Created
March 18, 2022 08:39
-
-
Save darkk/9c71252357d3d422661ae39d340ca22a to your computer and use it in GitHub Desktop.
OpenWRT /etc/init.d/sshmole
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh /etc/rc.common | |
| # NB: instance name is pure alpha-numeric, it can't have dashes!!! | |
| # | |
| # ==> /etc/config/sshmole <== | |
| # config sshmole consrv | |
| # option remote 4242 | |
| # option srv [email protected] | |
| # option respawn_retry 0 ~~ disables stop-on-crashloop | |
| # option respawn_timeout 15 ~~ is sleep() between restarts | |
| START=99 | |
| USE_PROCD=1 | |
| validate_section_sshmole() { | |
| uci_validate_section sshmole sshmole "${1}" \ | |
| 'local:port:22' \ | |
| 'remote:port' \ | |
| 'srv:string' \ | |
| 'respawn_threshold:uinteger:600' \ | |
| 'respawn_timeout:uinteger:15' \ | |
| 'respawn_retry:uinteger:0' \ | |
| 'enable:bool:1' | |
| } | |
| sshmole_instance () { | |
| local local remote srv enable respawn_threshold respawn_timeout respawn_retry | |
| validate_section_sshmole "${1}" || { | |
| echo "validation failed" | |
| return 1 | |
| } | |
| [ "$enable" = "0" -o -z "$srv" -o -z "$remote" ] && return 1 | |
| rm -f /tmp/sshmole-meet."$1" | |
| cat >/tmp/sshmole-meet."$1" <<EOF | |
| #!/bin/sh -x | |
| # to cache server host key /etc/sshmole/.ssh/known_hosts | |
| exec env HOME=/etc/sshmole start-stop-daemon -c network:network -x /usr/bin/ssh -S -- -i /etc/sshmole/id "${srv}" date | |
| EOF | |
| chmod +x /tmp/sshmole-meet."$1" | |
| procd_open_instance "$1" | |
| procd_set_param command /usr/bin/ssh \ | |
| -o ExitOnForwardFailure=yes \ | |
| -N -T -i /etc/sshmole/id -K 40 \ | |
| -R "127.0.0.1:${remote}:127.0.0.1:${local}" \ | |
| "${srv}" | |
| procd_set_param env HOME=/etc/sshmole | |
| # respawn_count = (runtime < respawn_threshold) ? (respawn_count + 1) : 0; | |
| # if (respawn_count > respawn_retry && respawn_retry > 0) { | |
| # LOG("Instance %s::%s s in a crash loop %d crashes, %ld seconds since last crash\n", ... | |
| # } else { | |
| # uloop_timeout_set(&timeout, respawn_timeout * 1000); ... | |
| # } | |
| # -- https://git.openwrt.org/?p=project/procd.git;a=blob;f=service/instance.c;h=a5742b7300d0b9075a605126b9574f3da0c13190;hb=HEAD#l551 | |
| procd_set_param respawn "$respawn_threshold" "$respawn_timeout" "$respawn_retry" | |
| procd_set_param stdout 1 # forward to logd | |
| procd_set_param stderr 1 # same for stderr | |
| procd_set_param user network | |
| procd_close_instance | |
| } | |
| start_service() { | |
| if [ ! -f /etc/sshmole/.ssh/known_hosts ]; then | |
| mkdir -p /etc/sshmole/.ssh | |
| touch /etc/sshmole/.ssh/known_hosts | |
| chown network:network /etc/sshmole/.ssh/known_hosts | |
| fi | |
| if [ ! -f /etc/sshmole/id ]; then | |
| dropbearkey -t rsa -s 2048 -f /etc/sshmole/id | |
| dropbearkey -y -f /etc/sshmole/id | grep ^ssh >/etc/sshmole/id.pub | |
| chown network:network /etc/sshmole/id /etc/sshmole/id.pub | |
| fi | |
| config_load sshmole | |
| config_foreach sshmole_instance sshmole | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment