BrainwreckedTech
5 years ago
parent
a9c6248b05
commit
c80dca759c
@ -1,3 +1,32 @@
|
||||
# ssh
|
||||
|
||||
Scripts for SSH
|
||||
|
||||
**PLEASE NOTE:** These scripts should be considered experimental. Test on non-production or backed-up data first.
|
||||
|
||||
bup2ssh
|
||||
: Backup a machine writing the contents to a remote machine via `ssh`
|
||||
|
||||
cp2chroot
|
||||
: Copies a binary and its dependencies into a minimal chroot
|
||||
|
||||
keepssh
|
||||
: Executes `ssh` in a loop for automatic reconnections
|
||||
|
||||
mkminchroot
|
||||
: Makes a minimal chroot
|
||||
|
||||
ssh-multirun
|
||||
: Runs the same command on multiple machines
|
||||
|
||||
ssh-reboot
|
||||
: Reboots a machine via `ssh`
|
||||
|
||||
ssh-shutdown
|
||||
: Shuts down a machine via `ssh`
|
||||
|
||||
sshauth
|
||||
: Toggle security for a user's `.ssh` folder
|
||||
|
||||
sshdpw
|
||||
: Toggle password acceptance for the `ssh` deamon
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
HOST="${1}"
|
||||
BDIR="${2}"
|
||||
|
||||
XZ_OPTS=-9e tar -cvpJ --one-file-system / | ssh "${HOST}" "( cat > ${BDIR}/${HOSTNAME}_$(date +%Y-%m-%d_%H:%M).tar.xz )"
|
||||
@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env sh
|
||||
# Use this script to copy shared (libs) files to a chroot/jail.
|
||||
# ----------------------------------------------------------------------------
|
||||
# Written by BrainwreckedTech <http://www.brainwrecked.us>
|
||||
# (c) 2014 BrainwreckedTech under GNU GPL v2.0+
|
||||
# + Changed script to die if chroot/jail dir doesn't exist
|
||||
# + Changed chroot/jail dir to be specified on command line
|
||||
# + Added copying of binary to chroot/jail
|
||||
# ----------------------------------------------------------------------------
|
||||
# Orginally written by nixCraft <http://www.cyberciti.biz/tips/>
|
||||
# (c) 2006 nixCraft under GNU GPL v2.0+
|
||||
# + Added ld-linux support
|
||||
# + Added error checking support
|
||||
# -------------------------------------------------------------------------------
|
||||
|
||||
print_help () {
|
||||
echo " Syntax: $0 /path/to/jail /path/to/executable"
|
||||
echo "Example: $0 /srv/jail/backup /usr/bin/rsync"
|
||||
}
|
||||
|
||||
[ ! -d "${1}" ] && echo "${1} does not exist" && print_help && exit 1
|
||||
[ ! -f "${2}" ] && echo "${2} does not exist" && print_help && exit 2
|
||||
|
||||
cp -v "${2}" "${1}${2}"
|
||||
|
||||
while read -r FILE; do
|
||||
FDIR="$(dirname "${FILE}")"
|
||||
[ ! -d "${1}${FDIR}" ] && mkdir -p "${1}${FDIR}"
|
||||
cp -v "${FILE}" "${1}${FDIR}"
|
||||
done < "$(ldd "${2}" | awk '{ print $3 }' | egrep -v ^'\(')"
|
||||
|
||||
|
||||
SLDL="$(ldd "${2}" | grep 'ld-linux' | awk '{ print $1}')"
|
||||
SDIR="$(dirname "${SLDL}")"
|
||||
|
||||
[ ! -f "${1}${SLDL}" ] && cp -v "${SLDL}" "${1}${SDIR}"
|
||||
@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
while true; do
|
||||
ssh ${@}
|
||||
echo "Connection lost at $(date +%H:%M:%S)."
|
||||
|
||||
for I in {15..1}; do
|
||||
echo -ne "\rIdling for ${I} seconds... "; sleep 1
|
||||
done
|
||||
echo ''
|
||||
|
||||
TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
|
||||
while [ ${RSLT} -ne 0 ]; do
|
||||
for I in {9..1}; do
|
||||
echo -ne "\rHost lookup failed at ${TSTP}. Retrying in ${I}... "; sleep 1
|
||||
done
|
||||
echo ''
|
||||
TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
|
||||
done
|
||||
echo "Host lookup succeeded at ${TSTP}."
|
||||
|
||||
TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
|
||||
while [ ${RSLT} -ne 0 ]; do
|
||||
for I in {9..1}; do
|
||||
echo -ne "\rPinging host failed at ${TSTP}. Retrying in ${I}... "; sleep 1
|
||||
done
|
||||
echo ''
|
||||
TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
|
||||
done
|
||||
echo "Host ping succeeded at ${TSTP}."
|
||||
|
||||
for I in {5..1}; do
|
||||
echo -ne "\rRetrying SSH connection in ${I}... "; sleep 1
|
||||
done
|
||||
echo ''
|
||||
done
|
||||
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
[ "$(id -u)" -ne "0" ] && echo 'MUST BE ROOT!' && exit 1
|
||||
|
||||
echo ':: MAKING CHROOT DIRECTORIES...'
