diff options
author | Andrew Cady <d@jerkface.net> | 2021-10-10 06:45:20 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2021-10-10 06:45:28 -0400 |
commit | 6b71f5dd26283ff95d6bbd19797d3d15dd7215f3 (patch) | |
tree | ee9ed171add4112dc2e4c48e082fefcf03e16eb0 | |
parent | e247b29913de26abef93de2133bf920bbfcd04f1 (diff) |
tokssh: major improvements
-rwxr-xr-x | scripts/tokssh | 127 |
1 files changed, 56 insertions, 71 deletions
diff --git a/scripts/tokssh b/scripts/tokssh index 904efd4..844bad6 100755 --- a/scripts/tokssh +++ b/scripts/tokssh | |||
@@ -2,95 +2,72 @@ | |||
2 | set -e | 2 | set -e |
3 | function help { | 3 | function help { |
4 | cat <<EOF | 4 | cat <<EOF |
5 | A simple wrapper to use like SSH | 5 | TokSSH: Make an SSH connection over Tox. |
6 | |||
7 | Use this simple wrapper like you would use "ssh". | ||
8 | |||
9 | Usage: | ||
10 | tokssh [ssh options] [user@]<address> | ||
6 | 11 | ||
7 | Usage: | 12 | Usage: |
8 | tokssh [ssh options] [user@]address [-s secret] | 13 | TUNTOX_DESTINATION=[user@]<address> tokssh |
9 | 14 | ||
10 | where | 15 | where |
11 | 16 | ||
12 | ssh options: options to pass to ssh process | 17 | ssh options: options to pass to ssh process |
13 | user: login on remote host | 18 | user: login username on remote host (you could also use "-l user") |
14 | address: either a ToxID or a hostname. ~/.tuntox/hosts is read to map | 19 | address: a ToxID |
15 | hostname to ToxID. hostname MUST resolve to 127.0.0.1 | ||
16 | 20 | ||
17 | -s optional secret to use to connect to tuntox server | 21 | To specify a tuntox secret (password), set the environment variable |
22 | TUNTOX_SECRET. | ||
23 | |||
24 | Specifying passwords on the command line is insecure, since the arguments of | ||
25 | programs are considered public data. | ||
26 | |||
27 | For that reason, you can also specify the remote address and username with | ||
28 | the environment variable TUNTOX_DESTINATION. This hides your desintation | ||
29 | from other users on the system. In this case, all options will be passed to | ||
30 | SSH. | ||
18 | 31 | ||
19 | examples: | 32 | examples: |
33 | |||
34 | TUNTOX_SECRET=sOmEPassWOrd tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 | ||
20 | tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 | 35 | tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 |
21 | tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 | 36 | tokssh 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 |
22 | tokssh -p 2222 -o ForwardAgent=yes user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 | 37 | tokssh -p 2222 -o ForwardAgent=yes -l user 5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 |
23 | tokssh user@5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 -s TuNToXSeCreT | 38 | TUNTOX_DESTINATION=5A40C3443ABD6E1DDEE682E83F84A4D556C24C22D2230DCC141A4723C123473C171A4D9C4054 tokssh -p 2222 |
24 | 39 | ||
25 | files: | 40 | files: |
26 | ~/.tuntox/persist/ | 41 | ~/.tuntox/persist/ |
27 | 42 | ||
28 | If directory exists, then read & store a persistent secret key/TOXID within. | 43 | If directory exists, then read & store a persistent secret key/TOXID within. |
29 | 44 | ||
30 | ~/.tuntox/hosts | ||
