First sync

README.md

@@ -1,3 +1,32 @@
 # ssh
 
 Scripts for SSH
+
+**PLEASE NOTE:** These scripts should be considered experimental.  Test on non-production or backed-up data first.
+
+bup2ssh
+: Backup a machine writing the contents to a remote machine via `ssh`
+
+cp2chroot
+: Copies a binary and its dependencies into a minimal chroot
+
+keepssh
+: Executes `ssh` in a loop for automatic reconnections
+
+mkminchroot
+: Makes a minimal chroot
+
+ssh-multirun
+: Runs the same command on multiple machines
+
+ssh-reboot
+: Reboots a machine via `ssh`
+
+ssh-shutdown
+: Shuts down a machine via `ssh`
+
+sshauth
+: Toggle security for a user's `.ssh` folder
+
+sshdpw
+: Toggle password acceptance for the `ssh` deamon

bup2ssh

@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+HOST="${1}"
+BDIR="${2}"
+
+XZ_OPTS=-9e tar -cvpJ --one-file-system / | ssh "${HOST}" "( cat > ${BDIR}/${HOSTNAME}_$(date +%Y-%m-%d_%H:%M).tar.xz )"

cp2chroot

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+# Use this script to copy shared (libs) files to a chroot/jail.
+# ----------------------------------------------------------------------------
+# Written by BrainwreckedTech <http://www.brainwrecked.us>
+# (c) 2014 BrainwreckedTech under GNU GPL v2.0+
+# + Changed script to die if chroot/jail dir doesn't exist
+# + Changed chroot/jail dir to be specified on command line
+# + Added copying of binary to chroot/jail
+# ----------------------------------------------------------------------------
+# Orginally written by nixCraft <http://www.cyberciti.biz/tips/>
+# (c) 2006 nixCraft under GNU GPL v2.0+
+# + Added ld-linux support
+# + Added error checking support
+# -------------------------------------------------------------------------------
+
+print_help () {
+  echo " Syntax: $0 /path/to/jail /path/to/executable"
+  echo "Example: $0 /srv/jail/backup /usr/bin/rsync"
+}
+
+[ ! -d "${1}" ] && echo "${1} does not exist" && print_help && exit 1
+[ ! -f "${2}" ] && echo "${2} does not exist" && print_help && exit 2
+
+cp -v "${2}" "${1}${2}"
+
+while read -r FILE; do
+  FDIR="$(dirname "${FILE}")"
+  [ ! -d "${1}${FDIR}" ] && mkdir -p "${1}${FDIR}"
+  cp -v "${FILE}" "${1}${FDIR}"
+done < "$(ldd "${2}" | awk '{ print $3 }' | egrep -v ^'\(')"
+
+
+SLDL="$(ldd "${2}" | grep 'ld-linux' | awk '{ print $1}')"
+SDIR="$(dirname "${SLDL}")"
+
+[ ! -f "${1}${SLDL}" ] && cp -v "${SLDL}" "${1}${SDIR}"

keepssh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+while true; do
+  ssh ${@}
+  echo "Connection lost at $(date +%H:%M:%S)."
+
+  for I in {15..1}; do
+    echo -ne "\rIdling for ${I} seconds...  "; sleep 1
+  done
+  echo ''
+
+  TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
+  while [ ${RSLT} -ne 0 ]; do
+    for I in {9..1}; do
+      echo -ne "\rHost lookup failed at ${TSTP}.  Retrying in ${I}...  "; sleep 1
+    done
+    echo ''
+    TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
+  done
+  echo "Host lookup succeeded at ${TSTP}."
+
+  TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
+  while [ ${RSLT} -ne 0 ]; do
+    for I in {9..1}; do
+      echo -ne "\rPinging host failed at ${TSTP}.  Retrying in ${I}...  "; sleep 1
+    done
+    echo ''
+    TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
+  done
+  echo "Host ping succeeded at ${TSTP}."
+
+  for I in {5..1}; do
+    echo -ne "\rRetrying SSH connection in ${I}...   "; sleep 1
+  done
+  echo ''
+done

