diff --git a/README.md b/README.md index 0ecfcb5..3552263 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,32 @@ # ssh -Scripts for SSH \ No newline at end of file +Scripts for SSH + +**PLEASE NOTE:** These scripts should be considered experimental. Test on non-production or backed-up data first. + +bup2ssh +: Backup a machine writing the contents to a remote machine via `ssh` + +cp2chroot +: Copies a binary and its dependencies into a minimal chroot + +keepssh +: Executes `ssh` in a loop for automatic reconnections + +mkminchroot +: Makes a minimal chroot + +ssh-multirun +: Runs the same command on multiple machines + +ssh-reboot +: Reboots a machine via `ssh` + +ssh-shutdown +: Shuts down a machine via `ssh` + +sshauth +: Toggle security for a user's `.ssh` folder + +sshdpw +: Toggle password acceptance for the `ssh` deamon diff --git a/bup2ssh b/bup2ssh new file mode 100755 index 0000000..bec3024 --- /dev/null +++ b/bup2ssh @@ -0,0 +1,6 @@ +#!/usr/bin/env sh + +HOST="${1}" +BDIR="${2}" + +XZ_OPTS=-9e tar -cvpJ --one-file-system / | ssh "${HOST}" "( cat > ${BDIR}/${HOSTNAME}_$(date +%Y-%m-%d_%H:%M).tar.xz )" diff --git a/cp2chroot b/cp2chroot new file mode 100755 index 0000000..cbb7c15 --- /dev/null +++ b/cp2chroot @@ -0,0 +1,36 @@ +#!/usr/bin/env sh +# Use this script to copy shared (libs) files to a chroot/jail. +# ---------------------------------------------------------------------------- +# Written by BrainwreckedTech +# (c) 2014 BrainwreckedTech under GNU GPL v2.0+ +# + Changed script to die if chroot/jail dir doesn't exist +# + Changed chroot/jail dir to be specified on command line +# + Added copying of binary to chroot/jail +# ---------------------------------------------------------------------------- +# Orginally written by nixCraft +# (c) 2006 nixCraft under GNU GPL v2.0+ +# + Added ld-linux support +# + Added error checking support +# ------------------------------------------------------------------------------- + +print_help () { + echo " Syntax: $0 /path/to/jail /path/to/executable" + echo "Example: $0 /srv/jail/backup /usr/bin/rsync" +} + +[ ! -d "${1}" ] && echo "${1} does not exist" && print_help && exit 1 +[ ! -f "${2}" ] && echo "${2} does not exist" && print_help && exit 2 + +cp -v "${2}" "${1}${2}" + +while read -r FILE; do + FDIR="$(dirname "${FILE}")" + [ ! -d "${1}${FDIR}" ] && mkdir -p "${1}${FDIR}" + cp -v "${FILE}" "${1}${FDIR}" +done < "$(ldd "${2}" | awk '{ print $3 }' | egrep -v ^'\(')" + + +SLDL="$(ldd "${2}" | grep 'ld-linux' | awk '{ print $1}')" +SDIR="$(dirname "${SLDL}")" + +[ ! -f "${1}${SLDL}" ] && cp -v "${SLDL}" "${1}${SDIR}" diff --git a/keepssh b/keepssh new file mode 100755 index 0000000..3e4c1fd --- /dev/null +++ b/keepssh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +while true; do + ssh ${@} + echo "Connection lost at $(date +%H:%M:%S)." + + for I in {15..1}; do + echo -ne "\rIdling for ${I} seconds... "; sleep 1 + done + echo '' + + TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?} + while [ ${RSLT} -ne 0 ]; do + for I in {9..1}; do + echo -ne "\rHost lookup failed at ${TSTP}. Retrying in ${I}... "; sleep 1 + done + echo '' + TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?} + done + echo "Host lookup succeeded at ${TSTP}." + + TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?} + while [ ${RSLT} -ne 0 ]; do + for I in {9..1}; do + echo -ne "\rPinging host failed at ${TSTP}. Retrying in ${I}... "; sleep 1 + done + echo '' + TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?