santaklouse · March 2, 2018 14:30
diff --git a/sshd_tunnel.sh b/sshd_tunnel.sh
 #!/bin/sh

 AUTHORIZED_KEYS=authorized_keys
 HOST_RSA_KEY=ssh_host_rsa_key
 SSHD=/usr/sbin/sshd
 PORT=8443

 case "$AUTHORIZED_KEYS" in /*) ;; *) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
 case "$HOST_RSA_KEY"    in /*) ;; *) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac

 if [ ! -e $AUTHORIZED_KEYS ]; then
 	echo "Didn't find authorized keys file $AUTHORIZED_KEYS"
 	echo "Since password authentication is disabled you will not be able to login"
 	exit
 fi

 if [ ! -e $HOST_RSA_KEY ]; then
 	echo "Didn't find preexisting host keys, will generate $HOST_RSA_KEY"
 	ssh-keygen -t rsa -f $HOST_RSA_KEY -P ''
 fi

 TMP_SSHD_CONFIG=`mktemp`
 trap "rm -f $TMP_SSHD_CONFIG" EXIT INT TERM HUP

 cat > $TMP_SSHD_CONFIG << EOF
 Port $PORT
 HostKey $HOST_RSA_KEY
 UsePrivilegeSeparation no

 # otherwise we won't catch which ports are open
 LogLevel DEBUG

 PubkeyAuthentication yes
 AuthorizedKeysFile $AUTHORIZED_KEYS

 PidFile /dev/null

 UsePAM no
 ChallengeResponseAuthentication no
 PasswordAuthentication no

 # User-launched sshd will not be able to change user anyway
 # yet we can prevent it from vain attempts
 AllowUsers $USER

 ForceCommand echo "no shell access is given"
 AllowTcpForwarding remote
 X11Forwarding no
 PermitTunnel no
 EOF

 SSHD_CONFIG=$TMP_SSHD_CONFIG

 $SSHD -De -f $SSHD_CONFIG 2>&1 | awk "/^debug1: Local forwarding listening/ { print $1 } /^debug1:/ { next } { print $1 }"
	#!/bin/sh

	AUTHORIZED_KEYS=authorized_keys
	HOST_RSA_KEY=ssh_host_rsa_key
	SSHD=/usr/sbin/sshd
	PORT=8443

	case "$AUTHORIZED_KEYS" in /) ;; ) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
	case "$HOST_RSA_KEY" in /) ;; ) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac

	if [ ! -e $AUTHORIZED_KEYS ]; then
	echo "Didn't find authorized keys file $AUTHORIZED_KEYS"
	echo "Since password authentication is disabled you will not be able to login"
	exit
	fi

	if [ ! -e $HOST_RSA_KEY ]; then
	echo "Didn't find preexisting host keys, will generate $HOST_RSA_KEY"
	ssh-keygen -t rsa -f $HOST_RSA_KEY -P ''
	fi

	TMP_SSHD_CONFIG=`mktemp`
	trap "rm -f $TMP_SSHD_CONFIG" EXIT INT TERM HUP

	cat > $TMP_SSHD_CONFIG << EOF
	Port $PORT
	HostKey $HOST_RSA_KEY
	UsePrivilegeSeparation no

	# otherwise we won't catch which ports are open
	LogLevel DEBUG

	PubkeyAuthentication yes
	AuthorizedKeysFile $AUTHORIZED_KEYS

	PidFile /dev/null

	UsePAM no
	ChallengeResponseAuthentication no
	PasswordAuthentication no

	# User-launched sshd will not be able to change user anyway
	# yet we can prevent it from vain attempts
	AllowUsers $USER

	ForceCommand echo "no shell access is given"
	AllowTcpForwarding remote
	X11Forwarding no
	PermitTunnel no
	EOF

	SSHD_CONFIG=$TMP_SSHD_CONFIG

	$SSHD -De -f $SSHD_CONFIG 2>&1 \| awk "/^debug1: Local forwarding listening/ { print $1 } /^debug1:/ { next } { print $1 }"