#!/bin/bash # license gpl V2 # Author Dominique Chabord SISalp # dominique.chabord@sisalp.org # http://sisalp.fr ##-L # This program is Free Software; you can redistribute it and/or ##-L # modify it under the terms of the GNU General Public License ##-L # as published by the Free Software Foundation; either version 2 ##-L # of the License, or (at your option) any later version. ##-L # ##-L # This program is distributed in the hope that it will be useful, ##-L # but WITHOUT ANY WARRANTY; without even the implied warranty of ##-L # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ##-L # GNU General Public License for more details. ##-L # ##-L # You should have received a copy of the GNU General Public License ##-L # along with this program; if not, write to the Free Software ##-L # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. XKEY_VERSION="xkey version 21 apr 2012-rev 4" #------------------------------------------------------------------------- CHECK_GET_NOT_EMPTY () #------------------------------------------------------------------------- { QUESTION="$1" shift RESULT="$*" if [ -z "$RESULT" ] ; then echo -n "$QUESTION : " read RESULT if [ -z "$RESULT" ] ; then echo "$QUESTION is mandatory" exit 1 fi fi } #------------------------------------------------------------------------- CHECK_GET_DEFAULT () #------------------------------------------------------------------------- { QUESTION="$1" shift RESULT="$1" shift if [ "${RESULT}" = ":" ] ; then RESULT="" else shift fi default_result="$*" if [ -z "$RESULT" ] ; then echo -n "$QUESTION, default is <$default_result> : " read RESULT fi case "$RESULT" in Y|y|o|O) echo "$QUESTION is set to default value $default_result" RESULT="$default_result" ;; esac if [ -z "$RESULT" ] ; then echo "$QUESTION is set to default value $default_result" RESULT="$default_result" fi } #------------------------------------------------------------------------- AUTO_CREATE_SHORTCUTS () { # cd ~ config_list="" if [ -f /usr/local/etc/xkey/xkey.conf ] ; then config_list="/usr/local/etc/xkey/xkey.conf" fi if [ -f .xkey.conf ] ; then config_list="$config_list .xkey.conf " fi if [ -f .xkey.conf ] || [ -f /usr/local/etc/xkey/xkey.conf ] ; then SHORTCUT_CONF=`cat $config_list | grep -v "#" | grep "^shortcut:" | sed 's/\t\t\t\t/\t/g'| sed 's/\t\t\t/\t/g'| sed 's/\t\t/\t/g'` #echo "$LINENO| Create shortcuts from configuration" SHORTCUTS_LIST=`echo "$SHORTCUT_CONF" | grep "^shortcut:" | cut -d: -f2` echo -n "Generating shortcuts.." for shortcut in $SHORTCUTS_LIST ; do SHORTCUT_LINE=`echo "$SHORTCUT_CONF" | grep "^shortcut:$shortcut:"` SHORTCUT_DIR=`echo "$SHORTCUT_LINE" | cut -f2` SHORTCUT_ICON=`echo "$SHORTCUT_LINE" | cut -f3` SHORTCUT_EXEC=`echo "$SHORTCUT_LINE" | cut -f4-` case "$SHORTCUT_DIR" in -|'~') SHORTCUT_DIR="" SHORTCUT_FILE="$HOME/$shortcut.desktop" ;; '~'/*) SHORTCUT_DIR=`echo "$SHORTCUT_DIR" | cut -d"/" -f2-` SHORTCUT_FILE="$HOME/$SHORTCUT_DIR/$shortcut.desktop" ;; /*) SHORTCUT_FILE="$SHORTCUT_DIR/$shortcut.desktop" ;; *) SHORTCUT_FILE="$HOME/$SHORTCUT_DIR/$shortcut.desktop" ;; esac case "$SHORTCUT_ICON" in -) ICON_LINE="Icon=gnome-panel-launcher" ;; *) ICON_LINE="Icon=$SHORTCUT_ICON" ;; esac if [ -e "~/$shortcut" ] ; then rm -f ~/$shortcut fi echo "#!