} + done + echo "Host ping succeeded at ${TSTP}." + + for I in {5..1}; do + echo -ne "\rRetrying SSH connection in ${I}... "; sleep 1 + done + echo '' +done diff --git a/mkminchroot b/mkminchroot new file mode 100755 index 0000000..b0ec7d2 --- /dev/null +++ b/mkminchroot @@ -0,0 +1,33 @@ +#!/usr/bin/env sh + +[ "$(id -u)" -ne "0" ] && echo 'MUST BE ROOT!' && exit 1 + +echo ':: MAKING CHROOT DIRECTORIES...' + +for DIR in dev etc usr usr/bin usr/lib; do + mkdir -pv "${1}/${DIR}" +done + +echo ':: MAKING COMPAT SYMLINKS...' + +ln -sv usr/bin "${1}/bin" +ln -sv usr/bin "${1}/sbin" +ln -sv usr/lib "${1}/lib" +ln -sv usr/lib "${1}/lib64" +ln -sv lib "${1}/usr/lib64" +ln -sv sbin "${1}/usr/bin" + +echo ':: GIVING ROOT OWNERSHIP OF CHROOT...' + +chown -v root:root "${1}" + +echo ':: MAKING /DEV/NULL...' + +mknod -m 666 "${1}/dev/null" c 1 3 + +echo ':: MAKING MINIMUM /ETC ENTRIES...' + +cp -av /etc/ld.so.cache "${1}/etc" +cp -av /etc/ld.so.conf "${1}/etc" +cp -av /etc/nsswitch.conf "${1}/etc" +ln -sv /etc/hosts "${1}/etc" diff --git a/ssh-multirun b/ssh-multirun new file mode 100755 index 0000000..3d35cea --- /dev/null +++ b/ssh-multirun @@ -0,0 +1,10 @@ +#!/usr/bin/env sh + +COMMAND="${1}" +shift + +while [ "${#}" -gt 0 ]; do + printf '%40s\r%s\n' '' "${1}" | tr ' ' '-' + [ "${1}" = "local" ] && { bash -c "${COMMAND}"; true; } || ssh -t "${1}" "${COMMAND}" + shift +done diff --git a/ssh-reboot b/ssh-reboot new file mode 100755 index 0000000..169b4ce --- /dev/null +++ b/ssh-reboot @@ -0,0 +1,2 @@ +sudo bash -c "shutdown -r &" +exit diff --git a/ssh-shutdown b/ssh-shutdown new file mode 100755 index 0000000..30caec4 --- /dev/null +++ b/ssh-shutdown @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +sudo bash -c 'shutdown -h &' diff --git a/sshauth b/sshauth new file mode 100755 index 0000000..b6a1705 --- /dev/null +++ b/sshauth @@ -0,0 +1,36 @@ +#!/usr/bin/env sh + +ssh_lock() { + sudo chmod -v 400 "${HOME}"/.ssh/* + sudo chattr -V +i "${HOME}"/.ssh/authorized_keys + sudo chattr -V +i "${HOME}"/.ssh +} + +ssh_unlock() { + sudo chattr -V -i "${HOME}"/.ssh + sudo chattr -V -i "${HOME}"/.ssh/authorized_keys + sudo chmod -v 600 "${HOME}"/.ssh/* +} + +case "${1}" in + "lock") + printf "\033[34m:: \033[97m Locking %s/.ssh\033[0m" "${HOME}" + ssh_lock + ;; + "unlock") + printf "\033[34m:: \033[97m Unlocking %s/.ssh\033[0m" "${HOME}" + ssh_unlock + ;; + "toggle") + DA=$(lsattr -d "${HOME}/.ssh" | cut -d\ -f1 | grep -q 'i')$? + FA=$(lsattr "${HOME}/.ssh/authorized_keys" | cut -d\ -f1 | grep -q 'i')$? + FP=$(stat -c "%A" "${HOME}/.ssh/authorized_keys" | grep -q 'w')$? + if [ "${DA}" -eq 0 ] && [ "${FA}" -eq 0 ] && [ "${FP}" -ne 0 ]; then + printf "\033[34m:: \033[97m %s/.ssh secured...unlocking\033[0m" "${HOME}" + ssh_unlock + else + printf "\033[34m:: \033[97m %s/.ssh insecure...locking\033[0m" "${HOME}" + ssh_lock + fi + ;; +esac diff --git a/sshdpw b/sshdpw new file mode 100755 index 0000000..599cc6b --- /dev/null +++ b/sshdpw @@ -0,0 +1,31 @@ +#!/usr/bin/env sh + +[ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1 + +case "${1}" in + "on"|"enable"|"unlock") + FROM=yes; TO=no; + ;; + "off"|"disable"|"lock") + FROM=no; TO=yes; + ;; + "toggle") + if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then + FROM=yes; TO=no; + else + FROM=no; TO=yes; + fi + ;; +esac + +for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do + sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config +done + +if command -v systemctl > /dev/null; then + systemctl restart sshd +elif [ -x /etc/init.d/sshd ]; then + /etc/init.d/sshd restart +else + echo "Restart SSH server to have changes take effect." +fi