diff --git a/README.md b/README.md index a14235f..2c5dfa0 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,10 @@ Edit the config file `/opt/tunnelkeeper/etc/tunnelkeeper.conf`. If you make chan There are 3 sections: #### settings -- `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging) +- `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging). +- `timeout`: Echo check timeout for watched connections. #### ssh - It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background. -#### passwords -- `host password`: Passwords of the hosts in the ssh section. They are stored in plaintext, so don't use it if you can avoid it. +- There are 2 options that aren't available in normal ssh config files: + - `Watch` : Enables an echo test on the host at regular intervals. + - `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible. \ No newline at end of file diff --git a/etc/tunnelkeeper.conf b/etc/tunnelkeeper.conf index 7be4958..c3557ea 100644 --- a/etc/tunnelkeeper.conf +++ b/etc/tunnelkeeper.conf @@ -11,14 +11,11 @@ timeout 30 # Hostname 123.45.67.89 # User ubuntu # LocalForward 12345 127.0.0.1:22 +# Watch +# Password p@$$w0rd # # Host server2 # Hostname 123.45.67.90 # User ubuntu # Port 2222 # RemoteForward 54321 127.0.0.1:22 - -[passwords] -# Use this section at your own risk, because the passwords are stored in plaintext. - -# server1 p@$$w0rd \ No newline at end of file diff --git a/tunnelkeeper b/tunnelkeeper index 2eeb0ea..6ac1211 100755 --- a/tunnelkeeper +++ b/tunnelkeeper @@ -10,9 +10,14 @@ if [[ "${1}" == "start" ]]; then !/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null fi -SSHCONF="$BASEDIR/var/[ssh].conf" TKCONF="$BASEDIR/var/[settings].conf" -PWCONF="$BASEDIR/var/[passwords].conf" +SSHCONF="$BASEDIR/var/ssh.conf" +PWCONF="$BASEDIR/var/passwords.conf" +WATCHCONF="$BASEDIR/var/watch.conf" + +cat "$BASEDIR/var/[ssh].conf" | grep -Eiv '^ *(watch|password)' > cat "$SSHCONF" +cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | grep -B1 Watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF" +cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF" function ruroot () { if [[ $UID -ne 0 ]]; then @@ -43,7 +48,7 @@ function connect () { case "$1" in FORKSTART ) - $0 FORKWATCH $2 '#tunnelkeeper' & + (grep "$2" $WATCHCONF &>/dev/null) && $0 FORKWATCH $2 '#tunnelkeeper' & if [[ $(grep -c "^$2" $PWCONF) -gt 0 ]]; then pass=$(awk "/^$2/ {print \$2}" ${PWCONF}) # password needed screen -d -m -S "tk${2}" $0 FORKSCREEN $2 '#tunnelkeeper'