gordon/TunnelKeeper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

individualised timeouts for hosts

Browse Source
This commit is contained in:
Gordon Grant-Stuart 2023-03-01 13:26:55 +00:00
parent b3cb172f6d
commit 2656322020
3 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -8,9 +8,8 @@ Edit the config file `/opt/tunnelkeeper/etc/tunnelkeeper.conf`. If you make chan
There are 3 sections: There are 3 sections:
#### settings #### settings
- `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging). - `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging).
- `timeout`: Echo check timeout for watched connections.
#### ssh #### ssh
- It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background. - It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background.
- There are 2 options that aren't available in normal ssh config files: - There are 2 options that aren't available in normal ssh config files:
- `Watch` : Enables an echo test on the host at regular intervals. - `Watch N` : Enables an echo test on the host at intervals of **N** seconds.
- `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible. - `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible.

3
etc/tunnelkeeper.conf
View File

@ -1,6 +1,5 @@
[settings] [settings]
debug 0 debug 0
timeout 30
[ssh] [ssh]
# Everything in this section obeys the same rules as ~/.ssh/config # Everything in this section obeys the same rules as ~/.ssh/config
@ -11,7 +10,7 @@ timeout 30
# Hostname 123.45.67.89 # Hostname 123.45.67.89
# User ubuntu # User ubuntu
# LocalForward 12345 127.0.0.1:22 # LocalForward 12345 127.0.0.1:22
# Watch # Watch 30
# Password p@$$w0rd # Password p@$$w0rd
# #
# Host server2 # Host server2

13
tunnelkeeper
View File

@ -15,8 +15,9 @@ SSHCONF="$BASEDIR/var/ssh.conf"
PWCONF="$BASEDIR/var/passwords.conf" PWCONF="$BASEDIR/var/passwords.conf"
WATCHCONF="$BASEDIR/var/watch.conf" WATCHCONF="$BASEDIR/var/watch.conf"
cat "$BASEDIR/var/[ssh].conf" | grep -Eiv '^ *(watch|password)' > cat "$SSHCONF" cat "$BASEDIR/var/[ssh].conf" | grep -Eiv '^ *(watch|password)' > "$SSHCONF"
cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | grep -i -B1 watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF" # cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | grep -i -B1 watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF"
cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator watch | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Ww]atch//g' > "$WATCHCONF"
cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF" cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF"
function ruroot () { function ruroot () {
@ -34,8 +35,8 @@ case "$DEBUGLEVEL" in
*) dbgopt='';; *) dbgopt='';;
esac esac
TIMEOUT=$(awk '/^timeout/ {print $2}' $TKCONF &>/dev/null) # TIMEOUT=$(awk '/^timeout/ {print $2}' $TKCONF &>/dev/null)
[[ -z $TIMEOUT ]] && TIMEOUT='60' # [[ -z $TIMEOUT ]] && TIMEOUT='60'
function dbg () { function dbg () {
[[ $DEBUGLEVEL != "0" ]] && logger -t tunnelkeeper [[ $DEBUGLEVEL != "0" ]] && logger -t tunnelkeeper
@ -70,6 +71,7 @@ case "$1" in
;; ;;
FORKWATCH ) # makes sure the connection is still working, even if ssh doesn't drop it FORKWATCH ) # makes sure the connection is still working, even if ssh doesn't drop it
while true; do while true; do
TIMEOUT=$(awk "/^$2/ {print \$2}" ${WATCHCONF})
sleep $TIMEOUT sleep $TIMEOUT
echo "tick $2" | dbg echo "tick $2" | dbg
if [[ $(timeout $TIMEOUT ssh localhost -o "StrictHostKeyChecking no" -S $BASEDIR/var/$2.tksock "echo tk") != "tk" ]]; then if [[ $(timeout $TIMEOUT ssh localhost -o "StrictHostKeyChecking no" -S $BASEDIR/var/$2.tksock "echo tk") != "tk" ]]; then
@ -136,8 +138,9 @@ WantedBy=multi-user.target" > /lib/systemd/system/tunnelkeeper.service
rm /usr/local/bin/tunnelkeeper rm /usr/local/bin/tunnelkeeper
rm /lib/systemd/system/tunnelkeeper.service rm /lib/systemd/system/tunnelkeeper.service
systemctl daemon-reload systemctl daemon-reload
cp -f /opt/tunnelkeeper/etc/tunnelkeeper.conf /opt/tunnelkeeper.conf.bak
rm -rf /opt/tunnelkeeper rm -rf /opt/tunnelkeeper
echo -e "\nTunnelKeeper service uninstalled.\n" echo -e "\nTunnelKeeper service uninstalled. Config backup saved as /opt/tunnelkeeper.conf.bak \n"
;; ;;
list ) list )
echo "---" echo "---"