#!/usr/bin/perl -Tw # aufruf auf dem zielsystem: # hostname | ssh -t -i id_rsa_tun -o AddressFamily=inet tun-adm@my.doma.in | sed '1,/^XXX---XXX/s/^/# /' | sh -v use strict; use User::pwent; $ENV{PATH}=""; my @Cmd = (); my $cmd = "/home/tun-adm/bin/mktunuser"; my $vo = "/bin/vo"; # change this in sudoers, also my $addusercfg = "/home/tun-adm/adduser.conf"; if ( ! defined $ARGV[0] or $ARGV[0] eq "" ) { my $l = ; chomp($l); my ( $user ) = $l =~ /^([-a-z0-9.]{1,25})$/; defined $user or die "username '$l' invalid"; $user = "tun-".$user; @Cmd = ("/usr/bin/sudo","/usr/sbin/adduser","--conf",$addusercfg,"--gecos","tunnel-user","--disabled-password","--firstuid","10000",$user); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ( "/usr/bin/sudo","-u",$user,$cmd,"-u"); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ( "/usr/bin/sudo",$cmd,"-h",$user); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ( "/usr/bin/sudo",$cmd,"-s",$user); print join " ","#",@Cmd,"\n"; system @Cmd; } elsif ( $ARGV[0] eq "-u" ) { my $user = getpwuid($<)->[0]; my $id = $<; print "U: $user $id\n"; chdir("/home/".$user); # exit; @Cmd = ("/bin/mkdir",".ssh"); print join " ","#",@Cmd,"\n"; system @Cmd; chdir(".ssh"); @Cmd = ("/usr/bin/ssh-keygen","-t","rsa","-f","id_rsa_remote_tun"); print join " ","#",@Cmd,"\n"; system @Cmd; my $s = q#/bin/echo -n 'command="echo Tunnel Port XXXXX aktiv; while sleep 10; do echo -n .; done" ' >> authorized_keys#; $s =~ s/XXXXX/$id/; @Cmd = ("/bin/sh","-c",$s); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ("/bin/sh","-c",q#/bin/cat id_rsa_remote_tun.pub >> authorized_keys# ); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ("/bin/chmod","600","authorized_keys" ); print join " ","#",@Cmd,"\n"; system @Cmd; print "XXX---XXX---XXX---XXX\n"; @Cmd = ("/bin/cat","id_rsa_remote_tun"); print join " ","#",@Cmd,"\n"; print "cat << EOF > ~/.ssh/id_rsa_remote_tun\n"; system @Cmd; print "EOF\n"; print "chmod 600 ~/.ssh/id_rsa_remote_tun\n"; @Cmd = ("/bin/cat","id_rsa_remote_tun.pub"); print join " ","#",@Cmd,"\n"; print "cat << EOF > ~/.ssh/id_rsa_remote_tun.pub\n"; system @Cmd; print "EOF\n"; print qq|echo "#!/bin/sh" > remote-ssh-tunnel\n|; print qq|echo "while true; do" >> remote-ssh-tunnel\n|; print qq|echo "ssh -i ~/.ssh/id_rsa_remote_tun -4 -l $user {my.tunhub} -R $id:127.0.0.1:22 " >> remote-ssh-tunnel\n|; print qq|echo "done" >> remote-ssh-tunnel\n|; print "chmod 755 remote-ssh-tunnel\n"; } elsif ( $ARGV[0] eq "-h" ) { $ENV{PATH}="/bin:/usr/bin:/sbin:/usr/sbin"; my $user = $ARGV[1]; @Cmd = ($vo,"-o","/etc/hosts" ); print join " ","#",@Cmd,"\n"; system @Cmd; my $dollarslash = $/; $/ = undef; open H,"/etc/hosts" or die "can't open '/etc/hosts': $!"; my $h = ; close H; $/ = $dollarslash; $h =~ s/(# tunnel ends)/127.0.0.1\t$user\n$1/; open H,">","/etc/hosts" or die "can't open '/etc/hosts': $!"; print H $h; close H; @Cmd = ($vo,"-i","/etc/hosts" ); print join " ","#",@Cmd,"\n"; system @Cmd; } elsif ( $ARGV[0] eq "-s" ) { $ENV{PATH}="/bin:/usr/bin:/sbin:/usr/sbin"; my $user = $ARGV[1]; my $pw = getpwnam($user); my $port = $pw->uid; my $r = "Host $user\n". " Port $port\n". " Cipher blowfish\n". " Compression yes\n"; @Cmd = ("touch","/root/.ssh/config" ); print join " ","#",@Cmd,"\n"; system @Cmd; @Cmd = ($vo,"-o","/root/.ssh/config" ); print join " ","#",@Cmd,"\n"; system @Cmd; my $dollarslash = $/; $/ = undef; open H,"/root/.ssh/config" or die "can't open '/root/.ssh/config': $!"; my $h = ; close H; $/ = $dollarslash; $h =~ s/(# tunnel ends)/$r\n$1/; open H,">","/root/.ssh/config" or die "can't open '/root/.ssh/config': $!"; print H $h; close H; @Cmd = ($vo,"-i","/root/.ssh/config" ); print join " ","#",@Cmd,"\n"; system @Cmd; }