diff --git a/bin/ssh-persist.sh b/bin/ssh-persist.sh index d452bdf..889221b 100644 --- a/bin/ssh-persist.sh +++ b/bin/ssh-persist.sh @@ -14,7 +14,7 @@ fi sshp() { echo "$@" >&$_sshp_in echo "echo EOF" >&$_sshp_in - sed '/EOF/Q' <$_sshp_out + sed '/EOF/Q' <$_sshp_tmpdir/out } # assign dest to variable @@ -22,22 +22,41 @@ _sshp_dest=$1 # create temporary directory _sshp_tmpdir=$(mktemp -d) mkfifo $_sshp_tmpdir/in $_sshp_tmpdir/out -_sshp_out=$_sshp_tmpdir/out -# assign input to a file descriptor so it doesn't get closed -exec {_sshp_in}<>$_sshp_tmpdir/in +# assign input and output to a file descriptors so they don't get closed +exec {_sshp_in}<>$_sshp_tmpdir/in {_sshp_out}<>$_sshp_tmpdir/out # trap exit to do cleanup -trap "{ exec {_sshp_in}>&-; ssh -O exit -S $_sshp_tmpdir/ssh $_sshp_dest &>/dev/null; rm -rf $_sshp_tmpdir; }" EXIT +trap "{ exec {_sshp_in}>&- {_sshp_out}>&-; ssh -O exit -S $_sshp_tmpdir/ssh $_sshp_dest &>/dev/null; rm -rf $_sshp_tmpdir; }" EXIT # login with master so ssh can ask password if necessary ssh -M -Nf -S $_sshp_tmpdir/ssh $_sshp_dest # login with redirection for the persistent connection -ssh -S $_sshp_tmpdir/ssh medusa 0<&$_sshp_in 1>$_sshp_out 2>$_sshp_out & +ssh -S $_sshp_tmpdir/ssh medusa 0<&$_sshp_in 1>&$_sshp_out 2>&1 & # clear output sshp true &> /dev/null # ask for password and run sudo so password can be cached -(printf "[sudo] password for $(sshp echo \$USER)@$(sshp hostname): " - read -s password - printf '\n' - echo "sudo -S true" >&$_sshp_in - echo $password >&$_sshp_in) +( +user=$(sshp echo \$USER) +host=$(sshp hostname) +askpass() { + read -p "[sudo] password for $user@$host: " -s password + printf "\n" >&2 + echo "${password}" >&$_sshp_in +} +line='' +while [[ $line != "[sudo] password for $user: EOF" ]]; do + if [[ $line == "" ]]; then + echo "sudo -S echo 'EOF'" >&$_sshp_in + elif [[ $line == "[sudo] password for $user: Sorry, try again." ]]; then + echo "Sorry, try again." >&2 + elif [[ $line == "[sudo] password for $user: sudo: 3 incorrect password attempts" ]]; then + echo "$(basename $BASH_SOURCE): 3 incorrect password attempts" >&2 + return 1 + else + echo "$(basename $BASH_SOURCE): unexpected output during sudo: ${line@Q}" >&2 + return 1 + fi + askpass + read line <$_sshp_tmpdir/out +done +) # clear output again sshp true &> /dev/null diff --git a/bin/wg-addpeer b/bin/wg-addpeer index f40edf1..ed1066d 100755 --- a/bin/wg-addpeer +++ b/bin/wg-addpeer @@ -13,6 +13,7 @@ fi dest="$1" # script expects ssh-persist to be either in the same directory, or in the path +sudo -p '[sudo] password for %u@%h' true cd $(dirname $0) . ssh-persist.sh $dest @@ -24,7 +25,6 @@ host_port=$(sudo wg show $wg_dev listen-port) host_key=$(sudo wg show $wg_dev public-key) # gather dest info -sudo -v -p '[sudo] password for %u@%h' dest_name=$(sshp hostname) dest_fqdn=$(sshp hostname --fqdn) dest_wgip="$(sshp ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')" @@ -32,17 +32,13 @@ dest_port=$(sshp sudo wg show $wg_dev listen-port) dest_key=$(sshp sudo wg show $wg_dev public-key) # add peer on host -echo "Configuring peer on local host ..." sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32 -echo "Configuring peer hostname on local host ..." -search="^[0-9.]+\s+$dest_name.$wg_domain" +search="^[0-9.]+\s+$dest_name.$wg_domain\$" replace="$dest_wgip\t$dest_name.$wg_domain" -eval "(grep -qE '$search' /etc/hosts && sudo sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null" +eval "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null" # add peer on dest -echo "Configuring peer on remote host ..." sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32 -echo "Configuring peer hostname on remote host ..." search="^[0-9.]+\s+$host_name.$wg_domain" replace="$host_wgip\t$host_name.$wg_domain" -sshp "(grep -qE '$search' /etc/hosts && sudo sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null" +sshp "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"