169 lines
5.5 KiB
Bash
Executable File
169 lines
5.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
REALPATH="$(realpath $0)"
|
|
BASEDIR="${REALPATH%/*}"
|
|
|
|
# if [[ "${1}" == "start" ]]; then
|
|
# rm $BASEDIR/var/*.conf &>/dev/null # Create separate .conf files in var/ from etc/tunnelkeeper.conf
|
|
# awk -v "dir=$BASEDIR/var" '
|
|
# /^\[/ {sec=$1}
|
|
# !/^[#\[]/ {print >> dir"/"sec".conf"}' < $BASEDIR/etc/tunnelkeeper.conf &>/dev/null
|
|
# fi
|
|
|
|
# TKCONF="$BASEDIR/var/[settings].conf"
|
|
SSHCONF="$BASEDIR/var/ssh.conf"
|
|
PWCONF="$BASEDIR/var/passwords.conf"
|
|
WATCHCONF="$BASEDIR/var/watch.conf"
|
|
DEBUGCONF="$BASEDIR/var/debug.conf"
|
|
|
|
function genconfig () {
|
|
cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Eiv '^ *(watch|password|debug)' > "$SSHCONF"
|
|
# cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *watch|Host)' | grep -i -B1 watch | grep -i '^Host' | awk '{print $2}' > "$WATCHCONF"
|
|
cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *watch|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator watch | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Ww]atch//g' > "$WATCHCONF"
|
|
cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *password|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator password | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Pp]assword//g' > "$PWCONF"
|
|
cat "$BASEDIR/etc/tunnelkeeper.conf" | grep -Ei '^( *debug|Host)' | awk '{print $1 " " $2}' | grep -i -B1 --no-group-separator debug | tr '\n' ' ' | sed 's/Host /\n/g; s/ *[Dd]ebug//g' > "$DEBUGCONF"
|
|
}
|
|
|
|
function ruroot () {
|
|
if [[ $UID -ne 0 ]]; then
|
|
echo "You must be root to do this"
|
|
exit
|
|
fi
|
|
}
|
|
|
|
# DEBUGLEVEL=$(awk '/^debug/ {print $2}' $TKCONF &>/dev/null)
|
|
# [[ -z $DEBUGLEVEL ]] && DEBUGLEVEL='0'
|
|
|
|
function debugopt () {
|
|
# lvl=$(awk "/^$2/ {print \$2}" ${DEBUGCONF})
|
|
case "$(awk "/^$1/ {print \$2}" ${DEBUGCONF})" in
|
|
2) echo -n '-v';;
|
|
3) echo -n '-vvv';;
|
|
# *) dbgopt='';;
|
|
esac
|
|
}
|
|
|
|
# TIMEOUT=$(awk '/^timeout/ {print $2}' $TKCONF &>/dev/null)
|
|
# [[ -z $TIMEOUT ]] && TIMEOUT='60'
|
|
|
|
function dbg () {
|
|
[[ "$(awk "/^$1/ {print \$2}" ${DEBUGCONF})" != "0" ]] && logger -t tunnelkeeper
|
|
# [[ $DEBUGLEVEL != "0" ]] && logger -t tunnelkeeper
|
|
}
|
|
|
|
function connect () {
|
|
echo ssh -F "${SSHCONF}" $(debugopt $1) -o "ControlMaster auto" -o "StrictHostKeyChecking no" -S "$BASEDIR/var/$1.tksock" -N $1 '#tunnelkeeper' 2>&1 | dbg $1
|
|
}
|
|
|
|
|
|
case "$1" in
|
|
FORKSTART )
|
|
(grep "$2" $WATCHCONF &>/dev/null) && $0 FORKWATCH $2 '#tunnelkeeper' &
|
|
if [[ $(grep -c "^$2" $PWCONF) -gt 0 ]]; then
|
|
pass=$(awk "/^$2/ {print \$2}" ${PWCONF}) # password needed
|
|
screen -d -m -S "tk${2}" $0 FORKSCREEN $2 '#tunnelkeeper'
|
|
while true; do
|
|
sleep 5
|
|
if [[ -f "$BASEDIR/var/${2}.screen" ]]; then
|
|
screen -S "tk${2}" -X stuff "$pass
|
|
"
|
|
