diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2020-09-23 20:32:38 +0200 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2020-09-23 20:32:38 +0200 |
commit | 1f182a2886de267b0d29bcc81dc08b64d231c8e1 (patch) | |
tree | 7f65aea4e3c330315d8ea8ff1c6fec2381cbef28 | |
parent | c499dbfd1822a8684496c5fe8d292fd6762f9787 (diff) | |
download | dotfiles-1f182a2886de267b0d29bcc81dc08b64d231c8e1.tar.gz |
remote-support.sh add security check
-rwxr-xr-x | scripts/remote-support.sh | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/scripts/remote-support.sh b/scripts/remote-support.sh index 528ea27..40d3642 100755 --- a/scripts/remote-support.sh +++ b/scripts/remote-support.sh @@ -1,6 +1,9 @@ #!/bin/bash # Remote access +# +# Forward local SSH server to remote host to make it accessible +# remotely without NAT/Firewall mapping DEPENDENCIES=("sshd" "systemctl" "ssh" "ssh-keygen" "sudo") SSH_ACCESS_PUBKEY="" @@ -10,6 +13,15 @@ for dep in ${DEPENDENCIES[@]}; do which $dep > /dev/null || exit 1 done +read -p "Connecting to $REMOTE_ADDRESS. Proceed? (y/[n]) > " proceed +case $proceed in + [yY]* ) + ;; + * ) + echo Aborting. + exit 1 +esac + PORT=$(( ($RANDOM % 64000) + 1024 )) trap 'kill -s SIGKILL $SSH_PID' 1 2 9 @@ -20,18 +32,19 @@ if [ ! -f $HOME/.ssh/id_rsa_remote ]; then ssh-keygen -t rsa -N "" -C "remote key $USER@$HOSTNAME" \ -f "$HOME/.ssh/id_rsa_remote" - echo --- + echo --- $HOME/.ssh/id_rsa_remote.pub --- cat $HOME/.ssh/id_rsa_remote.pub - echo --- + echo --- END --- read -p "Press ENTER to continue." fi +# Check if key is already allowed to connect, add if not grep -q "^$SSH_ACCESS_PUBKEY$" "$HOME/.ssh/authorized_keys" && \ KEEP_KEY="YES" || \ echo "$SSH_ACCESS_PUBKEY" >> "$HOME/.ssh/authorized_keys" -sudo systemctl start sshd || echo "Failed to start sshd" +sudo systemctl start sshd || echo "Failed to start sshd." ssh -R -N 22:$REMOTE_ADDRESS:$PORT & SSH_PID=$! @@ -44,5 +57,6 @@ while kill -s 0 $PID; do sleep 1; done echo Connection closed. +# Remove Key from authorized_keys if it wasn't originally there [ -z "$KEEP_KEY" ] && sed -i "\|^$SSH_ACCESS_PUBKEY$|d" \ "$HOME/.ssh/authorized_keys" |