master
BrainwreckedTech 5 years ago
parent a9c6248b05
commit c80dca759c

@ -1,3 +1,32 @@
# ssh
Scripts for SSH
**PLEASE NOTE:** These scripts should be considered experimental. Test on non-production or backed-up data first.
bup2ssh
: Backup a machine writing the contents to a remote machine via `ssh`
cp2chroot
: Copies a binary and its dependencies into a minimal chroot
keepssh
: Executes `ssh` in a loop for automatic reconnections
mkminchroot
: Makes a minimal chroot
ssh-multirun
: Runs the same command on multiple machines
ssh-reboot
: Reboots a machine via `ssh`
ssh-shutdown
: Shuts down a machine via `ssh`
sshauth
: Toggle security for a user's `.ssh` folder
sshdpw
: Toggle password acceptance for the `ssh` deamon

@ -0,0 +1,6 @@
#!/usr/bin/env sh
HOST="${1}"
BDIR="${2}"
XZ_OPTS=-9e tar -cvpJ --one-file-system / | ssh "${HOST}" "( cat > ${BDIR}/${HOSTNAME}_$(date +%Y-%m-%d_%H:%M).tar.xz )"

@ -0,0 +1,36 @@
#!/usr/bin/env sh
# Use this script to copy shared (libs) files to a chroot/jail.
# ----------------------------------------------------------------------------
# Written by BrainwreckedTech <http://www.brainwrecked.us>
# (c) 2014 BrainwreckedTech under GNU GPL v2.0+
# + Changed script to die if chroot/jail dir doesn't exist
# + Changed chroot/jail dir to be specified on command line
# + Added copying of binary to chroot/jail
# ----------------------------------------------------------------------------
# Orginally written by nixCraft <http://www.cyberciti.biz/tips/>
# (c) 2006 nixCraft under GNU GPL v2.0+
# + Added ld-linux support
# + Added error checking support
# -------------------------------------------------------------------------------
print_help () {
echo " Syntax: $0 /path/to/jail /path/to/executable"
echo "Example: $0 /srv/jail/backup /usr/bin/rsync"
}
[ ! -d "${1}" ] && echo "${1} does not exist" && print_help && exit 1
[ ! -f "${2}" ] && echo "${2} does not exist" && print_help && exit 2
cp -v "${2}" "${1}${2}"
while read -r FILE; do
FDIR="$(dirname "${FILE}")"
[ ! -d "${1}${FDIR}" ] && mkdir -p "${1}${FDIR}"
cp -v "${FILE}" "${1}${FDIR}"
done < "$(ldd "${2}" | awk '{ print $3 }' | egrep -v ^'\(')"
SLDL="$(ldd "${2}" | grep 'ld-linux' | awk '{ print $1}')"
SDIR="$(dirname "${SLDL}")"
[ ! -f "${1}${SLDL}" ] && cp -v "${SLDL}" "${1}${SDIR}"

@ -0,0 +1,36 @@
#!/usr/bin/env bash
while true; do
ssh ${@}
echo "Connection lost at $(date +%H:%M:%S)."
for I in {15..1}; do
echo -ne "\rIdling for ${I} seconds... "; sleep 1
done
echo ''
TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
while [ ${RSLT} -ne 0 ]; do
for I in {9..1}; do
echo -ne "\rHost lookup failed at ${TSTP}. Retrying in ${I}... "; sleep 1
done
echo ''
TSTP="$(date +%H:%M:%S)"; dig +time=2 ${@} &> /dev/null; RSLT=${?}
done
echo "Host lookup succeeded at ${TSTP}."
TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
while [ ${RSLT} -ne 0 ]; do
for I in {9..1}; do
echo -ne "\rPinging host failed at ${TSTP}. Retrying in ${I}... "; sleep 1
done
echo ''
TSTP="$(date +%H:%M:%S)"; ping -c 1 -W 2 ${@} &> /dev/null; RSLT=${?}
done
echo "Host ping succeeded at ${TSTP}."
for I in {5..1}; do
echo -ne "\rRetrying SSH connection in ${I}... "; sleep 1
done
echo ''
done

