mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

all bugs should be fixed, hopefully

master
Mario Alegre 5 years ago
parent
2b325891bd
commit
ab6ba96d56
2 changed files with 34 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 41
      bin/ssh-persist.sh
  2. 12
      bin/wg-addpeer

41
bin/ssh-persist.sh
View File

@ -14,7 +14,7 @@ fi
sshp() {
echo "$@" >&$_sshp_in
echo "echo EOF" >&$_sshp_in
sed '/EOF/Q' <$_sshp_out
sed '/EOF/Q' <$_sshp_tmpdir/out
}
# assign dest to variable
@ -22,22 +22,41 @@ _sshp_dest=$1
# create temporary directory
_sshp_tmpdir=$(mktemp -d)
mkfifo $_sshp_tmpdir/in $_sshp_tmpdir/out
_sshp_out=$_sshp_tmpdir/out
# assign input to a file descriptor so it doesn't get closed
exec {_sshp_in}<>$_sshp_tmpdir/in
# assign input and output to a file descriptors so they don't get closed
exec {_sshp_in}<>$_sshp_tmpdir/in {_sshp_out}<>$_sshp_tmpdir/out
# trap exit to do cleanup
trap "{ exec {_sshp_in}>&-; ssh -O exit -S $_sshp_tmpdir/ssh $_sshp_dest &>/dev/null; rm -rf $_sshp_tmpdir; }" EXIT
trap "{ exec {_sshp_in}>&- {_sshp_out}>&-; ssh -O exit -S $_sshp_tmpdir/ssh $_sshp_dest &>/dev/null; rm -rf $_sshp_tmpdir; }" EXIT
# login with master so ssh can ask password if necessary
ssh -M -Nf -S $_sshp_tmpdir/ssh $_sshp_dest
# login with redirection for the persistent connection
ssh -S $_sshp_tmpdir/ssh medusa 0<&$_sshp_in 1>$_sshp_out 2>$_sshp_out &
ssh -S $_sshp_tmpdir/ssh medusa 0<&$_sshp_in 1>&$_sshp_out 2>&1 &
# clear output
sshp true &> /dev/null
# ask for password and run sudo so password can be cached
(printf "[sudo] password for $(sshp echo \$USER)@$(sshp hostname): "
read -s password
printf '\n'
echo "sudo -S true" >&$_sshp_in
echo $password >&$_sshp_in)
(
user=$(sshp echo \$USER)
host=$(sshp hostname)
askpass() {
read -p "[sudo] password for $user@$host: " -s password
printf "\n" >&2
echo "${password}" >&$_sshp_in
}
line=''
while [[ $line != "[sudo] password for $user: EOF" ]]; do
if [[ $line == "" ]]; then
echo "sudo -S echo 'EOF'" >&$_sshp_in
elif [[ $line == "[sudo] password for $user: Sorry, try again." ]]; then
echo "Sorry, try again." >&2
elif [[ $line == "[sudo] password for $user: sudo: 3 incorrect password attempts" ]]; then
echo "$(basename $BASH_SOURCE): 3 incorrect password attempts" >&2
return 1
else
echo "$(basename $BASH_SOURCE): unexpected output during sudo: ${line@Q}" >&2
return 1
fi
askpass
read line <$_sshp_tmpdir/out
done
)
# clear output again
sshp true &> /dev/null

12
bin/wg-addpeer
View File

@ -13,6 +13,7 @@ fi
dest="$1"
# script expects ssh-persist to be either in the same directory, or in the path
sudo -p '[sudo] password for %u@%h' true
cd $(dirname $0)
. ssh-persist.sh $dest
@ -24,7 +25,6 @@ host_port=$(sudo wg show $wg_dev listen-port)
host_key=$(sudo wg show $wg_dev public-key)
# gather dest info
sudo -v -p '[sudo] password for %u@%h'
dest_name=$(sshp hostname)
dest_fqdn=$(sshp hostname --fqdn)
dest_wgip="$(sshp ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
@ -32,17 +32,13 @@ dest_port=$(sshp sudo wg show $wg_dev listen-port)
dest_key=$(sshp sudo wg show $wg_dev public-key)
# add peer on host
echo "Configuring peer on local host ..."
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
echo "Configuring peer hostname on local host ..."
search="^[0-9.]+\s+$dest_name.$wg_domain"
search="^[0-9.]+\s+$dest_name.$wg_domain\$"
replace="$dest_wgip\t$dest_name.$wg_domain"
eval "(grep -qE '$search' /etc/hosts && sudo sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
eval "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
# add peer on dest
echo "Configuring peer on remote host ..."
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
echo "Configuring peer hostname on remote host ..."
search="^[0-9.]+\s+$host_name.$wg_domain"
replace="$host_wgip\t$host_name.$wg_domain"
sshp "(grep -qE '$search' /etc/hosts && sudo sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
sshp "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"

Write Preview
Loading…
Cancel
Save