/usr/bin/env xdg-open [Desktop Entry] Version=1.0 Type=Application Terminal=true Exec=$SHORTCUT_EXEC Name=$shortcut $ICON_LINE " > $SHORTCUT_FILE chmod 755 $SHORTCUT_FILE #echo "$LINENO| creating shortcut $shortcut to execute $SHORTCUT_EXEC in $SHORTCUT_FILE" echo -n " $shortcut " done echo " ..done" fi } #------------------------------------------------------------------------- COMMAND="$1" case "$COMMAND" in -v|--version) echo "$XKEY_VERSION" ;; -l|--list) cd /usr/local/bin echo "list of commands generated by xkey in /etc/local/bin" echo "----------------------------------" for xkey_command in `ls` ; do case "$xkey_command" in xkey) ;; *) if [ -f $xkey_command ] ; then if cat $xkey_command | grep -q "This file has been generated automatically by xkey" ; then ls -lh $xkey_command $xkey_command --version >> /tmp/xkey.versions.$$.txt fi fi ;; esac done if [ -e /tmp/xkey.versions.$$.txt ] ; then echo "versions" echo "----------------------------------" cat /tmp/xkey.versions.$$.txt rm -f /tmp/xkey.versions.$$.txt fi if [ -e /usr/local/etc/xkey/xkey.conf ] ; then echo "list of /usr/local/etc/xkey/xkey.conf" echo "----------------------------------" cat /usr/local/etc/xkey/xkey.conf fi if [ -e ~/.xkey.conf ] ; then echo "list of ~/.xkey.conf" echo "----------------------------------" cat ~/.xkey.conf fi ;; -u|--update) case `whoami` in root) source="http://download.sisalp.net/scripts/xkey" if [ ! -z "$2" ] ; then source="$2" fi cd /usr/local/bin rm xkey wget -q $source -O xkey chmod 755 xkey $0 --version ;; *) echo "You must have root priviledge for --update, trying sudo" sudo $0 $* ;; esac ;; -a|--auto) case `whoami` in root) #------------------------------------------------------------------------- #------------------------------------------------------------------------- AUTO_CREATE_COMMANDS () { SERVER_CONF=`cat /usr/local/etc/xkey/xkey.conf | grep -v "#" | sed 's/\t\t\t\t/\t/g'| sed 's/\t\t\t/\t/g'| sed 's/\t\t/\t/g'` #echo "$LINENO| Create commands from configuration" SERVER_LIST=`echo "$SERVER_CONF" | grep "^server:" | cut -d: -f2` echo -n "Generating commands.." for server in $SERVER_LIST ; do SERVER_LINE=`echo "$SERVER_CONF" | grep "^server:$server:"` parameters=`echo "$SERVER_LINE" | cut -f2-` user=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f2` server_domain=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f3` port=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f4` ip_address=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f5` alternate_domain=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f6` alternate_port=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f7` if [ -e /usr/local/bin/$server ] ; then #echo "$LINENO| previous version of /usr/local/bin/$server is deleted" rm -f /usr/local/bin/$server fi #echo "$LINENO| $0 --command $user $server_domain $port $ip_address $server" #$0 --command $server $user $server_domain $port $ip_address $alternate_domain $alternate_port > /dev/null $0 --command $server $parameters - #echo -n " $server " done echo " ..done" } #------------------------------------------------------------------------- AUTO_CREATE_TUNNELS () { TUNNEL_CONF=`cat /usr/local/etc/xkey/xkey.conf | grep -v "#" | sed 's/\t\t\t\t/\t/g'| sed 's/\t\t\t/\t/g'| sed 's/\t\t/\t/g'` #echo "$LINENO| Create tunnels from local configuration" TUNNEL_LIST=`echo "$TUNNEL_CONF" | grep "^tunnel:" | cut -d: -f2` echo -n "Generating tunnelers.." for tunnel in $TUNNEL_LIST ; do TUNNEL_LINE=`echo "$TUNNEL_CONF" | grep "^tunnel:$tunnel:"` parameters=`echo "$TUNNEL_LINE" | cut -f2-` local_port=`echo "$TUNNEL_LINE" | cut -f6` remote_ip=`echo "$TUNNEL_LINE" | cut -f8` remote_port=`echo "$TUNNEL_LINE" | cut -f7` user=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f2` server_domain=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f3` port=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f4` ip_address=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f5` alternate_domain=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f6` alternate_port=`echo "$SERVER_CONF" | grep "^server:$server:" | cut -f7` COM_SCRIPT=`echo "$tunnel" | cut -f9` if [ -e /usr/local/bin/$COM_SCRIPT ] ; then #echo "$LINENO| previous version of /usr/local/bin/$COM_SCRIPT is deleted" rm -f /usr/local/bin/$COM_SCRIPT fi #echo "$LINENO| $0 --tunnel local_port remote_ip remote_port $REMOTE_USER $REMOTE_HOST $CONNECT_PORT $LOCAL_PORT $REMOTE_PORT $REMOTE_IP $IP_HOST $COM_SCRIPT" #$0 --tunnel $tunnel $local_port $remote_ip $remote_port $user $server_domain $port $ip_address $alternate_domain $alternate_port $0 --tunnel $tunnel $parameters - #$REMOTE_USER $REMOTE_HOST $CONNECT_PORT $LOCAL_PORT $REMOTE_PORT $REMOTE_IP $IP_HOST $COM_SCRIPT #echo -n " $tunnel " done echo " ..done" } #------------------------------------------------------------------------- if [ -f /usr/local/etc/xkey/xkey.conf ] ; then #echo "AUTO_CREATE_COMMANDS" AUTO_CREATE_COMMANDS #echo "AUTO_CREATE_TUNNELS" AUTO_CREATE_TUNNELS else echo "$LINENO|/usr/local/etc/xkey/xkey.conf is not found" exit 1 fi #echo "$LINENO| xkey commands are generated" ;; *) echo "You must have root priviledge for $COMMAND for creating new access/tunnelling commands, trying sudo" sudo $0 $* #echo "AUTO_CREATE_SHORTCUTS" AUTO_CREATE_SHORTCUTS echo "======================================" ;; esac ;; -c|--command|--command-nosave) case `whoami` in root) GET_PARAMETERS () { CHECK_GET_NOT_EMPTY "Remote user" $2 REMOTE_USER="$RESULT" CHECK_GET_NOT_EMPTY "Remote host name" $3 REMOTE_HOST="$RESULT" CHECK_GET_DEFAULT "Connection port" $4 : 22 CONNECT_PORT="$RESULT" case "$REMOTE_HOST" in [0-9]*) IP_HOST="-" ;; *) CHECK_GET_DEFAULT "IP address for a host when on the local network, else dns resolution" $5 : - IP_HOST="$RESULT" ;; esac REMOTE_FQDN="-" REMOTE_FQDN_PORT="22" case "$IP_HOST" in -) ;; [0-9]*) CHECK_GET_DEFAULT "Alternate url for dns resolution if $IP_HOST is not reachable" $6 : - REMOTE_FQDN="$RESULT" case "$REMOTE_FQDN" in -) ;; *) CHECK_GET_DEFAULT "Remote port for connecting to alternate url $REMOTE_FQDN" $7 : 22 REMOTE_FQDN_PORT="$RESULT" ;; esac ;; esac HOST_DEFAULT_NAME=`echo "$REMOTE_HOST" | cut -d. -f1` HOST_DEFAULT_DOMAIN=`echo "$REMOTE_HOST" | cut -d. -f2-` if [ -e "/usr/local/bin/$HOST_DEFAULT_NAME" ] ; then CHECK_GET_NOT_EMPTY "Command name" $1 else CHECK_GET_DEFAULT "Command name" $1 : $HOST_DEFAULT_NAME fi COM_SCRIPT="$RESULT" } shift GET_PARAMETERS $* if [ -e "/usr/local/bin/$COM_SCRIPT" ] ; then echo "File /usr/local/bin/$COM_SCRIPT already exists" else if $COM_SCRIPT > /dev/null 2>&1 ; then echo "Command should not have the name of another valid unix command" exit 1 fi echo "#! /bin/bash # This file has been generated automatically by $XKEY_VERSION # on `date` on $HOSTNAME # xkey is available at http://download.sisalp.net/xkey #------------------------------------------------------------------------- CHECK_GET_NOT_EMPTY () #------------------------------------------------------------------------- { QUESTION=\"\$1\" shift RESULT=\"\$*\" if [ -z \"\$RESULT\" ] ; then echo -n \"\$QUESTION : \" read RESULT if [ -z \"\$RESULT\" ] ; then echo \"\$LINENO \$QUESTION is mandatory\" exit 1 fi fi } #------------------------------------------------------------------------- CHECK_GET_DEFAULT () #------------------------------------------------------------------------- { QUESTION=\"\$1\" shift RESULT=\"\$1\" shift if [ \"\${RESULT}\" = \":\" ] ; then RESULT=\"\" else shift fi default_result=\"\$*\" if [ -z \"\$RESULT\" ] ; then echo -n \"\$LINENO| \$QUESTION, default is <\$default_result> : \" read RESULT fi case \"\$RESULT\" in Y|y|o|O) echo \"\$LINENO| \$QUESTION is set to default value \$default_result\" RESULT=\"\$default_result\" ;; esac if [ -z \"\$RESULT\" ] ; then echo -cv \"\$LINENO| \$QUESTION is set to default value \$default_result\" RESULT=\"\$default_result\" fi } #------------------------------------------------------------------------- CHECK_LAN_OR_WAN () #------------------------------------------------------------------------- { remote_server=\"$REMOTE_HOST\" remote_port=\"$CONNECT_PORT\" case $REMOTE_FQDN in -) ;; *) echo -n \"Checking local availability of $REMOTE_HOST...\" if ! ping -c 1 $REMOTE_HOST > /dev/null 2>&1 ; then remote_server=\"$REMOTE_FQDN\" remote_port=\"$REMOTE_FQDN_PORT\" echo \"........Not responding\" echo \"Connect to $REMOTE_USER@$REMOTE_FQDN -p $REMOTE_FQDN_PORT is tried instead\" else echo \".OK\" fi esac } #------------------------------------------------------------------------- case \"\$1\" in -h|help|--help) $COM_SCRIPT --version echo \"Syntax of $COM_SCRIPT command $COM_SCRIPT -h|help|--help Print this documentation $COM_SCRIPT Connect to ssh $REMOTE_USER@$REMOTE_HOST -p $CONNECT_PORT $COM_SCRIPT -k|--keys Exchange keys for password-less connection to $REMOTE_USER account $COM_SCRIPT -kr|--keys-root Exchange keys for password-less connection to root account $COM_SCRIPT -r|--root Connect to ssh root@$REMOTE_HOST -p $CONNECT_PORT $COM_SCRIPT -t|--tunnel|tunnel [local_port [remote_port [remote_ip]]] Create a tunnel from port local_port to remote_ip:remote_port on connection $REMOTE_USER@$REMOTE_HOST port $CONNECT_PORT $COM_SCRIPT -v|--version|version Print version of $COM_SCRIPT command\" case \"$REMOTE_FQDN\" in -) ;; *) echo \"if $REMOTE_HOST doesn't respond to ping, $REMOTE_USER@$REMOTE_FQDN -p $REMOTE_FQDN_PORT will be