Last active
February 19, 2022 16:32
-
-
Save lebarde/4024154 to your computer and use it in GitHub Desktop.
Install-maintenance : setup a SSH tunnel (-R) to allow maintenance of unaccessible hosts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # SM (SSH Maintenance) v 1.0 | |
| # Script d'installation d'une clef ssh | |
| # Configuration pour créer un pont ssh (-R) automatiquement | |
| # afin de permettre un accès root sur la machine cible. | |
| # | |
| # Réalisé par Adrien poupin | |
| VERSION=1.0 | |
| # Define your own default vars | |
| DEFAULT_HOST=your-host.com | |
| DEFAULT_USER=user-maintenance | |
| DEFAULT_PORT=65500 | |
| # Error codes | |
| SSH_ERROR=10 | |
| BAD_PARAMS=11 | |
| print_title() | |
| { | |
| sleep 0.5 | |
| echo "\033[1;31m* $1\033[0m" | |
| } | |
| usage() | |
| { | |
| cat <<_USAGE | |
| Usage : `basename $0` [-i] | |
| -h Afficher cette aide. | |
| -t, --test-only | |
| Teste uniquement les connexions et affiche les comman- | |
| des à effectuer pour la mise en place d'un tunnel | |
| SSH. | |
| -i, --install | |
| Installation. Modification de ~/.ssh/config en local, | |
| de ~/.ssh/authorized_keys sur le serveur distnat, et | |
| ajout du script init. | |
| _USAGE | |
| } | |
| get_info() | |
| { | |
| print_title "Installation d'un pont SSH vers un serveur distant" | |
| echo -n "Hôte cible ($DEFAULT_HOST) : " | |
| read HOST | |
| [ -z "$HOST" ] && HOST=$DEFAULT_HOST | |
| echo -n "Utilisateur ($DEFAULT_USER) : " | |
| read USER | |
| [ -z "$USER" ] && USER=$DEFAULT_USER | |
| echo -n "Commentaire (Défaut : 'hostname') : " | |
| read COMMENT | |
| [ -z "$COMMENT" ] && COMMENT=`hostname` | |
| echo -n "Port à ouvrir sur l'hôte distant ($DEFAULT_PORT) : " | |
| read REMOTE_PORT | |
| [ -z "$REMOTE_PORT" ] && REMOTE_PORT=$DEFAULT_PORT | |
| } | |
| gen_key() | |
| { | |
| print_title "Création de la clef SSH" | |
| ssh-keygen -t rsa -q -C "$COMMENT - port ouvert : $REMOTE_PORT" -f rsa_id | |
| KEY="$USER_$HOST.key" | |
| PUBKEY="$KEY.pub" | |
| mv -v rsa_id ~/.ssh/$KEY | |
| mv -v rsa_id.pub ~/.ssh/$PUBKEY | |
| } | |
| configure_localhost() | |
| { | |
| print_title "Configuration de la machine locale" | |
| if [ -z $BOOL_INSTALL ]; then | |
| { | |
| echo -n "Configuration automatique de $HOME/.ssh/config (o/N) ? " | |
| read BOOL | |
| } | |
| else | |
| { | |
| BOOL=Y | |
| } | |
| fi | |
| if [ "$BOOL" = "Y" -o "$BOOL" = "y" -o "$BOOL" = "O" -o "$BOOL" = "o" ]; then | |
| { | |
| echo "Modification du fichier ~/.ssh/config" | |
| cat >> ~/.ssh/config <<EOF | |
| Host $HOST | |
| Hostname $HOST | |
| Port 22 | |
| User $USER | |
| IdentityFile ~/.ssh/$KEY | |
| EOF | |
| } | |
| fi | |
| echo "TODO : rajouter un script ssh -R $REMOTE_PORT:localhost:$HOST $USER@$HOST" | |
| } | |
| install_remote_key() | |
| { | |
| print_title "Installation de la clef sur le serveur distant" | |
