making debug a ssh conf directive

README.md

@@ -5,11 +5,8 @@ Install it as a service with `tunnelkeeper install`.
 
 Edit the config file `/opt/tunnelkeeper/etc/tunnelkeeper.conf`. If you make changes to tunnelkeeper.conf, run `systemctl restart tunnelkeeper`.
 
-There are 3 sections:
-#### settings
-- `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging).
-#### ssh
 - It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background.
-- There are 2 options that aren't available in normal ssh config files:
+- There are 3 options that aren't available in normal ssh config files:
   - `Watch N` : Enables an echo test on the host at intervals of **N** seconds.
-  - `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible.
+  - `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible.
+  - `Debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging).

etc/tunnelkeeper.conf

@@ -1,8 +1,8 @@
-[settings]
-debug 0
-
-[ssh]
 # Everything in this section obeys the same rules as ~/.ssh/config
+#    Excluding the following directives:
+#         - Password
+#         - Watch
+#         - Debug
 
 # Examples
 #
@@ -18,3 +18,4 @@ debug 0
 #   User ubuntu
 #   Port 2222
 #   RemoteForward 54321 127.0.0.1:22
+#   Debug 2

tunnelkeeper

@@ -3,22 +3,26 @@
 REALPATH="$(realpath $0)"
 BASEDIR="${REALPATH%/*}"
 
-if [[ "${1}" == "start" ]]; then
+# if [[ "${1}" == "start" ]]; then
-  rm $BASEDIR/var/*.conf &>/dev/null         # Create separate .conf files in var/ from etc/tunnelkeeper.conf
+#   rm $BASEDIR/var/*.conf &>/dev/null         # Create separate .conf files in var/ from etc/tunnelkeeper.conf
-  awk -v "dir=$BASEDIR/var" '
+#   awk -v "dir=$BASEDIR/var" '
-    /^\[/ {sec=$1}
+#     /^\[/ {sec=$1}
-    !/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null
+#     !/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null
-fi
+# fi
 
-TKCONF="$BASEDIR/var/[settings].conf"
+# TKCONF="$BASEDIR/var/[settings].conf"
 SSHCONF="$BASEDIR/var/ssh.conf"
 PWCONF="$BASEDIR/var/passwords.conf"
 WATCHCONF="$BASEDIR/var/watch.conf"
+DEBUGCONF="$BASEDIR/var/debug.conf"
 
-cat "$BASEDIR/var/[ssh].conf" | grep -Eiv '^ *(watch|password)' > "$SSHCONF"
+function genconfig () {
-# cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | grep -i -B1 watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF"
+  cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Eiv '^ *(watch|password|debug)' > "$SSHCONF"
-cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator watch | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Ww]atch//g' > "$WATCHCONF"
+  # cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *watch|Host)' | grep -i -B1 watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF"
-cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF"
+  cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *watch|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator watch | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Ww]atch//g' > "$WATCHCONF"
+  cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF"
+  cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *debug|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator debug | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Dd]ebug//g' > "$DEBUGCONF"
+}
 
 function ruroot () {
   if [[ $UID -ne 0 ]]; then
@@ -27,23 +31,28 @@ function ruroot () {
   fi
 }
 
-DEBUGLEVEL=$(awk '/^debug/ {print $2}' $TKCONF &>/dev/null)
+# DEBUGLEVEL=$(awk '/^debug/ {print $2}' $TKCONF &>/dev/null)
-[[ -z $DEBUGLEVEL ]] && DEBUGLEVEL='0'
+# [[ -z $DEBUGLEVEL ]] && DEBUGLEVEL='0'
-case "$DEBUGLEVEL" in
+
-  2) dbgopt='-v';;
+function debugopt () {
-  3) dbgopt='-vvv';;
+  # lvl=$(awk "/^$2/ {print \$2}" ${DEBUGCONF})
-  *) dbgopt='';;
+  case "$(awk "/^$1/ {print \$2}" ${DEBUGCONF})" in
-esac
+    2) echo -n '-v';;
+    3) echo -n '-vvv';;
+    # *) dbgopt='';;
+  esac
+}
 
 # TIMEOUT=$(awk '/^timeout/ {print $2}' $TKCONF &>/dev/null)
 # [[ -z $TIMEOUT ]] && TIMEOUT='60'
 
 function dbg () {
-  [[ $DEBUGLEVEL != "0" ]] && logger -t tunnelkeeper
+  [[ "$(awk "/^$1/ {print \$2}" ${DEBUGCONF})" != "0" ]] && logger -t tunnelkeeper
+  # [[ $DEBUGLEVEL != "0" ]] && logger -t tunnelkeeper
 }
 
 function connect () {
-  ssh -F "${SSHCONF}" $dbgopt -o "ControlMaster auto" -o "StrictHostKeyChecking no" -S "$BASEDIR/var/$1.tksock" -N $1 '#tunnelkeeper' 2>&1 | dbg
+  echo ssh -F "${SSHCONF}" $(debugopt $1) -o "ControlMaster auto" -o "StrictHostKeyChecking no" -S "$BASEDIR/var/$1.tksock" -N $1 '#tunnelkeeper' 2>&1 | dbg $1
 }
 
 
@@ -63,7 +72,7 @@ case "$1" in
       done
     else # passwordless auth
       while true; do
-        connect $2
+        connect $2 #$dbgopt
         sleep 5
       done
     fi
@@ -84,18 +93,20 @@ case "$1" in
   FORKSCREEN )
     while true; do
       echo $$ > "$BASEDIR/var/${2}.screen"
-      connect $2
+      connect $2 #$dbgopt
       sleep 5
     done
     exit
   ;;
   start)
+    genconfig
     [[ -e "$BASEDIR/var/tunnelkeeper.pid" ]] && exit
     echo $$ > "$BASEDIR/var/tunnelkeeper.pid"
     cat "$SSHCONF" | awk '/^Host / {print $2}' | xargs -I% -P0 $0 FORKSTART % '#tunnelkeeper' &
   ;;
   stop )
     rm -f "$BASEDIR/var/tunnelkeeper.pid"
+    rm -f "$BASEDIR/var/*.conf"
     pkill -f '#tunnelkeeper' &>/dev/null
   ;;
   restart )