#!/usr/bin/env python import sys, os, string def getInput(message, default=None, responseSet=None): while 1: if default != None: print "%s [%s] " % (message, default), else: print "%s " % (message), val = string.strip(sys.stdin.readline()) print "" if not len(val) and default != None: return default elif responseSet and string.upper(val) in (responseSet): return string.upper(val) elif not responseSet: return val def getYesNo(message, default=None): return getInput(message,default,('Y','N')) == 'Y' def continueScript(): if not getYesNo("Continue?", "Y"): sys.exit() def divide(): print "-" * 79 print def externalCommand(command): print "- - - [ Outside Command ] - - -" os.system(command) print "- - - - - - - - - - - - - - - -" SSH="ssh" divide() print """ Welcome to the jcater port tunneling automation script ;) This script automates the creation of a SSH-based encrypted tunnel. Do not simply trust this script. I highly recommend you read over all the output it produces. Blindly trusting a hacked together script is dangerous! Blindly trusting a hacked together script that is supposedly offering you a high level of security is deadly! This program makes three assumptions: 1) You have ssh installed on this machine and know how to log into another machine using ssh, and 2) You have a login on the machine you wish to tunnel to. 3) This remote machine allows SSH level 1 """ continueScript() divide() print "First, I need some basic information...\n" MACHINE=getInput("What is the DNS-resolvable name of the remote system?") USERNAME=getInput("What is your login name on %s?" % MACHINE) SSH_PORT=getInput("What port is the SSH server running on?", "22") AUTHKEY="./authkeytmp-mssht" IDENTITY="$HOME/.ssh/autosshtun{%s@%s}" % (USERNAME, MACHINE) SCRIPTFILE="ssh-tunnel-%s-%s" % (USERNAME, MACHINE) divide() # # Grab the existing authorized_keys file # print """\ For security reasons, we will not prompt you for your password on the remote system. HOWEVER, we will use ssh to connect to the remote system and SSH will prompt you. """ continueScript() divide() command ="scp -P%s %s@%s:.ssh/authorized_keys %s" % (SSH_PORT, USERNAME, MACHINE, AUTHKEY) print """ I now need to get your existing authorized_keys file from the remote system. I will execute the following command, which may prompt you for your password on the remote system. %s """ % command continueScript() print """\ You may get an error message during this command. If you are told 'scp: .ssh/authorized_keys: No such file or directory', you can safely ignore the warning. """ externalCommand(command) command = "ssh-keygen -N '' -f %s -q" % IDENTITY print """ I will now attempt to create a SSH1 key for your tunnel. I need to execute the following command: %s """ % command continueScript() print "You should NOT see any error messages from this command...\n" externalCommand(command) command = ("ssh-keygen -y -f %s >> %s\n" + \ " scp -P%s %s %s@%s:.ssh/authorized_keys") % (IDENTITY, AUTHKEY, SSH_PORT, AUTHKEY, USERNAME, MACHINE) print """ I will now add the public component of this new key to your authorized_keys file on the remote machine. I need to execute the following command. You will once again be prompted for your remote password. %s """ % command continueScript() print "You should NOT see any errors from this command:" externalCommand(command) print divide() print """ Great! We now have ssh setup to perform secure autologins from this machine. Next, we will create a shell script to automate the connections... """ out = open (SCRIPTFILE,"w") out.write("""\ #!/bin/sh # # PORTS # # Set this to be the ports needing tunneled (separated by spaces) # in the format of ":<"real" port on the remote machine> # # So, for example, if you want to securely connect to SMTP (port 25) on # the remote machine, you might do: # # PORTS = 56789:25 # # This will make port 56789 on the local machine point to port 25 on # the remote machine. Your email client would then connect to "localhost" # on port "56789" to retrieve mail. The first port MUST be a free port # on your machine. If you did not have a local smtp agent running, you # could just as easily do 25:25 (but note any lower numbered ports require # "root" permissions. # # # PORTS=11000:110 # PORTS=25000:25 # PORTS=6667:6667 # IRC # PORTS=5432:5432 # PostgreSQL # PORTS="54320:5432 24000:6667" PORTS="54320:5432" SSH="ssh -p%(SSH_PORT)s -f -1 -l %(USERNAME)s -i %(IDENTITY)s" DESTINATION="%(MACHINE)s" ############################################################ # # You should not need to modify anything from here on... # PORTSTRING=`echo $PORTS|awk -v dest=":$DESTINATION:" '{gsub(":",dest); print$0}'` for port in $PORTSTRING do $SSH -L$port $DESTINATION "while :; do sleep 36000; done" done """ % globals()) out.close() print """ I created the file %s. Edit the header of this file and modify the PORTS= line according to the provided text. """ % SCRIPTFILE os.system("rm -f %s" %AUTHKEY)