRemoteIP=`echo "$tunnel" | cut -d: -f4` #template: TunnelRemotePort=`echo "$tunnel" | cut -d: -f5` #template: TunnelDirection=`echo "$tunnel" | cut -d: -f6` #template: if [ -z "$TunnelDirection" ] ; then #template: TunnelDirection="L" #template: fi #template: tunnelisfound="found" #template: echo "Found" #template: break #template: ;; #template: esac #template: done #template: ;; #template: esac #template: case "$tunnelisfound" in #template: no) #template: case `whoami` in #template: root) #template: echo "Not Found" #template: echo "$MyScriptName declare new tunnel $TunnelName" #template: CHECK_GET_NOT_EMPTY "Local port" $1 #template: TunnelLocalPort="$Result" #template: shift #template: CHECK_GET_DEFAULT "Remote port" $1 : $TunnelLocalPort #template: TunnelRemotePort="$Result" #template: shift #template: CHECK_GET_DEFAULT "Remote ip" $1 : localhost #template: TunnelRemoteIP="$Result" #template: shift #template: CHECK_GET_DEFAULT "Other options local-to-distant = L, distant-to-local = R" $1 : L #template: TunnelDirection="$Result" #template: echo "Tunnels=\"\$Tunnels :$TunnelName:$TunnelLocalPort:$TunnelRemoteIP:$TunnelRemotePort:$TunnelDirection:\"" >> $ScriptConf #template: ;; #template: *) #template: echo "You must have root priviledge to declare a new tunnel, trying sudo" #template: sudo $0 $Parameters #template: ;; #template: esac #template: ;; #template: found) #template: WorkingProcesses=`ps axo pid,cmd` #template: CHECK_LAN_OR_WAN #template: SshCommand="$TunnelDirection $TunnelLocalPort:$TunnelRemoteIP:$TunnelRemotePort $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: if ! echo "$WorkingProcesses" | grep -q "$SshCommand" ; then #template: echo "$DATE| Open a tunnel ssh -v $Background -$SshCommand" #template: echo "ssh -v $Background -$SshCommand" > /tmp/$MyScriptName.$TunnelName.flag #template: ssh -v $Background -$SshCommand #template: echo "$DATE| Closed tunnel ssh -v $Background -$SshCommand" #template: rm -f /tmp/$MyScriptName.$TunnelName.flag #template: else #template: TunnelPid=`echo "$WorkingProcesses" | grep "$SshCommand" | xargs | cut -d" " -f1` #template: echo "Tunnel $SshCommand is already active, kill -9 $TunnelPid to close it" #template: fi #template: ;; #template: esac #template: ;; #template: #------------------------------------------------------------------------- #template: -u|update|--update) #template: case `whoami` in #template: root) #template: /usr/local/bin/SSH --refurbish $MyScriptName #template: ;; #template: *) #template: echo "You must be root to update, trying sudo" #template: sudo $0 $Parameters #template: ;; #template: esac #template: ;; #template: #------------------------------------------------------------------------- #template: -v|version|--version) #template: echo "$MyScriptName : version $CreationDate on $HostName generated by $Generator" #template: ;; #template: *) #template: #------------------------------------------------------------------------- #template: echo "$MyScriptName version $CreationDate on $HostName generated by $Generator" #template: CHECK_LAN_OR_WAN #template: echo "Connect to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port $Parameters" #template: ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port $Parameters #template: echo "Closed connection to ssh $RemoteUser@$ssh_remote_server -p $ssh_remote_port" #template: ;; #template: #------------------------------------------------------------------------- #template: esac #template: exit 0