Initial commit

This commit is contained in:
Dionysus 2024-07-16 19:36:59 -04:00
commit c745fa1231
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
2 changed files with 137 additions and 0 deletions

52
README.md Normal file
View File

@ -0,0 +1,52 @@
# Dropbear Connect
> A secure & efficient way to manage your remote connections with Dropbear!
DBC is a simple script to manage your SSH connections with [Dropbear](https://github.com/mkj/dropbear)
, which is an alternative to OpenSSH for remote connections.
## Introduction
Dropbear does not have built-in support for an `.ssh/config` file, and even with OpenSSH, storing all your remote infrastructure in plain-text might not be a good idea.
Dropbear does not have support for encrypted SSH private keys, and even with OpenSSH, storing your private keys *(even if encrypted)* in the default `.ssh` directory might not be a good idea.
DBC is really simple & meant to run side-by-side with [pass](https://github.com/acidvegas/pass) securely store your `.ssh/config` & your SSH private keys.
You can securely manage & organize your SSH connections now. Your SSH private key is temporarily decrypted in RAM & used to connect. Once connected, the key is wiped.
## Usage
1. Store your Dropbear configurations in your password store under the name `dropbear` in the following format:
```
NAME USER HOST PORT JUMP
```
JUMP is optional and can be used to specify a host that should use your jump host.
If JUMP is set to x, the script will use the jump host to connect to the end host.
There should only be one jump host in the config file and it should be named `jump`.
###### Example
```
jump acidvegas 68.192.37.5 5902
hatebox acidvegas 100.151.45.10 2023 x
aws admin 45.16.150.203 22
```
2. Store your Dropbear private key in your password store under the name `dropbear_key`.
3. Run the script with the name of the host you want to connect to:
```shell
./dbc hatebox
```
## Useful Commands
- Git usage: `git config core.sshCommand "dbclient -i ~/.ssh/key"`
- Generate private key: `dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"`
- Get public key: `dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1`
___
###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/eris) • [SuperNETs](https://git.supernets.org/acidvegas/eris) • [GitHub](https://github.com/acidvegas/eris) • [GitLab](https://gitlab.com/acidvegas/eris) • [Codeberg](https://codeberg.org/acidvegas/eris)

85
dbc Normal file
View File

@ -0,0 +1,85 @@
#!/bin/sh
# Dropbear Connect Script (DBC) - Developed by acidvegas (https://git.acid.vegas/void)
# Dropbear config must be stored in pass in the following format:
# NAME USER HOST PORT JUMP
#
# JUMP is optional and can be used to specify a host that should use your jump host.
# If JUMP is set to x, the script will use the jump host to connect to the end host.
# There should only be one jump host in the config file and it should be named 'jump'.
#
# Example:
# jump acidvegas 68.192.37.5 5902
# hatebox acidvegas 100.151.45.10 2023 x
# aws admin 45.16.150.203 22
#
# Useful commands:
# Git usage : git config core.sshCommand "dbclient -i ~/.ssh/key"
# Generate private key : dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"
# Get public key : dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1
# Config
PASS_PATH="$HOME/.scripts/pass" # Path to the pass script
PASS_DROPBEAR="dropbear" # Name of entry in pass for the dropbear config
PASS_DROPBEAR_KEY="dropbear_key" # Name of entry in pass for the dropbear key
load_host() {
CONFIG_DATA="$1"
NAME="$2"
MATCHING_LINES=$(printf "%s\n" "$CONFIG_DATA" | grep "^$NAME ")
LINE_COUNT=$(printf "%s\n" "$MATCHING_LINES" | wc -l)
if [ "$LINE_COUNT" -ne 1 ]; then
echo "Error: The NAME '$NAME' matches multiple or no lines." && return 1
fi
MATCHING_LINES=$(printf "%s\n" "$MATCHING_LINES" | tr -s '[:space:]' ' ')
line_name=$(echo $MATCHING_LINES | cut -d ' ' -f 1)
line_user=$(echo $MATCHING_LINES | cut -d ' ' -f 2)
line_host=$(echo $MATCHING_LINES | cut -d ' ' -f 3)
line_port=$(echo $MATCHING_LINES | cut -d ' ' -f 4)
line_jump=$(echo $MATCHING_LINES | cut -d ' ' -f 5)
printf "%s@%s^%s%s" "$line_user" "$line_host" "$line_port" "$line_jump"
}
cleanup() {
rm -f "$TMP_KEY"
}
# Check if the name argument is provided
if [ $# -ne 1 ]; then
echo "usage: $0 [name]" && exit 1
fi
# Read the name argument
NAME=$1
# Read the config data
CONFIG_DATA=$($PASS_PATH $PASS_DROPBEAR)
# Check if the config data is read successfully
if [ $? -ne 0 ]; then
cho "error: can not read config data" && exit 1
fi
# Decrypt the dropbear key to a temporary file
TMP_KEY=$(mktemp /tmp/tmp.XXXXXXXXXX)
$PASS_PATH $PASS_DROPBEAR_KEY > "$TMP_KEY"
chmod 600 "$TMP_KEY"
# Set up cleanup on exit
trap cleanup EXIT
# Remove the temporary key after 10 seconds (timebomb)
printf "sleep 10 && rm -f $TMP_KEY &" | sh &
# Load the host data
JUMP_HOST=$(load_host "$CONFIG_DATA" "jump")
END_HOST=$(load_host "$CONFIG_DATA" "$NAME")
JUMP_CHECK=$(printf "$END_HOST" | rev | cut -c1)
# Connect to the host
if [ $JUMP_CHECK = "x" ]; then
END_HOST=$(printf $END_HOST | rev | cut -c2- | rev)
dbclient -K 60 -i "$TMP_KEY" $JUMP_HOST,$END_HOST
else
dbclient -K 60 -i "$TMP_KEY" $END_HOST
fi