remote-support.sh add security check

1 files changed, 17 insertions, 3 deletions

diff --git a/scripts/remote-support.sh b/scripts/remote-support.sh
index 528ea27..40d3642 100755
--- a/scripts/remote-support.sh
+++ b/scripts/remote-support.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 
 # Remote access
+#
+# Forward local SSH server to remote host to make it accessible
+# remotely without NAT/Firewall mapping
 
 DEPENDENCIES=("sshd" "systemctl" "ssh" "ssh-keygen" "sudo")
 SSH_ACCESS_PUBKEY=""
@@ -10,6 +13,15 @@ for dep in ${DEPENDENCIES[@]}; do
 	which $dep > /dev/null || exit 1
 done
 
+read -p "Connecting to $REMOTE_ADDRESS. Proceed? (y/[n]) > " proceed
+case $proceed in
+	[yY]* )
+		;;
+	* )
+		echo Aborting.
+		exit 1
+esac
+
 PORT=$(( ($RANDOM % 64000) + 1024 ))
 
 trap 'kill -s SIGKILL $SSH_PID' 1 2 9
@@ -20,18 +32,19 @@ if [ ! -f $HOME/.ssh/id_rsa_remote ]; then
 	ssh-keygen -t rsa -N "" -C "remote key $USER@$HOSTNAME" \
 		-f "$HOME/.ssh/id_rsa_remote"
 
-	echo ---
+	echo --- $HOME/.ssh/id_rsa_remote.pub ---
 	cat $HOME/.ssh/id_rsa_remote.pub
-	echo ---
+	echo --- END ---
 	
 	read -p "Press ENTER to continue."
 fi
 
+# Check if key is already allowed to connect, add if not
 grep -q "^$SSH_ACCESS_PUBKEY$" "$HOME/.ssh/authorized_keys" && \
 	KEEP_KEY="YES" || \
 	echo "$SSH_ACCESS_PUBKEY" >> "$HOME/.ssh/authorized_keys"
 
-sudo systemctl start sshd || echo "Failed to start sshd"
+sudo systemctl start sshd || echo "Failed to start sshd."
 
 ssh -R -N 22:$REMOTE_ADDRESS:$PORT &
 SSH_PID=$!
@@ -44,5 +57,6 @@ while kill -s 0 $PID; do sleep 1; done
 
 echo Connection closed.
 
+# Remove Key from authorized_keys if it wasn't originally there
 [ -z "$KEEP_KEY" ] && sed -i "\|^$SSH_ACCESS_PUBKEY$|d" \
 	"$HOME/.ssh/authorized_keys"