Initial commit
This commit is contained in:
commit
c745fa1231
52
README.md
Normal file
52
README.md
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
# Dropbear Connect
|
||||||
|
> A secure & efficient way to manage your remote connections with Dropbear!
|
||||||
|
|
||||||
|
DBC is a simple script to manage your SSH connections with [Dropbear](https://github.com/mkj/dropbear)
|
||||||
|
, which is an alternative to OpenSSH for remote connections.
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
Dropbear does not have built-in support for an `.ssh/config` file, and even with OpenSSH, storing all your remote infrastructure in plain-text might not be a good idea.
|
||||||
|
|
||||||
|
Dropbear does not have support for encrypted SSH private keys, and even with OpenSSH, storing your private keys *(even if encrypted)* in the default `.ssh` directory might not be a good idea.
|
||||||
|
|
||||||
|
DBC is really simple & meant to run side-by-side with [pass](https://github.com/acidvegas/pass) securely store your `.ssh/config` & your SSH private keys.
|
||||||
|
|
||||||
|
You can securely manage & organize your SSH connections now. Your SSH private key is temporarily decrypted in RAM & used to connect. Once connected, the key is wiped.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
1. Store your Dropbear configurations in your password store under the name `dropbear` in the following format:
|
||||||
|
|
||||||
|
```
|
||||||
|
NAME USER HOST PORT JUMP
|
||||||
|
```
|
||||||
|
|
||||||
|
JUMP is optional and can be used to specify a host that should use your jump host.
|
||||||
|
|
||||||
|
If JUMP is set to x, the script will use the jump host to connect to the end host.
|
||||||
|
|
||||||
|
There should only be one jump host in the config file and it should be named `jump`.
|
||||||
|
|
||||||
|
###### Example
|
||||||
|
```
|
||||||
|
jump acidvegas 68.192.37.5 5902
|
||||||
|
hatebox acidvegas 100.151.45.10 2023 x
|
||||||
|
aws admin 45.16.150.203 22
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Store your Dropbear private key in your password store under the name `dropbear_key`.
|
||||||
|
|
||||||
|
3. Run the script with the name of the host you want to connect to:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
./dbc hatebox
|
||||||
|
```
|
||||||
|
|
||||||
|
## Useful Commands
|
||||||
|
|
||||||
|
- Git usage: `git config core.sshCommand "dbclient -i ~/.ssh/key"`
|
||||||
|
- Generate private key: `dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"`
|
||||||
|
- Get public key: `dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1`
|
||||||
|
|
||||||
|
___
|
||||||
|
|
||||||
|
###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/eris) • [SuperNETs](https://git.supernets.org/acidvegas/eris) • [GitHub](https://github.com/acidvegas/eris) • [GitLab](https://gitlab.com/acidvegas/eris) • [Codeberg](https://codeberg.org/acidvegas/eris)
|
85
dbc
Normal file
85
dbc
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Dropbear Connect Script (DBC) - Developed by acidvegas (https://git.acid.vegas/void)
|
||||||
|
|
||||||
|
# Dropbear config must be stored in pass in the following format:
|
||||||
|
# NAME USER HOST PORT JUMP
|
||||||
|
#
|
||||||
|
# JUMP is optional and can be used to specify a host that should use your jump host.
|
||||||
|
# If JUMP is set to x, the script will use the jump host to connect to the end host.
|
||||||
|
# There should only be one jump host in the config file and it should be named 'jump'.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# jump acidvegas 68.192.37.5 5902
|
||||||
|
# hatebox acidvegas 100.151.45.10 2023 x
|
||||||
|
# aws admin 45.16.150.203 22
|
||||||
|
#
|
||||||
|
# Useful commands:
|
||||||
|
# Git usage : git config core.sshCommand "dbclient -i ~/.ssh/key"
|
||||||
|
# Generate private key : dropbearkey -t ed25519 -f ~/.dropbear/key | grep "ssh-ed25519"
|
||||||
|
# Get public key : dropbearkey -y -f ~/.dropbear/key | head -n 2 | tail -n 1
|
||||||
|
|
||||||
|
# Config
|
||||||
|
PASS_PATH="$HOME/.scripts/pass" # Path to the pass script
|
||||||
|
PASS_DROPBEAR="dropbear" # Name of entry in pass for the dropbear config
|
||||||
|
PASS_DROPBEAR_KEY="dropbear_key" # Name of entry in pass for the dropbear key
|
||||||
|
|
||||||
|
load_host() {
|
||||||
|
CONFIG_DATA="$1"
|
||||||
|
NAME="$2"
|
||||||
|
MATCHING_LINES=$(printf "%s\n" "$CONFIG_DATA" | grep "^$NAME ")
|
||||||
|
LINE_COUNT=$(printf "%s\n" "$MATCHING_LINES" | wc -l)
|
||||||
|
if [ "$LINE_COUNT" -ne 1 ]; then
|
||||||
|
echo "Error: The NAME '$NAME' matches multiple or no lines." && return 1
|
||||||
|
fi
|
||||||
|
MATCHING_LINES=$(printf "%s\n" "$MATCHING_LINES" | tr -s '[:space:]' ' ')
|
||||||
|
line_name=$(echo $MATCHING_LINES | cut -d ' ' -f 1)
|
||||||
|
line_user=$(echo $MATCHING_LINES | cut -d ' ' -f 2)
|
||||||
|
line_host=$(echo $MATCHING_LINES | cut -d ' ' -f 3)
|
||||||
|
line_port=$(echo $MATCHING_LINES | cut -d ' ' -f 4)
|
||||||
|
line_jump=$(echo $MATCHING_LINES | cut -d ' ' -f 5)
|
||||||
|
printf "%s@%s^%s%s" "$line_user" "$line_host" "$line_port" "$line_jump"
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
rm -f "$TMP_KEY"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check if the name argument is provided
|
||||||
|
if [ $# -ne 1 ]; then
|
||||||
|
echo "usage: $0 [name]" && exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Read the name argument
|
||||||
|
NAME=$1
|
||||||
|
|
||||||
|
# Read the config data
|
||||||
|
CONFIG_DATA=$($PASS_PATH $PASS_DROPBEAR)
|
||||||
|
|
||||||
|
# Check if the config data is read successfully
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
cho "error: can not read config data" && exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Decrypt the dropbear key to a temporary file
|
||||||
|
TMP_KEY=$(mktemp /tmp/tmp.XXXXXXXXXX)
|
||||||
|
$PASS_PATH $PASS_DROPBEAR_KEY > "$TMP_KEY"
|
||||||
|
chmod 600 "$TMP_KEY"
|
||||||
|
|
||||||
|
# Set up cleanup on exit
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
# Remove the temporary key after 10 seconds (timebomb)
|
||||||
|
printf "sleep 10 && rm -f $TMP_KEY &" | sh &
|
||||||
|
|
||||||
|
# Load the host data
|
||||||
|
JUMP_HOST=$(load_host "$CONFIG_DATA" "jump")
|
||||||
|
END_HOST=$(load_host "$CONFIG_DATA" "$NAME")
|
||||||
|
JUMP_CHECK=$(printf "$END_HOST" | rev | cut -c1)
|
||||||
|
|
||||||
|
# Connect to the host
|
||||||
|
if [ $JUMP_CHECK = "x" ]; then
|
||||||
|
END_HOST=$(printf $END_HOST | rev | cut -c2- | rev)
|
||||||
|
dbclient -K 60 -i "$TMP_KEY" $JUMP_HOST,$END_HOST
|
||||||
|
else
|
||||||
|
dbclient -K 60 -i "$TMP_KEY" $END_HOST
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user