gordon/TunnelKeeper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

made config better

Browse Source
This commit is contained in:
Gordon Grant-Stuart 2023-02-28 18:12:44 +00:00
parent 72fd809734
commit 5ee9ad12c8
3 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -7,8 +7,10 @@ Edit the config file `/opt/tunnelkeeper/etc/tunnelkeeper.conf`. If you make chan
There are 3 sections: There are 3 sections:
#### settings #### settings
- `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging) - `debug [0..3]`: Debug logging levels 0 (no logging) to 3 (too much logging).
- `timeout`: Echo check timeout for watched connections.
#### ssh #### ssh
- It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background. - It's an ssh config file, so see `man ssh_config` for information. TunnelKeeper will connect to each host listed, and make sure every connection in `tunnelkeeper.conf` stays open in the background.
#### passwords - There are 2 options that aren't available in normal ssh config files:
- `host password`: Passwords of the hosts in the ssh section. They are stored in plaintext, so don't use it if you can avoid it. - `Watch` : Enables an echo test on the host at regular intervals.
- `Password` : Uses screen to log in with a password. This is **insecure**, since the password is in plaintext, so use passwordless auth if possible.

7
etc/tunnelkeeper.conf
View File

@ -11,14 +11,11 @@ timeout 30
# Hostname 123.45.67.89 # Hostname 123.45.67.89
# User ubuntu # User ubuntu
# LocalForward 12345 127.0.0.1:22 # LocalForward 12345 127.0.0.1:22
# Watch
# Password p@$$w0rd
# #
# Host server2 # Host server2
# Hostname 123.45.67.90 # Hostname 123.45.67.90
# User ubuntu # User ubuntu
# Port 2222 # Port 2222
# RemoteForward 54321 127.0.0.1:22 # RemoteForward 54321 127.0.0.1:22
[passwords]
# Use this section at your own risk, because the passwords are stored in plaintext.
# server1 p@$$w0rd

11
tunnelkeeper
View File

@ -10,9 +10,14 @@ if [[ "${1}" == "start" ]]; then
!/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null !/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null
fi fi
SSHCONF="$BASEDIR/var/[ssh].conf"
TKCONF="$BASEDIR/var/[settings].conf" TKCONF="$BASEDIR/var/[settings].conf"
PWCONF="$BASEDIR/var/[passwords].conf" SSHCONF="$BASEDIR/var/ssh.conf"
PWCONF="$BASEDIR/var/passwords.conf"
WATCHCONF="$BASEDIR/var/watch.conf"
cat "$BASEDIR/var/[ssh].conf" | grep -Eiv '^ *(watch|password)' > cat "$SSHCONF"
cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *watch|Host)' | grep -B1 Watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF"
cat "$BASEDIR/var/[ssh].conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF"
function ruroot () { function ruroot () {
if [[ $UID -ne 0 ]]; then if [[ $UID -ne 0 ]]; then
@ -43,7 +48,7 @@ function connect () {
case "$1" in case "$1" in
FORKSTART ) FORKSTART )
$0 FORKWATCH $2 '#tunnelkeeper' & (grep "$2" $WATCHCONF &>/dev/null) && $0 FORKWATCH $2 '#tunnelkeeper' &
if [[ $(grep -c "^$2" $PWCONF) -gt 0 ]]; then if [[ $(grep -c "^$2" $PWCONF) -gt 0 ]]; then
pass=$(awk "/^$2/ {print \$2}" ${PWCONF}) # password needed pass=$(awk "/^$2/ {print \$2}" ${PWCONF}) # password needed
screen -d -m -S "tk${2}" $0 FORKSCREEN $2 '#tunnelkeeper' screen -d -m -S "tk${2}" $0 FORKSCREEN $2 '#tunnelkeeper'