Initial commit
This commit is contained in:
commit
c745fa1231
52
README.md
Normal file
52
README.md
Normal file
@ -0,0 +1,52 @@
|
||||
# Dropbear Connect
|
||||
> A secure & efficient way to manage your remote connections with Dropbear!
|
||||
|
||||
DBC is a simple script to manage your SSH connections with [Dropbear](https://github.com/mkj/dropbear)
|
||||
, which is an alternative to OpenSSH for remote connections.
|
||||
|
||||
## Introduction
|
||||
Dropbear does not have built-in support for an `.ssh/config` file, and even with OpenSSH, storing all your remote infrastructure in plain-text might not be a good idea.
|
||||
|
||||
Dropbear does not have support for encrypted SSH private keys, and even with OpenSSH, storing your private keys *(even if encrypted)* in the default `.ssh` directory might not be a good idea.
|
||||
|
||||
DBC is really simple & meant to run side-by-side with [pass](https://github.com/acidvegas/pass) securely store your `.ssh/config` & your SSH private keys.
|
||||
|
||||
You can securely manage & organize your SSH connections now. Your SSH private key is temporarily decrypted in RAM & used to connect. Once connected, the key is wiped.
|
||||
|
||||
## Usage
|
||||
1. Store your Dropbear configurations in your password store under the name `dropbear` in the following format:
|
||||
|
||||
```
|
||||
NAME USER HOST PORT JUMP
|
||||
```
|
||||
|
||||
JUMP is optional and can be used to specify a host that should use your jump host.
|
||||
|
||||
If JUMP is set to x, the script will use the jump host to connect to the end host.
|
||||
|
||||
There should only be one jump host in the config file and it should be named `jump`.
|
||||
|
||||
###### Example
|
||||
```
|
||||
jump acidvegas 68.192.37.5 5902
|
||||
hatebox acidvegas 100.151.45.10 2023 x
|
||||
aws admin 45.16.150.203 22
|
||||
```
|
||||
|
||||
2. Store your Dropbear private key in your password store under the name `dropbear_key`.
|
||||
|
||||
3. Run the script with the name of the host you want to connect to:
|
||||
|
||||
```shell
|
||||
./dbc hatebox
|
||||
```
|
||||
|
||||
## Useful Commands
|
||||
|
||||
- Git usage: `git config core.sshCommand "dbclient -i ~/.ssh/key"`
|
||||
- Generate private key: `dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"`
|
||||
- Get public key: `dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1`
|
||||
|
||||
___
|
||||
|
||||
###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/eris) • [SuperNETs](https://git.supernets.org/acidvegas/eris) • [GitHub](https://github.com/acidvegas/eris) • [GitLab](https://gitlab.com/acidvegas/eris) • [Codeberg](https://codeberg.org/acidvegas/eris)
|
85
dbc
Normal file
85
dbc
Normal file
@ -0,0 +1,85 @@
|
||||
#!/bin/sh
|
||||
# Dropbear Connect Script (DBC) - Developed by acidvegas (https://git.acid.vegas/void)
|
||||
|
||||
# Dropbear config must be stored in pass in the following format:
|
||||
# NAME USER HOST PORT JUMP
|
||||
#
|
||||
# JUMP is optional and can be used to specify a host that should use your jump host.
|
||||
# If JUMP is set to x, the script will use the jump host to connect to the end host.
|
||||
# There should only be one jump host in the config file and it should be named 'jump'.
|
||||
#
|
||||
# Example:
|
||||
# jump acidvegas 68.192.37.5 5902
|
||||
# hatebox acidvegas 100.151.45.10 2023 x
|
||||
# aws admin 45.16.150.203 22
|
||||
#
|
||||
# Useful commands:
|
||||
# Git usage : git config core.sshCommand "dbclient -i ~/.ssh/key"
|
||||
# Generate private key : dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"
|
||||
# Get public key : dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1
|
||||
|
||||
# Config
|
||||
PASS_PATH="$HOME/.scripts/pass" # Path to the pass script
|
||||
PASS_DROPBEAR="dropbear" # Name of entry in pass for the dropbear config
|
||||
PASS_DROPBEAR_KEY="dropbear_key" # Name of entry in pass for the dropbear key
|
||||
|
||||
load_host() {
|
||||
CONFIG_DATA="$1"
|
||||
NAME="$2"
|
||||
MATCHING_LINES=$(printf "%s\n" "$CONFIG_DATA" | grep "^$NAME ")
|
||||
LINE_COUNT=$(printf "%s\n" "$MATCHING_LINES" | wc -l)
|
||||
if [ "$LINE_COUNT" -ne 1 ]; then
|
||||
echo "Error: The NAME '$NAME' matches multiple or no lines." && return 1
|
||||
fi
|
||||
MATCHING_LINES=$(printf "%s\n" "$MATCHING_LINES" | tr -s '[:space:]' ' ')
|
||||
line_name=$(echo $MATCHING_LINES | cut -d ' ' -f 1)
|
||||
line_user=$(echo $MATCHING_LINES | cut -d ' ' -f 2)
|
||||
line_host=$(echo $MATCHING_LINES | cut -d ' ' -f 3)
|
||||
line_port=$(echo $MATCHING_LINES | cut -d ' ' -f 4)
|
||||
line_jump=$(echo $MATCHING_LINES | cut -d ' ' -f 5)
|
||||
printf "%s@%s^%s%s" "$line_user" "$line_host" "$line_port" "$line_jump"
|
||||
}
|
||||
|
||||
cleanup() {
|
||||
rm -f "$TMP_KEY"
|
||||
}
|
||||
|
||||
# Check if the name argument is provided
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "usage: $0 [name]" && exit 1
|
||||
fi
|
||||
|
||||
# Read the name argument
|
||||
NAME=$1
|
||||
|
||||
# Read the config data
|
||||
CONFIG_DATA=$($PASS_PATH $PASS_DROPBEAR)
|
||||
|
||||
# Check if the config data is read successfully
|
||||
if [ $? -ne 0 ]; then
|
||||
cho "error: can not read config data" && exit 1
|
||||
fi
|
||||
|
||||
# Decrypt the dropbear key to a temporary file
|
||||
TMP_KEY=$(mktemp /tmp/tmp.XXXXXXXXXX)
|
||||
$PASS_PATH $PASS_DROPBEAR_KEY > "$TMP_KEY"
|
||||
chmod 600 "$TMP_KEY"
|
||||
|
||||
# Set up cleanup on exit
|
||||
trap cleanup EXIT
|
||||
|
||||
# Remove the temporary key after 10 seconds (timebomb)
|
||||
printf "sleep 10 && rm -f $TMP_KEY &" | sh &
|
||||
|
||||
# Load the host data
|
||||
JUMP_HOST=$(load_host "$CONFIG_DATA" "jump")
|
||||
END_HOST=$(load_host "$CONFIG_DATA" "$NAME")
|
||||
JUMP_CHECK=$(printf "$END_HOST" | rev | cut -c1)
|
||||
|
||||
# Connect to the host
|
||||
if [ $JUMP_CHECK = "x" ]; then
|
||||
END_HOST=$(printf $END_HOST | rev | cut -c2- | rev)
|
||||
dbclient -K 60 -i "$TMP_KEY" $JUMP_HOST,$END_HOST
|
||||
else
|
||||
dbclient -K 60 -i "$TMP_KEY" $END_HOST
|
||||
fi
|
Loading…
Reference in New Issue
Block a user