mkminchroot

@@ -0,0 +1,33 @@
+#!/usr/bin/env sh
+
+[ "$(id -u)" -ne "0" ] && echo 'MUST BE ROOT!' && exit 1
+
+echo ':: MAKING CHROOT DIRECTORIES...'
+
+for DIR in dev etc usr usr/bin usr/lib; do
+  mkdir -pv "${1}/${DIR}"
+done
+
+echo ':: MAKING COMPAT SYMLINKS...'
+
+ln -sv usr/bin "${1}/bin"
+ln -sv usr/bin "${1}/sbin"
+ln -sv usr/lib "${1}/lib"
+ln -sv usr/lib "${1}/lib64"
+ln -sv lib "${1}/usr/lib64"
+ln -sv sbin "${1}/usr/bin"
+
+echo ':: GIVING ROOT OWNERSHIP OF CHROOT...'
+
+chown -v root:root "${1}"
+
+echo ':: MAKING /DEV/NULL...'
+
+mknod -m 666 "${1}/dev/null" c 1 3
+
+echo ':: MAKING MINIMUM /ETC ENTRIES...'
+
+cp -av /etc/ld.so.cache "${1}/etc"
+cp -av /etc/ld.so.conf "${1}/etc"
+cp -av /etc/nsswitch.conf "${1}/etc"
+ln -sv /etc/hosts "${1}/etc"

ssh-multirun

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+COMMAND="${1}"
+shift
+
+while [ "${#}" -gt 0 ]; do
+  printf '%40s\r%s\n' ''  "${1}" | tr ' ' '-'
+  [ "${1}" = "local" ] && { bash -c "${COMMAND}"; true; } || ssh -t "${1}" "${COMMAND}"
+  shift
+done

ssh-reboot

@@ -0,0 +1,2 @@
+sudo bash -c "shutdown -r &"
+exit

ssh-shutdown

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+sudo bash -c 'shutdown -h &'

sshauth

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+
+ssh_lock() {
+  sudo chmod -v 400 "${HOME}"/.ssh/*
+  sudo chattr -V +i "${HOME}"/.ssh/authorized_keys
+  sudo chattr -V +i "${HOME}"/.ssh
+}
+
+ssh_unlock() {
+  sudo chattr -V -i "${HOME}"/.ssh
+  sudo chattr -V -i "${HOME}"/.ssh/authorized_keys
+  sudo chmod -v 600 "${HOME}"/.ssh/*
+}
+
+case "${1}" in
+  "lock")
+    printf "\033[34m:: \033[97m Locking %s/.ssh\033[0m" "${HOME}"
+    ssh_lock
+    ;;
+  "unlock")
+    printf "\033[34m:: \033[97m Unlocking %s/.ssh\033[0m" "${HOME}"
+    ssh_unlock
+    ;;
+  "toggle")
+    DA=$(lsattr -d "${HOME}/.ssh" | cut -d\  -f1 | grep -q 'i')$?
+    FA=$(lsattr "${HOME}/.ssh/authorized_keys" | cut -d\  -f1 | grep -q 'i')$?
+    FP=$(stat -c "%A" "${HOME}/.ssh/authorized_keys" | grep -q 'w')$?
+    if [ "${DA}" -eq 0 ] && [ "${FA}" -eq 0 ] && [ "${FP}" -ne 0 ]; then
+      printf "\033[34m:: \033[97m %s/.ssh secured...unlocking\033[0m" "${HOME}"
+      ssh_unlock
+    else
+      printf "\033[34m:: \033[97m %s/.ssh insecure...locking\033[0m" "${HOME}"
+      ssh_lock
+    fi
+    ;;
+esac

sshdpw

@@ -0,0 +1,31 @@
+#!/usr/bin/env sh
+
+[ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1
+
+case "${1}" in
+  "on"|"enable"|"unlock")
+    FROM=yes; TO=no;
+    ;;
+  "off"|"disable"|"lock")
+    FROM=no; TO=yes;
+    ;;
+  "toggle")
+    if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then
+      FROM=yes; TO=no;
+    else
+      FROM=no; TO=yes;
+    fi
+  ;;
+esac
+
+for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do
+  sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config
+done
+
+if command -v systemctl > /dev/null; then
+  systemctl restart sshd
+elif [ -x /etc/init.d/sshd ]; then
+  /etc/init.d/sshd restart
+else
+  echo "Restart SSH server to have changes take effect."
+fi