@ -0,0 +1,33 @@
#!/usr/bin/env sh
[ "$(id -u)" -ne "0" ] && echo 'MUST BE ROOT!' && exit 1
echo ':: MAKING CHROOT DIRECTORIES...'
for DIR in dev etc usr usr/bin usr/lib; do
mkdir -pv "${1}/${DIR}"
done
echo ':: MAKING COMPAT SYMLINKS...'
ln -sv usr/bin "${1}/bin"
ln -sv usr/bin "${1}/sbin"
ln -sv usr/lib "${1}/lib"
ln -sv usr/lib "${1}/lib64"
ln -sv lib "${1}/usr/lib64"
ln -sv sbin "${1}/usr/bin"
echo ':: GIVING ROOT OWNERSHIP OF CHROOT...'
chown -v root:root "${1}"
echo ':: MAKING /DEV/NULL...'
mknod -m 666 "${1}/dev/null" c 1 3
echo ':: MAKING MINIMUM /ETC ENTRIES...'
cp -av /etc/ld.so.cache "${1}/etc"
cp -av /etc/ld.so.conf "${1}/etc"
cp -av /etc/nsswitch.conf "${1}/etc"
ln -sv /etc/hosts "${1}/etc"

@ -0,0 +1,10 @@
#!/usr/bin/env sh
COMMAND="${1}"
shift
while [ "${#}" -gt 0 ]; do
printf '%40s\r%s\n' '' "${1}" | tr ' ' '-'
[ "${1}" = "local" ] && { bash -c "${COMMAND}"; true; } || ssh -t "${1}" "${COMMAND}"
shift
done

@ -0,0 +1,2 @@
sudo bash -c "shutdown -r &"
exit

@ -0,0 +1,3 @@
#!/usr/bin/env sh
sudo bash -c 'shutdown -h &'

@ -0,0 +1,36 @@
#!/usr/bin/env sh
ssh_lock() {
sudo chmod -v 400 "${HOME}"/.ssh/*
sudo chattr -V +i "${HOME}"/.ssh/authorized_keys
sudo chattr -V +i "${HOME}"/.ssh
}
ssh_unlock() {
sudo chattr -V -i "${HOME}"/.ssh
sudo chattr -V -i "${HOME}"/.ssh/authorized_keys
sudo chmod -v 600 "${HOME}"/.ssh/*
}
case "${1}" in
"lock")
printf "\033[34m:: \033[97m Locking %s/.ssh\033[0m" "${HOME}"
ssh_lock
;;
"unlock")
printf "\033[34m:: \033[97m Unlocking %s/.ssh\033[0m" "${HOME}"
ssh_unlock
;;
"toggle")
DA=$(lsattr -d "${HOME}/.ssh" | cut -d\ -f1 | grep -q 'i')$?
FA=$(lsattr "${HOME}/.ssh/authorized_keys" | cut -d\ -f1 | grep -q 'i')$?
FP=$(stat -c "%A" "${HOME}/.ssh/authorized_keys" | grep -q 'w')$?
if [ "${DA}" -eq 0 ] && [ "${FA}" -eq 0 ] && [ "${FP}" -ne 0 ]; then
printf "\033[34m:: \033[97m %s/.ssh secured...unlocking\033[0m" "${HOME}"
ssh_unlock
else
printf "\033[34m:: \033[97m %s/.ssh insecure...locking\033[0m" "${HOME}"
ssh_lock
fi
;;
esac

@ -0,0 +1,31 @@
#!/usr/bin/env sh
[ ! "$(id -u)" -eq 0 ] && echo "Run as superuser." && exit 1
case "${1}" in
"on"|"enable"|"unlock")
FROM=yes; TO=no;
;;
"off"|"disable"|"lock")
FROM=no; TO=yes;
;;
"toggle")
if grep -q '^PasswordAuthentication yes' /etc/ssh/sshd_config; then
FROM=yes; TO=no;
else
FROM=no; TO=yes;
fi
;;
esac
for OPTION in PasswordAuthentication ChallengeResponseAuthentication; do
sed -i "s/#* *${OPTION} *${FROM}/${OPTION} ${TO}/g; w /dev/stdout" /etc/ssh/sshd_config
done
if command -v systemctl > /dev/null; then
systemctl restart sshd
elif [ -x /etc/init.d/sshd ]; then
/etc/init.d/sshd restart
else
echo "Restart SSH server to have changes take effect."
fi
Loading…
Cancel
Save