84 lines
2.4 KiB
Bash
Executable File
84 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root."
|
|
exit 1
|
|
fi
|
|
|
|
echo "OK: Root user detected."
|
|
echo "NEXT: Checking for apt-get executable."
|
|
|
|
APT_GET_CMD=$(which apt-get)
|
|
|
|
if [[ -z $APT_GET_CMD ]]; then
|
|
echo "No apt-get executable found. Exiting."
|
|
exit 1;
|
|
fi
|
|
|
|
echo "OK: apt-get found."
|
|
echo "NEXT: Check and eventually install necessary packages."
|
|
|
|
REQUIRED_PKG="autossh"
|
|
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed")
|
|
|
|
echo Checking for $REQUIRED_PKG: $PKG_OK
|
|
|
|
if [ "" = "$PKG_OK" ]; then
|
|
echo "No $REQUIRED_PKG. Setting up $REQUIRED_PKG."
|
|
apt-get --yes install $REQUIRED_PKG
|
|
fi
|
|
|
|
echo "NEXT: Check for existence of autossh dedicated user."
|
|
|
|
if [ ! id -u autossh >/dev/null 2>&1 ]; then
|
|
echo "The user is missing so we will create for you."
|
|
useradd -m -s /bin/false autossh
|
|
fi
|
|
|
|
if [ ! id -u autossh >/dev/null 2>&1 ]; then
|
|
echo "There are some problems with user creation. Exiting."
|
|
exit 1;
|
|
fi
|
|
|
|
echo "NEXT: Setup autossh home."
|
|
|
|
mkdir -p "/home/autossh/.ssh"
|
|
touch -a /home/autossh/.ssh/authorized_keys
|
|
|
|
if [ ! -s authorized_keys ]; then
|
|
echo "WARNING: authorized_keys in setup folder seems empty so you should manually setup host authorized_keys or rerun this script."
|
|
fi
|
|
cat authorized_keys >> /home/autossh/.ssh/authorized_keys
|
|
|
|
echo "OK: Files and content ready."
|
|
echo "NEXT: Setup file and folder permissions."
|
|
|
|
chown -R autossh:autossh /home/autossh/.ssh
|
|
chmod 700 /home/autossh/.ssh
|
|
chmod 600 /home/autossh/.ssh/authorized_keys
|
|
|
|
echo "OK: File and folder permissions setup."
|
|
echo "NEXT: Checking for systemd."
|
|
|
|
SYSTEMCTL_CMD=$(which systemctl)
|
|
if [[ ! -z $SYSTEMCTL_CMD ]]; then
|
|
echo "NEXT: Copy targets into /etc/default."
|
|
|
|
cp -n targets/* /etc/default/
|
|
|
|
echo "OK: Targets copied."
|
|
echo "NEXT: Setup systemd service."
|
|
|
|
cp secure-tunnel@.service /etc/systemd/system/
|
|
systemctl daemon-reload
|
|
|
|
echo "OK: Systemd service created."
|
|
else
|
|
echo "WARNING: No systemd installation found. You should manually setup an autossh service to keep tunnel alive."
|
|
fi
|
|
|
|
echo "All done. What you need to do now:\n"
|
|
echo "- generate an ssh keypair with ssh-keygen for user autossh and push signature to the jump server"
|
|
echo "- configure remote host /etc/ssh/sshd_config with option 'GatewayPorts yes' and 'AllowTcpForwarding yes'"
|
|
echo "- configure your ~/.ssh/config like the provided one with this repo"
|