tried instead\" ;; esac echo \"\" ;; -k|--keys|-kr|--keys-root) if ! expect -v > /dev/null 2>&1 ; then echo \"programme expect must be installed : apt-get install expect; nothing done\" exit 1 fi echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" case \"\$1\" in -kr|--keys-root) remote_user=\"root\" ;; *) remote_user=\"$REMOTE_USER\" ;; esac if [ ! -f \$HOME/.ssh/id_rsa.pub ] then echo \"SSH configuration\" ssh-keygen -t rsa -N \"\" -f \$HOME/.ssh/id_rsa echo \"Generation of the key done\" fi CHECK_LAN_OR_WAN echo -n \"\$remote_user@$REMOTE_HOST s password : \" read -s remote_password echo \"controle de l existence du repertoire .ssh sur la cible\" expect -c \"set timeout -1;\\ spawn ssh \$remote_user@\$remote_server -p \$remote_port \\\"mkdir .ssh > /dev/null 2>&1\\\";\\ expect *password:*;\\ send -- \$remote_password\\r;\\ interact;\" #ssh \$remote_user@\$remote_server -p \$remote_port \"mkdir .ssh > /dev/null 2>&1\" echo \"scp -P \$remote_port \$HOME/.ssh/id_rsa.pub \$remote_user@\$remote_server:/tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub\" expect -c \"set timeout -1;\\ spawn scp -P \$remote_port \$HOME/.ssh/id_rsa.pub \$remote_user@\$remote_server:/tmp/xkey.\$remote_user.$HOSTNAME.key.pub;\ expect *password:*;\\ send -- \$remote_password\\r;\\ interact;\" #scp -P \$remote_port \$HOME/.ssh/id_rsa.pub \$remote_user@\$remote_server:/tmp/xkey.\$remote_user.$HOSTNAME.key.pub echo \"ssh \$remote_user@\$remote_server -p \$remote_port cat /tmp/xkey.\$remote_user.$HOSTNAME.key.pub >> .ssh/authorized_keys\" expect -c \"set timeout -1;\\ spawn ssh \$remote_user@\$remote_server -p \$remote_port \\\"cat /tmp/xkey.\$remote_user.$HOSTNAME.key.pub >> .ssh/authorized_keys\\\";\ expect *password:*;\\ send -- \$remote_password\\r;\\ interact;\" #ssh \$remote_user@\$remote_server -p \$remote_port \\\"cat /tmp/xkey.\$remote_user.$HOSTNAME.key.pub >> .ssh/authorized_keys\\\" echo \"\`whoami\` can connect now to \$remote_user @ \$remote_server without password\" ;; -t|--tunnel|tunnel) echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" CHECK_LAN_OR_WAN CHECK_GET_NOT_EMPTY \"Local port\" \$2 LOCAL_PORT=\"\$RESULT\" CHECK_GET_DEFAULT \"Remote port\" \$3 : \$LOCAL_PORT REMOTE_PORT=\"\$RESULT\" CHECK_GET_DEFAULT \"Remote ip\" \$4 : localhost REMOTE_IP=\"\$RESULT\" echo \"Create a tunnel from port \$LOCAL_PORT to :\$REMOTE_IP:\$REMOTE_PORT on connection $REMOTE_USER@\$remote_server port \$remote_port\" ssh -L \$LOCAL_PORT:\$REMOTE_IP:\$REMOTE_PORT $REMOTE_USER@\$remote_server -p \$remote_port echo \"Closed tunnel from port \$LOCAL_PORT to :\$REMOTE_IP:\$REMOTE_PORT on connection $REMOTE_USER@\$remote_server port \$remote_port\" ;; -v|--version|version) echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" ;; -r|--root) echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" CHECK_LAN_OR_WAN echo \"Connect to ssh root@\$remote_server -p \$remote_port\" ssh root@\$remote_server -p \$remote_port ;; *) echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" CHECK_LAN_OR_WAN echo \"Connect to ssh $REMOTE_USER@\$remote_server -p \$remote_port\" ssh $REMOTE_USER@\$remote_server -p \$remote_port ;; esac exit 0" > /usr/local/bin/$COM_SCRIPT chmod 755 /usr/local/bin/$COM_SCRIPT $COM_SCRIPT --help case "$IP_HOST" in -) ;; [0-9]*) if cat /etc/hosts | grep -v "^#" | grep -q "$REMOTE_HOST" ; then echo "Remote host $REMOTE_HOST was already set in /etc/hosts, reset is done" TEMP_HOSTS=`cat /etc/hosts | grep -v "$REMOTE_HOST"` echo "$TEMP_HOSTS" > /etc/hosts fi echo "$IP_HOST $REMOTE_HOST" >> /etc/hosts ;; esac fi case "$COMMAND" in *-nosave) ;; *) if [ ! -d /usr/local/etc ] ; then mkdir /usr/local/etc fi if [ ! -d /usr/local/etc/xkey ] ; then mkdir /usr/local/etc/xkey fi if [ ! -f /usr/local/etc/xkey/xkey.conf ] || ! cat /usr/local/etc/xkey/xkey.conf | grep -q "^server:$COM_SCRIPT: " ; then #server:name: ssh_user ssh_ip_address ssh_port host_domain" echo "server:$COM_SCRIPT: $REMOTE_USER $REMOTE_HOST $CONNECT_PORT $IP_HOST $REMOTE_FQDN $REMOTE_FQDN_PORT " >> /usr/local/etc/xkey/xkey.conf fi ;; esac ;; *) echo "You must have root priviledge for $COMMAND, trying sudo" sudo $0 $* ;; esac ;; -s|--shortcuts) AUTO_CREATE_SHORTCUTS ;; -t|--tunnel|--tunnel-nosave) case `whoami` in root) shift CHECK_GET_NOT_EMPTY "Tunnel_name" $1 tunnel_name="$RESULT" shift CHECK_GET_NOT_EMPTY "Local port" $1 LOCAL_PORT="$RESULT" shift CHECK_GET_DEFAULT "Remote ip" $1 : localhost REMOTE_IP="$RESULT" shift CHECK_GET_DEFAULT "Remote port" $1 : $LOCAL_PORT REMOTE_PORT="$RESULT" shift GET_PARAMETERS $tunnel_name $* if [ -e "/usr/local/bin/$COM_SCRIPT" ] ; then echo "File /usr/local/bin/$COM_SCRIPT already exists" else if $COM_SCRIPT > /dev/null 2>&1 ; then echo "Command should not have the name of another valid unix command" exit 1 fi echo "#! /bin/bash case \"\$1\" in --help|-h) shift echo \"help on $COM_SCRIPT\" echo \"$COM_SCRIPT : establish a ssh tunnel to a remote server and start a local application\" echo \"Create a tunnel from port $LOCAL_PORT to $REMOTE_IP:$REMOTE_PORT on connection $REMOTE_USER@$REMOTE_HOST port $CONNECT_PORT\" echo \"and execute local command given in parameters\" echo \"usage : $COM_SCRIPT option|command_and_parameters\" echo \"==============================\" echo \"possible options are <--help, --version, --list>\" echo \"$COM_SCRIPT -h|--help\" echo \"$COM_SCRIPT -v|--version\" echo \"$COM_SCRIPT -l|--list\" case \"$REMOTE_FQDN\" in -) ;; *) echo \"if $REMOTE_HOST doesn't respond to ping, $REMOTE_USER@$REMOTE_FQDN -p $REMOTE_FQDN_PORT will be tried instead\" ;; esac echo \"\" ;; -v|--version) echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" shift ;; -l|--list) echo \"list of commands in /etc/local/bin\" echo \"---------------------------------\" ls -lh /usr/local/bin shift ;; *) #------------------------------------------------------------------------- CHECK_LAN_OR_WAN () #------------------------------------------------------------------------- { remote_server=\"$REMOTE_HOST\" remote_port=\"$CONNECT_PORT\" case \"$REMOTE_FQDN\" in -) ;; *) echo -n \"Checking local availability of $REMOTE_HOST...