etc/Server/setup_reverse_tunnel.sh

   1 #!/bin/bash
   2 if [ -z "$SUDO_USER" ]; then
   3     echo "$0 must be called from sudo. Try: 'sudo ${0}'"
   4     exit 1
   5 fi
   6
   7 SCRIPT_LOCATION="/etc/network/if-up.d/reverse_ssh_tunnel"
   8
   9 echo "Creating file in $SCRIPT_LOCATION"
  10 echo "Installing openssh-server and autossh"
  11 apt-get install openssh-server autossh
  12 echo "Randomly creating port numbers (edit these in the file to change if you want)"
  13
  14 PORT_NUMBER=$[ ( $RANDOM % 10000 )  + 10000 ]
  15 MONITORING_PORT_NUMBER=$[ ( $RANDOM % 10000 )  + 20000 ]
  16
  17 echo "PORT_NUMBER: ${PORT_NUMBER}"
  18 echo "MONITORING_PORT_NUMBER: ${MONITORING_PORT_NUMBER}"
  19 echo "Enter servername or IP address for the middleman server"
  20 read MIDDLEMAN_SERVER
  21 echo "Enter username to use for logging into $MIDDLEMAN_SERVER:[$SUDO_USER]"
  22 read MIDDLEMAN_USERNAME
  23 if [[ -z $MIDDLEMAN_USERNAME ]]; then
  24   MIDDLEMAN_USERNAME=$SUDO_USER
  25 fi
  26 echo "Checking to see if we can login using public key authentication: ssh $MIDDLEMAN_USERNAME@$MIDDLEMAN_SERVER (TODO, TO BE IMPLEMENTED!)"
  27 su $SUDO_USER -c "ssh $MIDDLEMAN_USERNAME@$MIDDLEMAN_SERVER \"echo I am in\""
  28
  29 echo "Checking to see if GatewayPorts is set on $MIDDLEMAN_SERVER"
  30 su $SUDO_USER -c "ssh $MIDDLEMAN_USERNAME@$MIDDLEMAN_SERVER \"cat /etc/ssh/sshd_config | grep 'GatewayPorts yes'\""
  31
  32 echo "Do you want to upload your public key to the middleman and setup public key authentication? ([y]/n)"
  33 read COPY_KEY
  34
  35 if [ ! "${COPY_KEY}" = "n" ]; then
  36   su $SUDO_USER -c "ssh-copy-id $MIDDLEMAN_USERNAME@$MIDDLEMAN_SERVER"
  37 fi
  38
  39 echo "#!/bin/sh
  40 # ------------------------------
  41 # Added by setup_reverse_tunnel.sh
  42 # ------------------------------
  43 # See autossh and google for reverse ssh tunnels to see how this works
  44
  45 # When this script runs it will allow you to ssh into this machine even if it is behind a firewall or has a NAT'd IP address.
  46 # From any ssh capable machine you just type ssh -p $PORT_NUMBER $SUDO_USER@$MIDDLEMAN_SERVER
  47
  48 # This is the username on your local server who has public key authentication setup at the middleman
  49 USER_TO_SSH_IN_AS=$MIDDLEMAN_USERNAME
  50
  51 # This is the username and hostname/IP address for the middleman (internet accessible server)
  52 MIDDLEMAN_SERVER_AND_USERNAME=$MIDDLEMAN_USERNAME@$MIDDLEMAN_SERVER
  53
  54 # Port that the middleman will listen on (use this value as the -p argument when sshing)
  55 PORT_MIDDLEMAN_WILL_LISTEN_ON=$PORT_NUMBER
  56
  57 # Connection monitoring port, don't need to know this one
  58 AUTOSSH_PORT=$MONITORING_PORT_NUMBER
  59
  60 # Ensures that autossh keeps trying to connect
  61 AUTOSSH_GATETIME=0
  62 su -c \"autossh -f -N -R *:\${PORT_MIDDLEMAN_WILL_LISTEN_ON}:localhost:22 \${MIDDLEMAN_SERVER_AND_USERNAME} -oLogLevel=error  -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no\" $SUDO_USER
  63 " > $SCRIPT_LOCATION
  64
  65 echo "Making script executable"
  66 chmod +x $SCRIPT_LOCATION
  67
  68 echo "Tunnel will now automatically run whenever a network connection comes up"
  69 echo "Do you want to start the tunnel now? [y]/n"
  70 read START_TUNNEL
  71
  72 if [ ! "${START_TUNNEL}" = "n" ]; then
  73   $SCRIPT_LOCATION
  74 fi
  75
  76 echo "You might want to add the following to your .ssh/config (and then copy it to other machines) so that you can set this up easily:
  77
  78 Host $HOSTNAME.tunnel
  79   Port $PORT_NUMBER
  80   HostName $MIDDLEMAN_SERVER
  81   User $MIDDLEMAN_USERNAME
  82 "