31 | |||
32 | Maps hostname to ToxID and optional secret. | ||
33 | |||
34 | format is: | ||
35 | |||
36 | hostname ToxID secret(optional) | ||
37 | EOF | 45 | EOF |
38 | } | 46 | } |
39 | 47 | ||
40 | strargs="'$*'" | 48 | if [ "$TUNTOX_DESTINATION" ] |
41 | if [ -z "${strargs##*-h*}" ] || [ -z "${strargs##*--help*}" ] ;then | ||
42 | help | ||
43 | exit | ||
44 | fi | ||
45 | |||
46 | array=( $@ ) | ||
47 | len=${#array[@]} | ||
48 | |||
49 | if [ $len -lt 1 ]; then | ||
50 | help | ||
51 | exit | ||
52 | fi | ||
53 | |||
54 | |||
55 | # look for secret and remvove it from args | ||
56 | if [ $len -gt 2 ] && [ "${array[$len-2]}" == "-s" ] | ||
57 | then | ||
58 | secret="${array[@]:$len-2:$len-1}" | ||
59 | len=$[len-2] | ||
60 | fi | ||
61 | |||
62 | userhost=${array[$len-1]} | ||
63 | args=${array[@]:0:$len-1} | ||
64 | |||
65 | # check for user@id | ||
66 | arruserhost=(${userhost//@/ }) | ||
67 | arruserhostlen=${#arruserhost[@]} | ||
68 | |||
69 | if [ $arruserhostlen -gt 1 ] | ||
70 | then | 49 | then |
71 | # last argument is user@toxid | 50 | set -- "$@" "$TUNTOX_DESTINATION" |
72 | user="${arruserhost[0]}@" | 51 | unset TUNTOX_DESTINATION |
73 | toxid=${arruserhost[1]} | ||
74 | hostname=$toxid | ||
75 | else | ||
76 | # last argument is just toxid | ||
77 | user="" | ||
78 | toxid=$userhost | ||
79 | hostname=$toxid | ||
80 | fi | 52 | fi |
81 | 53 | ||
82 | #search toxid in ~/.tuntox/hosts and map it to toxid | 54 | while [ $# -gt 0 ] |
83 | if [ -f ~/.tuntox/hosts ]; then | 55 | do |
84 | while read c_hostname c_toxid c_secret; do | 56 | case "$1" in |
85 | if [ "${c_hostname:0:1}" != "#" ] && [ "$c_hostname" == "$toxid" ]; then | 57 | -h|--help) |
86 | toxid="$c_toxid" | 58 | help |
87 | if [ "$secret" == "" ]; then | 59 | exit ;; |
88 | secret="-s $c_secret" | 60 | *) |
89 | fi | 61 | if [ $# -eq 1 ] |
90 | break | 62 | then |
91 | fi | 63 | break |
92 | done < ~/.tuntox/hosts | 64 | else |
93 | fi | 65 | ssh_options += "$1" |
66 | fi ;; | ||
67 | esac | ||
68 | shift | ||
69 | done | ||
70 | [ $# = 1 ] || { help; exit 1; } | ||
94 | 71 | ||
95 | if [ -d ~/.tuntox/persist ]; then | 72 | if [ -d ~/.tuntox/persist ]; then |
96 | persist='-C ~/.tuntox/persist' | 73 | persist='-C ~/.tuntox/persist' |
@@ -98,10 +75,18 @@ else | |||
98 | persist= | 75 | persist= |
99 | fi | 76 | fi |
100 | 77 | ||
78 | # Explicitly set the default values for CanonicalizeHostname and UpdateHostKeys, | ||
79 | # just to be safe. | ||
80 | |||
81 | # We use StrictHostKeyChecking=accept because Tox validates the Tox identity and | ||
82 | # the Tox key is the identity. We have already performed initial public key | ||
83 | # exchange. | ||
84 | |||
101 | ssh \ | 85 | ssh \ |
102 | -o ProxyCommand="tuntox $persist -i $toxid -W localhost:%p $secret" \ | 86 | -o ProxyCommand="tuntox $persist -i $toxid -W localhost:%p '$TUNTOX_SECRET'" \ |
103 | -o StrictHostKeyChecking=accept-new \ | 87 | -o StrictHostKeyChecking=accept \ |
104 | -o CanonicalizeHostname=no \ | 88 | -o CanonicalizeHostname=no \ |
105 | -o UpdateHostKeys=yes \ | 89 | -o UpdateHostKeys=yes \ |
106 | $args \ | 90 | "${ssh_options[@]}" \ |
107 | ${user}${hostname} | 91 | -- \ |
92 | "$1" | ||