raspiblitz/home.admin/config.scripts/internet.sshtunnel.py

163 lines
5.4 KiB
Python
Raw Normal View History

2019-04-01 22:49:53 +01:00
#!/usr/bin/python3
2019-04-01 23:21:47 +01:00
2019-04-02 00:05:37 +01:00
import sys, subprocess
2019-04-02 01:22:00 +01:00
from pathlib import Path
2019-04-01 23:31:42 +01:00
2019-04-02 00:05:37 +01:00
# display config script info
if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help":
2019-04-01 23:43:21 +01:00
print("forward ports from another server to raspiblitz with reverse SSH tunnel")
print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]")
print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings")
sys.exit(1)
2019-04-02 01:22:00 +01:00
#
# CONSTANTS
#
SERVICENAME="autossh-tunnel.service"
SERVICEFILE="/etc/systemd/system/"+SERVICENAME
SERVICETEMPLATE="""# see config script internet.sshtunnel.py
[Unit]
Description=AutoSSH tunnel service
After=network.target
[Service]
User=root
Group=root
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" [PLACEHOLDER]
StandardOutput=journal
[Install]
WantedBy=multi-user.target
"""
2019-04-02 00:05:37 +01:00
#
# SWITCHING ON
#
if sys.argv[1] == "on":
2019-04-02 01:22:00 +01:00
# check if already running
2019-04-02 03:00:24 +01:00
try:
2019-04-02 03:07:04 +01:00
subprocess.call("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True)
2019-04-02 03:00:24 +01:00
except subprocess.CalledProcessError as e:
2019-04-02 03:07:04 +01:00
print("already ON - run 'internet.sshtunnel.py off' first")
sys.exit(1)
2019-04-02 01:22:00 +01:00
# check server address
2019-04-02 01:53:28 +01:00
if len(sys.argv) < 3:
print("[USER]@[SERVER] missing - use 'internet.sshtunnel.py -h' for help")
sys.exit(1)
if sys.argv[2].count("@") != 1:
2019-04-02 01:40:14 +01:00
print("[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help")
2019-04-02 01:22:00 +01:00
sys.exit(1)
2019-04-02 01:53:28 +01:00
ssh_server = sys.argv[2]
2019-04-02 01:22:00 +01:00
2019-04-02 01:53:28 +01:00
# genenate additional parameter for autossh (forwarding ports)
2019-04-02 01:22:00 +01:00
if len(sys.argv) < 4:
print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first")
2019-04-02 00:05:37 +01:00
sys.exit(1)
2019-04-02 01:22:00 +01:00
additional_parameters=""
i = 3
while i < len(sys.argv):
# check forwarding format
if sys.argv[i].count(":") != 1:
2019-04-02 01:40:14 +01:00
print("[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '%s'" % (sys.argv[i]))
2019-04-02 01:22:00 +01:00
sys.exit(1)
# get ports
ports = sys.argv[i].split(":")
port_internal = ports[0]
port_external = ports[1]
if port_internal.isdigit() == False:
2019-04-02 01:42:25 +01:00
print("[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i]))
2019-04-02 01:22:00 +01:00
sys.exit(1)
if port_external.isdigit() == False:
2019-04-02 01:42:25 +01:00
print("[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i]))
2019-04-02 01:22:00 +01:00
sys.exit(1)
2019-04-02 01:40:14 +01:00
additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal)
2019-04-02 01:22:00 +01:00
i=i+1
# genenate additional parameter for autossh (server)
additional_parameters= additional_parameters + ssh_server
# generate custom service config
service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters)
# DEBUG exit
2019-04-02 02:54:30 +01:00
print()
print("*** New systemd service: %s" % (SERVICENAME))
2019-04-02 01:22:00 +01:00
print(service_data)
# write service file
2019-04-02 03:04:35 +01:00
service_file = open("./temp.service", "w")
2019-04-02 01:22:00 +01:00
service_file.write(service_data)
service_file.close()
2019-04-02 03:04:35 +01:00
subprocess.call("sudo mv ./temp.service SERVICEFILE", shell=True)
2019-04-02 01:22:00 +01:00
2019-04-02 02:54:30 +01:00
# check if SSH keys for root user need to be created
print()
print("*** Checking root SSH keys")
if Path("/home/root/.ssh/id_rsa.pub").exists() == False:
print("Generating root SSH keys ...")
subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N """, shell=True)
print("DONE")
else:
print("OK - root id_rsa.pub file exists")
ssh_pubkey=""
with open('/home/root/.ssh/id_rsa.pub', 'r') as file:
ssh_pubkey = file.read().replace('\n', '')
# make sure autossh is installed
# https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/
print()
print("*** Install autossh")
subprocess.call("sudo apt-get install -y autossh", shell=True)
2019-04-02 01:22:00 +01:00
# enable service
print()
2019-04-02 02:54:30 +01:00
print("*** Enabling systemd service: %s" % (SERVICENAME))
subprocess.call("sudo systemctl daemon-reload", shell=True)
subprocess.call("sudo systemctl enable %s" % (SERVICENAME), shell=True)
2019-04-02 01:22:00 +01:00
# final info (can be ignored if run by other script)
2019-04-02 02:54:30 +01:00
print()
print("*** OK - SSH TUNNEL SERVICE DONE SETUP ***")
print("For details see chapter '' in:")
print("https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md")
2019-04-02 01:42:25 +01:00
print("- Tunnel service needs final reboot to start.")
2019-04-02 02:54:30 +01:00
print("- After reboot check logs: sudo journalctl -f -u %s" % (SERVICENAME))
print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of %s :" % (ssh_server))
print(ssh_pubkey)
print()
2019-04-02 00:05:37 +01:00
#
# SWITCHING OFF
#
elif sys.argv[1] == "off":
2019-04-02 01:22:00 +01:00
# check if already disabled
2019-04-02 03:00:24 +01:00
try:
2019-04-02 03:07:04 +01:00
subprocess.call("systemctl is-disabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True)
2019-04-02 03:00:24 +01:00
except subprocess.CalledProcessError as e:
2019-04-02 03:07:04 +01:00
print("Was already OFF")
sys.exit(0)
2019-04-02 02:54:30 +01:00
print("*** Disabling systemd service: %s" % (SERVICENAME))
subprocess.call("sudo systemctl stop %s" % (SERVICENAME), shell=True)
subprocess.call("sudo systemctl disable %s" % (SERVICENAME), shell=True)
subprocess.call("sudo rm %s" % (SERVICEFILE), shell=True)
subprocess.call("sudo systemctl daemon-reload", shell=True)
print("OK Done")
print()
2019-04-02 00:05:37 +01:00
#
# UNKOWN PARAMETER
#
else:
print ("unkown parameter - use 'internet.sshtunnel.py -h' for help")