|
||||
|
||||
for DIR in dev etc usr usr/bin usr/lib; do
|
||||
mkdir -pv "${1}/${DIR}"
|
||||
done
|
||||
|
||||
echo ':: MAKING COMPAT SYMLINKS...'
|
||||
|
||||
ln -sv usr/bin "${1}/bin"
|
||||
ln -sv usr/bin "${1}/sbin"
|
||||
ln -sv usr/lib "${1}/lib"
|
||||
ln -sv usr/lib "${1}/lib64"
|
||||
ln -sv lib "${1}/usr/lib64"
|
||||
ln -sv sbin "${1}/usr/bin"
|
||||
|
||||
echo ':: GIVING ROOT OWNERSHIP OF CHROOT...'
|
||||
|
||||
chown -v root:root "${1}"
|
||||
|
||||
echo ':: MAKING /DEV/NULL...'
|
||||
|
||||
mknod -m 666 "${1}/dev/null" c 1 3
|
||||
|
||||
echo ':: MAKING MINIMUM /ETC ENTRIES...'
|
||||
|
||||
cp -av /etc/ld.so.cache "${1}/etc"
|
||||
cp -av /etc/ld.so.conf "${1}/etc"
|
||||
cp -av /etc/nsswitch.conf "${1}/etc"
|
||||
ln -sv /etc/hosts "${1}/etc"
|
||||
@ -0,0 +1,10 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
COMMAND="${1}"
|
||||
shift
|
||||
|
||||
while [ "${#}" -gt 0 ]; do
|
||||
printf '%40s\r%s\n' '' "${1}" | tr ' ' '-'
|
||||
[ "${1}" = "local" ] && { bash -c "${COMMAND}"; true; } || ssh -t "${1}" "${COMMAND}"
|
||||
shift
|
||||
done
|
||||
@ -0,0 +1,2 @@
|
||||
sudo bash -c "shutdown -r &"
|
||||
exit
|
||||
@ -0,0 +1,3 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
sudo bash -c 'shutdown -h &'
|
||||
@ -0,0 +1,36 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
ssh_lock() {
|
||||
sudo chmod -v 400 "${HOME}"/.ssh/*
|
||||
sudo chattr -V +i "${HOME}"/.ssh/authorized_keys
|
||||
sudo chattr -V +i "${HOME}"/.ssh
|
||||
}
|
||||
|
||||
ssh_unlock() {
|
||||
sudo chattr -V -i "${HOME}"/.ssh
|
||||
sudo chattr -V -i "${HOME}"/.ssh/authorized_keys
|
||||
sudo chmod -v 600 "${HOME}"/.ssh/*
|
||||
}
|
||||
|
||||
case "${1}" in
|
||||
"lock")
|
||||
printf "\033[34m:: \033[97m Locking %s/.ssh\033[0m" "${HOME}"
|
||||
ssh_lock
|
||||
;;
|
||||
"unlock")
|
||||
printf "\033[34m:: \033[97m Unlocking %s/.ssh\033[0m" "${HOME}"
|
||||
ssh_unlock
|
||||
;;
|
||||
"toggle")
|
||||
DA=$(lsattr -d "${HOME}/.ssh" | cut -d\ -f1 | grep -q 'i')$?
|
||||
FA=$(lsattr "${HOME}/.ssh/authorized_keys" | cut -d\ -f1 | grep -q 'i')$?
|
||||
FP=$(stat -c "%A" "${HOME}/.ssh/authorized_keys" | grep -q 'w')$?
|
||||
if [ "${DA}" -eq 0 ] && [ "${FA}" -eq 0 ] && [ "${FP}" -ne 0 ]; then
|
||||
printf "\033[34m:: \033[97m %s/.ssh secured...unlocking\033[0m" "${HOME}"
|
||||
ssh_unlock
|
||||
else
|
||||
printf "\033[34m:: \033[97m %s/.ssh insecure...locking\033[0m" "${HOME}"
|
||||
ssh_lock
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@ -0,0 +1,31 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
[ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1
|
||||
|
||||
case "${1}" in
|
||||
"on"|"enable"|"unlock")
|
||||
FROM=yes; TO=no;
|
||||
;;
|
||||
"off"|"disable"|"lock")
|
||||
FROM=no; TO=yes;
|
||||
;;
|
||||
"toggle")
|
||||
if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then
|
||||
FROM=yes; TO=no;
|
||||
else
|
||||
FROM=no; TO=yes;
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do
|
||||
sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config
|
||||
done
|
||||
|
||||
if command -v systemctl > /dev/null; then
|
||||
systemctl restart sshd
|
||||
elif [ -x /etc/init.d/sshd ]; then
|
||||
/etc/init.d/sshd restart
|
||||
else
|
||||
echo "Restart SSH server to have changes take effect."
|
||||
fi
|
||||
Loading…
Reference in new issue