rm -f "$BASEDIR/var/${2}.screen"
|
|
fi
|
|
done
|
|
else # passwordless auth
|
|
while true; do
|
|
connect $2 #$dbgopt
|
|
sleep 5
|
|
done
|
|
fi
|
|
exit
|
|
;;
|
|
FORKWATCH ) # makes sure the connection is still working, even if ssh doesn't drop it
|
|
while true; do
|
|
TIMEOUT=$(awk "/^$2/ {print \$2}" ${WATCHCONF})
|
|
sleep $TIMEOUT
|
|
echo "tick $2" | dbg
|
|
if [[ $(timeout $TIMEOUT ssh localhost -o "StrictHostKeyChecking no" -S $BASEDIR/var/$2.tksock "echo tk") != "tk" ]]; then
|
|
ssh localhost -O exit -S $BASEDIR/var/$2.tksock
|
|
echo "Killing connection to $2. Trying again." | dbg
|
|
fi
|
|
done
|
|
exit
|
|
;;
|
|
FORKSCREEN )
|
|
while true; do
|
|
echo $$ > "$BASEDIR/var/${2}.screen"
|
|
connect $2 #$dbgopt
|
|
sleep 5
|
|
done
|
|
exit
|
|
;;
|
|
start)
|
|
genconfig
|
|
[[ -e "$BASEDIR/var/tunnelkeeper.pid" ]] && exit
|
|
echo $$ > "$BASEDIR/var/tunnelkeeper.pid"
|
|
cat "$SSHCONF" | awk '/^Host / {print $2}' | xargs -I% -P0 $0 FORKSTART % '#tunnelkeeper' &
|
|
;;
|
|
stop )
|
|
rm -f "$BASEDIR/var/tunnelkeeper.pid"
|
|
rm -f "$BASEDIR/var/*.conf"
|
|
pkill -f '#tunnelkeeper' &>/dev/null
|
|
;;
|
|
restart )
|
|
if systemctl status tunnelkeeper &>/dev/null; then
|
|
systemctl restart tunnelkeeper
|
|
else
|
|
$0 stop; sleep 2; $0 start
|
|
fi
|
|
;;
|
|
install )
|
|
ruroot
|
|
which screen &>/dev/null || yum install -y screen || apt install -y screen || echo "Couldn't install screen"
|
|
mkdir -p /opt/tunnelkeeper/var
|
|
mkdir -p /opt/tunnelkeeper/etc
|
|
if [[ "$BASEDIR" != '/opt/tunnelkeeper/' ]]; then
|
|
cp -n "$BASEDIR/etc/tunnelkeeper.conf" /opt/tunnelkeeper/etc/
|
|
cp "$REALPATH" "/opt/tunnelkeeper/tunnelkeeper"
|
|
fi
|
|
ln -f -s /opt/tunnelkeeper/tunnelkeeper /usr/local/bin/tunnelkeeper
|
|
echo "[Unit]
|
|
Description=TunnelKeeper SSH tunnel utility.
|
|
After=network.target
|
|
[Service]
|
|
User=root
|
|
Group=root
|
|
Type=forking
|
|
ExecStart=/opt/tunnelkeeper/tunnelkeeper start
|
|
ExecStop=/opt/tunnelkeeper/tunnelkeeper stop
|
|
RestartSec=15
|
|
Restart=always
|
|
[Install]
|
|
WantedBy=multi-user.target" > /lib/systemd/system/tunnelkeeper.service
|
|
systemctl daemon-reload
|
|
systemctl enable tunnelkeeper.service
|
|
echo -e "\nTunnelKeeper service installed.\n"
|
|
;;
|
|
uninstall )
|
|
ruroot
|
|
systemctl disable tunnelkeeper.service
|
|
rm /usr/local/bin/tunnelkeeper
|
|
rm /lib/systemd/system/tunnelkeeper.service
|
|
systemctl daemon-reload
|
|
cp -f /opt/tunnelkeeper/etc/tunnelkeeper.conf /opt/tunnelkeeper.conf.bak
|
|
rm -rf /opt/tunnelkeeper
|
|
echo -e "\nTunnelKeeper service uninstalled. Config backup saved as /opt/tunnelkeeper.conf.bak \n"
|
|
;;
|
|
list )
|
|
echo "---"
|
|
find "$BASEDIR/var/" -name '*.tksock' | sed 's/^.*\///g; s/\.tksock//g'
|
|
echo "---"
|
|
;;
|
|
config )
|
|
ruroot
|
|
vi "$BASEDIR/etc/tunnelkeeper.conf"
|
|
;;
|
|
* )
|
|
echo -e "\nUsage: $(basename $0) start|stop|restart|install|uninstall|config|list\n"
|
|
;;
|
|
esac
|