summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2021-10-10 06:45:20 -0400
committerAndrew Cady <d@jerkface.net>2021-10-10 06:45:28 -0400
commit6b71f5dd26283ff95d6bbd19797d3d15dd7215f3 (patch)
treeee9ed171add4112dc2e4c48e082fefcf03e16eb0
parente247b29913de26abef93de2133bf920bbfcd04f1 (diff)
tokssh: major improvements
-rwxr-xr-xscripts/tokssh127
1 files changed, 56 insertions, 71 deletions
diff --git a/scripts/tokssh b/scripts/tokssh
index 904efd4..844bad6 100755
--- a/scripts/tokssh
+++ b/scripts/tokssh
@@ -2,95 +2,72 @@
2set -e 2set -e
3function help { 3function help {
4 cat <<EOF 4 cat <<EOF
5A simple wrapper to use like SSH 5TokSSH: Make an SSH connection over Tox.
6
7Use this simple wrapper like you would use "ssh".
8
9Usage:
10 tokssh [ssh options] [user@]<address>
6 11
7Usage: 12Usage:
8 tokssh [ssh options] [user@]address [-s secret] 13 TUNTOX_DESTINATION=[user@]<address> tokssh
9 14
10where 15where
11 16
12 ssh options: options to pass to ssh process 17 ssh options: options to pass to ssh process
13 user: login on remote host 18 user: login username on remote host (you could also use "-l user")
14 address: either a ToxID or a hostname. ~/.tuntox/hosts is read to map 19 address: a ToxID
15 hostname to ToxID. hostname MUST resolve to 127.0.0.1
16 20
17 -s optional secret to use to connect to tuntox server 21 To specify a tuntox secret (password), set the environment variable
22 TUNTOX_SECRET.
23
24 Specifying passwords on the command line is insecure, since the arguments of
25 programs are considered public data.
26
27 For that reason, you can also specify the remote address and username with
28 the environment variable TUNTOX_DESTINATION. This hides your desintation
29 from other users on the system. In this case, all options will be passed to
30 SSH.
18 31
19examples: 32examples:
33
34 TUNTOX_SECRET=sOmEPassWOrd tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
20 tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 35 tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
21 tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 36 tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
22 tokssh -p 2222 -o ForwardAgent=yes user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 37 tokssh -p 2222 -o ForwardAgent=yes -l user 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054
23 tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 -s TuNToXSeCreT 38 TUNTOX_DESTINATION=5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 tokssh -p 2222
24 39
25files: 40files:
26 ~/.tuntox/persist/ 41 ~/.tuntox/persist/
27 42
28 If directory exists, then read & store a persistent secret key/TOXID within. 43 If directory exists, then read & store a persistent secret key/TOXID within.
29 44
30 ~/.tuntox/hosts
31
32 Maps hostname to ToxID and optional secret.
33
34 format is:
35
36 hostname ToxID secret(optional)
37EOF 45EOF
38} 46}
39 47
40strargs="'$*'" 48if [ "$TUNTOX_DESTINATION" ]
41if [ -z "${strargs##*-h*}" ] || [ -z "${strargs##*--help*}" ] ;then
42 help
43 exit
44fi
45
46array=( $@ )
47len=${#array[@]}
48
49if [ $len -lt 1 ]; then
50 help
51 exit
52fi
53
54
55# look for secret and remvove it from args
56if [ $len -gt 2 ] && [ "${array[$len-2]}" == "-s" ]
57then
58 secret="${array[@]:$len-2:$len-1}"
59 len=$[len-2]
60fi
61
62userhost=${array[$len-1]}
63args=${array[@]:0:$len-1}
64
65# check for user@id
66arruserhost=(${userhost//@/ })
67arruserhostlen=${#arruserhost[@]}
68
69if [ $arruserhostlen -gt 1 ]
70then 49then
71 # last argument is user@toxid 50 set -- "$@" "$TUNTOX_DESTINATION"
72 user="${arruserhost[0]}@" 51 unset TUNTOX_DESTINATION
73 toxid=${arruserhost[1]}
74 hostname=$toxid
75else
76 # last argument is just toxid
77 user=""
78 toxid=$userhost
79 hostname=$toxid
80fi 52fi
81 53
82#search toxid in ~/.tuntox/hosts and map it to toxid 54while [ $# -gt 0 ]
83if [ -f ~/.tuntox/hosts ]; then 55do
84 while read c_hostname c_toxid c_secret; do 56 case "$1" in
85 if [ "${c_hostname:0:1}" != "#" ] && [ "$c_hostname" == "$toxid" ]; then 57 -h|--help)
86 toxid="$c_toxid" 58 help
87 if [ "$secret" == "" ]; then 59 exit ;;
88 secret="-s $c_secret" 60 *)
89 fi 61 if [ $# -eq 1 ]
90 break 62 then
91 fi 63 break
92 done < ~/.tuntox/hosts 64 else
93fi 65 ssh_options += "$1"
66 fi ;;
67 esac
68 shift
69done
70[ $# = 1 ] || { help; exit 1; }
94 71
95if [ -d ~/.tuntox/persist ]; then 72if [ -d ~/.tuntox/persist ]; then
96 persist='-C ~/.tuntox/persist' 73 persist='-C ~/.tuntox/persist'
@@ -98,10 +75,18 @@ else
98 persist= 75 persist=
99fi 76fi
100 77
78# Explicitly set the default values for CanonicalizeHostname and UpdateHostKeys,
79# just to be safe.
80
81# We use StrictHostKeyChecking=accept because Tox validates the Tox identity and
82# the Tox key is the identity. We have already performed initial public key
83# exchange.
84
101ssh \ 85ssh \
102 -o ProxyCommand="tuntox $persist -i $toxid -W localhost:%p $secret" \ 86 -o ProxyCommand="tuntox $persist -i $toxid -W localhost:%p '$TUNTOX_SECRET'" \
103 -o StrictHostKeyChecking=accept-new \ 87 -o StrictHostKeyChecking=accept \
104 -o CanonicalizeHostname=no \ 88 -o CanonicalizeHostname=no \
105 -o UpdateHostKeys=yes \ 89 -o UpdateHostKeys=yes \
106 $args \ 90 "${ssh_options[@]}" \
107 ${user}${hostname} 91 -- \
92 "$1"