\" if ! ping -c 1 $REMOTE_HOST > /dev/null 2>&1 ; then remote_server=\"$REMOTE_FQDN\" remote_port=\"$REMOTE_FQDN_PORT\" echo \"........Not responding\" echo \"Connect to $REMOTE_USER@$REMOTE_FQDN -p $REMOTE_FQDN_PORT is tried instead\" else echo \".OK\" fi esac } #------------------------------------------------------------------------- if [ -z \"\$*\" ] ; then echo \"$COM_SCRIPT version `date` on `hostname` generated by `$0 --version`\" CHECK_LAN_OR_WAN echo \"Create a tunnel from port $LOCAL_PORT to $REMOTE_IP:$REMOTE_PORT on connection $REMOTE_USER@\$remote_server port \$remote_port\" ssh -L $LOCAL_PORT:$REMOTE_IP:$REMOTE_PORT $REMOTE_USER@\$remote_server -p \$remote_port echo \"Close tunnel from port $LOCAL_PORT to $REMOTE_IP:$REMOTE_PORT on connection $REMOTE_USER@\$remote_server port \$remote_port\" echo -n \"Press any key to exit\" read -n 1 echo \"\" else echo \"Start \$0 in a separate terminal\" gnome-terminal -e \$0 sleep 2 \$* fi ;; esac exit 0" > /usr/local/bin/$COM_SCRIPT chmod 755 /usr/local/bin/$COM_SCRIPT echo "New command is $COM_SCRIPT" case "$IP_HOST" in -) ;; [0-9]*) if cat /etc/hosts | grep -v "^#" | grep -q "$REMOTE_HOST" ; then echo "Remote host $REMOTE_HOST is already declared in /etc/hosts" else echo "$IP_HOST $REMOTE_HOST" >> /etc/hosts fi ;; esac fi case "$COMMAND" in *-nosave) ;; *) #tunnel:name: ssh_user remote_host_ssh_ip|- ssh_port remote_host_fqdn local_port remote_port remote_ip|localhost if [ ! -d /usr/local/etc ] ; then mkdir /usr/local/etc fi if [ ! -d /usr/local/etc/xkey ] ; then mkdir /usr/local/etc/xkey fi if [ ! -f /usr/local/etc/xkey/xkey.conf ] || ! cat /usr/local/etc/xkey/xkey.conf | grep -q "^tunnel:$COM_SCRIPT: " ; then echo "tunnel:$COM_SCRIPT: $LOCAL_PORT $REMOTE_PORT $REMOTE_IP $REMOTE_USER $REMOTE_HOST $CONNECT_PORT $IP_HOST $REMOTE_FQDN $REMOTE_FQDN_PORT" >> /usr/local/etc/xkey/xkey.conf fi ;; esac ;; *) echo "You must have root priviledge for $COMMAND, trying sudo" sudo $0 $* ;; esac ;; -k|--keys|-kr|--keys-root) case "$COMMAND" in -kr|--keys-root) REMOTE_USER="root" ;; *) CHECK_GET_NOT_EMPTY "Remote user" $2 REMOTE_USER="$RESULT" ;; esac if ! expect -v > /dev/null 2>&1 ; then echo "package expect must be installed : apt-get install expect; nothing done" exit 1 fi CHECK_GET_NOT_EMPTY "Remote host" $3 REMOTE_HOST="$RESULT" CHECK_GET_NOT_EMPTY "Connection port" $4 REMOTE_PORT="$RESULT" CHECK_GET_NOT_EMPTY "$REMOTE_USER@$REMOTE_HOST s password" $5 remote_password="$RESULT" if [ ! -f $HOME/.ssh/id_rsa.pub ] then echo "SSH configuration" ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa echo "Generation of the key done" fi echo "control that directory .ssh exists on remote host" expect -c "set timeout -1;\ spawn ssh $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT \"mkdir .ssh > /dev/null 2>&1\" ;\ expect *password:*;\ send -- $remote_password\r;\ interact;" #ssh $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT "mkdir .ssh > /dev/null 2>&1" #echo "scp -P $REMOTE_PORT $HOME/.ssh/id_rsa.pub $REMOTE_USER@$REMOTE_HOST:/tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub" echo "copy my public key to /tmp on remote host" expect -c "set timeout -1;\ spawn scp -P $REMOTE_PORT $HOME/.ssh/id_rsa.pub $REMOTE_USER@$REMOTE_HOST:/tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub ;\ expect *password:*;\ send -- $remote_password\r;\ interact;" #scp -P $REMOTE_PORT $HOME/.ssh/id_rsa.pub $REMOTE_USER@$REMOTE_HOST:/tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub echo "add my public key in the list of authorized keys on remote host" #echo "ssh $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT cat /tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub >> .ssh/authorized_keys" expect -c "set timeout -1;\ spawn ssh $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT \"cat /tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub >> .ssh/authorized_keys\" ;\ expect *password:*;\ send -- $remote_password\r;\ interact;" #ssh $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT "cat /tmp/xkey.$REMOTE_USER.$HOSTNAME.key.pub >> .ssh/authorized_keys" echo "`whoami` can connect now to $REMOTE_USER @ $REMOTE_HOST without password" ;; h|-h|--help|help|*) echo "xkey : exchange rsa keys and create shortcut commands for connecting and tunnelling" echo "xkey is designed for virtual machines which migrate over several hosts" echo "usage : xkey option parameters" echo "==============================" echo "possible options are :" echo "xkey -h|--help" echo " print this help" echo "xkey -l|--list" echo " print the list of commands in /usr/local/bin" echo "xkey -k|--keys [remote_user remote_host connection_port]" echo " exchange ssh key with remote host remote_user" echo "xkey -kr|--keys-root [remote_host connection_port]" echo " exchange ssh key with remote host root user" echo "xkey -c|--command [command_name remote_user remote_host connection_port [ip_address [alternate_fqdn [alternate_fqdn_port]]]]" echo " create a command for ssh login" echo "xkey -s|--shortcuts" echo " create a list of shortcuts according to /usr/local/etc/xkey/xkey.conf and ~/.xkey.conf configuration files" echo "xkey -t|--tunnel [command_name local_port remote_ip remote_port remote_user remote_host connection_port [ip_address [alternate_fqdn [alternate_fqdn_port]]]]" echo " create a command to open a ssh tunnel and start a local command" echo "xkey -a|--auto" echo " create a list of commands according to /usr/local/etc/xkey/xkey.conf configuration file" echo "xkey -u|--update" echo " download a fresh copy of this script" echo "xkey -v|--version" echo " print the version of this script" echo "==============================" echo "configuration :" echo "when used with option --auto, the file /usr/local/etc/xkey/xkey.conf is read" echo "/usr/local/etc/xkey/xkey.conf file is in the following format :" echo "format : server:name: ssh_user remote_host remote_ssh_port [ssh_ip_address alternate_fqdn alternate_ssh_port]" echo "format : tunnel:name: local_port remote_ip|localhost remote_port ssh_user remote_host remote_ssh_port [ssh_ip_address alternate_fqdn alternate_ssh_port] " echo "format : shortcut:name: /shortcut_directory|- /path_to_icon|- command_and_parameters" echo "when used with option --shortcut, the files /usr/local/etc/xkey/xkey.conf and ~/.xkey.conf are read" echo "~/.xkey.conf file is in the following format :" echo "format : shortcut:name: /shortcut_directory|- /path_to_icon|- command_and_parameters" echo "==============================" ;; esac exit 0