| if [ -z $BOOL_INSTALL ]; then | |
| { | |
| echo -n "Se connecter au serveur distant pour copier la clef (o/N) ? " | |
| unset BOOL | |
| read BOOL | |
| } | |
| else | |
| { | |
| BOOL=Y | |
| } | |
| fi | |
| if [ "$BOOL" = "Y" -o "$BOOL" = "y" -o "$BOOL" = "O" -o "$BOOL" = "o" ]; then | |
| { | |
| echo "Clef publique exportée : $(cat ~/.ssh/$PUBKEY)" | |
| echo "ssh $USER@$HOST ..." | |
| ssh $USER@$HOST "echo \"$(cat ~/.ssh/$PUBKEY)\" >> ~/.ssh/authorized_keys" | |
| [ $? -ne 0 ] && print_title "Erreur SSH. Abandon." && exit $SSH_ERROR | |
| echo "... Installation réussie !" | |
| } | |
| fi | |
| } | |
| connection_test() | |
| { | |
| print_title "Test de la connexion : Vous ne devriez pas avoir à taper de mot de passe." | |
| ssh $USER@$HOST "test 1" | |
| [ $? -ne 0 ] && echo "Erreur SSH. Abandon." && exit $SSH_ERROR | |
| echo "Test OK !" | |
| } | |
| test_only() | |
| { | |
| print_title "Simulation." | |
| cat <<_SIMULATION_ | |
| Pour mettre en place le tunnel SSH vers le serveur distant : | |
| 1) Créer des clefs SSH avec | |
| ~$ ssh-keygen -t rsa -q -C "$COMMENT - port ouvert : $REMOTE_PORT" -f rsa_id | |
| 2) Déplacer les clefs (et les renommer sous un nom parlant, ex. ~/.ssh/$HOST_$USER) vers le répertoire ~/.ssh/ | |
| 3) Ajouter la configuration sur localhost (~/.ssh/config) : | |
| Host $HOST | |
| Hostname $HOST | |
| Port 22 | |
| User $USER | |
| IdentityFile ~/.ssh/MA_CLEF_PRIVÉE | |
| 4) Ajouter la clef publique (~/.ssh/MA_CLEF_PRIVÉE.pub) sur l'hôte distant dans ~/.ssh/authorized_keys | |
| 5) Tester que le pont fonctionne bien : | |
| ~$ ssh -R $REMOTE_PORT:localhost:22 $USER@$HOST | |
| 6) Ajouter un script de démarrage ou un cron (nécessite autossh) : | |
| ~$ screen -dmS autossh autossh -R $REMOTE_PORT:localhost:22 $USER@$HOST$USER@$HOST | |
| _SIMULATION_ | |
| exit 0; | |
| } | |
| # | |
| # main() | |
| # | |
| if [ $# -ge "1" ]; then | |
| { | |
| for i in `seq 1 $#`; do | |
| { | |
| case $1 in | |
| -i | --install) BOOL_INSTALL="1";; | |
| -t | --test-only) DO_NOTHING="1";; | |
| -h | --help) usage;; | |
| *) echo "$1 : Mauvais argument"; usage; exit $BAD_PARAMS ;; | |
| esac | |
| shift | |
| } | |
| done | |
| } | |
| fi | |
| sleep 0.5 | |
| echo "\033[1;32mSSH Maintenance version $VERSION\033[0m" | |
| # Test-only case : tells the user. | |
| [ ! -z $DO_NOTHING ] && echo "Test-only : Mode de simulation seule." | |
| # Get the vars : HOST, USER and COMMENT | |
| get_info | |
| # Test only | |
| [ ! -z $DO_NOTHING ] && test_only | |
| # Generate the RSA keys to install on localhost and remote host. | |
| gen_key | |
| # Configure the local machine to automatically make a bridge. | |
| configure_localhost | |
| # Install the RSA key on remote host | |
| install_remote_key | |
| # Testing the connection | |
| connection_test | |
| exit 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment