-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmake_tun.sh
executable file
·158 lines (132 loc) · 4.37 KB
/
make_tun.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/bin/bash
# Ensure the script is run with sudo or root privileges
if [ "$EUID" -ne 0 ]; then
echo "Please run as root or use sudo"
exit
fi
HOST=$1
# Determine the correct username
if [ -n "$SUDO_USER" ]; then
USERNAME="$SUDO_USER"
HOME="/home/$USERNAME"
else
USERNAME="root"
fi
# Function to check if Host exists in ~/.ssh/config
host_exists() {
local host=$1
awk -v host="$host" '
$1 == "Host" && $2 == host { print "exists"; exit }
' ~/.ssh/config
}
# Function to fetch option by Host ~/.ssh/config
get_ssh_option() {
local host=$1
local option=$2
awk -v host="$host" -v option="$option" '
$1 == "Host" { in_host_block = ($2 == host); next }
in_host_block && $1 == option { print $2 }
' ~/.ssh/config
}
if [ ! -z "${HOST}" ]; then
if [ ! -f "$HOME/.ssh/config" ]; then
echo "$HOME/.ssh/config does not exists"
exit 1
fi
if [[ -z "$(host_exists "$HOST")" ]]; then
echo "Error: Host '$HOST' not found in ~/.ssh/config"
exit 1
fi
SERVER_IP=$(get_ssh_option "$HOST" "Hostname")
SERVER_USER=$(get_ssh_option "$HOST" "User")
SERVER_PORT=$(get_ssh_option "$HOST" "Port")
SSH_KEY_PATH=$(get_ssh_option "$HOST" "IdentityFile")
SSH_KEY_PATH="${SSH_KEY_PATH/#\~/$HOME}" # conver ~ to $HOME
fi
# Prompt for the necessary parameters with default values
if [[ -z "${SERVER_IP}" ]]; then
read -p "Public server IP (required): " SERVER_IP
if [ -z "$SERVER_IP" ]; then
echo "Public server IP is required."
exit 1
fi
else
echo "Server IP: $SERVER_IP"
fi
if [[ -z "${SERVER_USER}" ]]; then
read -p "Public server User [user]: " SERVER_USER
SERVER_USER=${SERVER_USER:-user}
else
echo "Public server user: $SERVER_USER"
fi
if [[ -z "${SERVER_PORT}" ]]; then
read -p "Public server SSH port [22]: " SERVER_PORT
SERVER_PORT=${SERVER_PORT:-22}
else
echo "Public server port: $SERVER_PORT"
fi
if [[ -z "${SSH_KEY_PATH}" ]]; then
read -p "Public server SSH key path [$HOME/.ssh/id_rsa]: " SSH_KEY_PATH
SSH_KEY_PATH=${SSH_KEY_PATH:-$HOME/.ssh/id_rsa}
else
echo "Public server ssh key: $SSH_KEY_PATH"
fi
if [ ! -f "$SSH_KEY_PATH" ]; then
echo "SSH key file does not exist at $SSH_KEY_PATH."
exit 1
fi
# Check if SSH key requires a password
if ssh-keygen -y -f "$SSH_KEY_PATH" >/dev/null 2>&1; then
echo "SSH key does not require a password."
else
echo "SSH key requires a password."
exit 1
fi
# Check if SSH key works and can establish a connection
if ssh -i "$SSH_KEY_PATH" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 -p "$SERVER_PORT" "$SERVER_USER@$SERVER_IP" exit; then
echo "SSH key works and connection can be established."
else
echo "SSH key does not work or cannot establish a connection."
exit 1
fi
read -p "Public server forwarding port (required): " REMOTE_PORT
if [ -z "$REMOTE_PORT" ]; then
echo "Public server forwarding port is required."
exit 1
fi
read -p "Local receiving port [22]: " LOCAL_PORT
LOCAL_PORT=${LOCAL_PORT:-22}
# Function to check if the service name already exists and prompt for a new one if it does
set_service_name() {
local service_name
read -p "Local Service name [backtun-$SERVER_IP.service]: " service_name
service_name=${service_name:-"backtun-$SERVER_IP.service"}
if [[ -f "/etc/systemd/system/$service_name" ]]; then
echo "Service already exists: /etc/systemd/system/$service_name"
set_service_name # Recursively call the function to prompt for a new name
else
LOCAL_SERVICE_NAME="$service_name"
fi
}
# Initial function call to start the checking process
set_service_name
# Create the systemd service unit file
SERVICE_FILE="/etc/systemd/system/$LOCAL_SERVICE_NAME"
sudo bash -c "cat > $SERVICE_FILE" << EOL
[Unit]
Description=SSH Reverse Tunnel
After=network.target
[Service]
ExecStart=/usr/bin/ssh -i $SSH_KEY_PATH -o StrictHostKeyChecking=accept-new -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -p $SERVER_PORT -N -R $REMOTE_PORT:localhost:$LOCAL_PORT $SERVER_USER@$SERVER_IP
Restart=always
RestartSec=3
User=$USERNAME
[Install]
WantedBy=multi-user.target
EOL
# Reload systemd to recognize the new service, enable it, and start it
sudo systemctl daemon-reload
sudo systemctl enable $LOCAL_SERVICE_NAME
sudo systemctl start $LOCAL_SERVICE_NAME
echo "SSH reverse tunnel systemd service created and started successfully."
echo "You can control this service with systemctl using name $LOCAL_SERVICE_NAME"