Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Initial commit.

  • Loading branch information...
commit 0f896c4e594c371c4b545bfaa7150d9dc78adbb3 0 parents
@aphyr authored
3  .gitignore
@@ -0,0 +1,3 @@
+/etc/key
+/etc/key.pub
+*.swp
28 bin/setup
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+DIR=$(cd $(dirname $0)/..; pwd -P)
+
+ETC_DIR=/etc/tund
+BIN_DIR=/usr/local/bin
+
+# Install tund binary
+install -m 700 -o root -g root -D "${DIR}/bin/tund" "${BIN_DIR}/tund"
+
+# Install upstart script
+install -m 644 -o root -g root "${DIR}/etc/init/tund.conf" /etc/init/tund.conf
+
+if [ ! -e "${ETC_DIR}/key" ]
+then
+ if [ ! -e "${DIR}/etc/key" ]
+ then
+ # Generate key
+ ssh-keygen -b 4096 -N "" -O clear -O permit-port-forwarding -t rsa -f "${DIR}/etc/key"
+ echo "Public key is"
+ cat "${DIR}/etc/key.pub"
+ fi
+
+ # Install key
+ install -m 600 -o root -g root -D "${DIR}/etc/key" "${ETC_DIR}/key"
+fi
+
+service tund start
55 bin/tund
@@ -0,0 +1,55 @@
+#!/usr/bin/env ruby
+
+opts = {
+ :local => {
+ :host => 'localhost', # Local host to forward to
+ :port => 22 # Local port to forward to
+ },
+ :remote => {
+ :host => 'aphyr.com', # Remote host to connect to
+ :user => 'tunnel', # Remote user
+ :ssh_port => 22, # Remote port SSH runs on
+ :fwd_port => 2222 # Remote port which will be forwarded
+ },
+ :ssh => {
+ :bin => '/usr/bin/ssh', # SSH executable
+ :identity => '/etc/tund/key', # The SSH identity file
+ :opts => '-gN' # Additional options
+ },
+ :interval => 15 # How often to attempt reconnection, in seconds
+}
+
+class Tunneler
+ def initialize(opts)
+ @opts = opts
+ end
+
+ def run
+ begin
+ tunnel
+ rescue => e
+ puts e
+ puts e.backtrace.join("\n")
+ ensure
+ sleep @opts[:interval]
+ end
+ end
+
+ # Opens the SSH tunnel
+ def tunnel
+ system @opts[:ssh][:bin],
+ @opts[:ssh][:opts],
+ '-p', @opts[:remote][:ssh_port].to_s,
+ '-i', @opts[:ssh][:identity],
+ '-R', [
+ @opts[:remote][:fwd_port],
+ @opts[:local][:host],
+ @opts[:local][:port]
+ ].join(':'),
+ "#{@opts[:remote][:user]}@#{@opts[:remote][:host]}"
+ end
+end
+
+if $0 == __FILE__
+ Tunneler.new(opts).run
+end
19 doc/license
@@ -0,0 +1,19 @@
+Copyright (c) 2010 Kyle Kingsbury <aphyr@aphyr.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
30 doc/tund
@@ -0,0 +1,30 @@
+Tund (tunneling daemon) establishes a reverse SSH tunnel from some publically
+accessible computer to your own. In the event of theft, loss, or NAT, you can
+easily access your machine.
+
+You need two computers: the local host (say, your laptop), and the remote host,
+which is publically accessible. Tund will use SSH forwarding to connect a
+certain port on the remote host to a certain port on the local host. You can then ssh -p some-port remote.com to access your local host.
+
+Install tund and generate a keypair. I've included an upstart setup script.
+local$ sudo bin/setup
+
+Create a user on the remote host
+remote$ adduser --disabled-password --shell /bin/false tunnel
+remote$ cd ~tunnel
+remote$ rm -rf .bash* .profile
+
+On the tunneling host, create .ssh/authorized_keys
+remote$ mkdir .ssh
+remote$ $VISUAL .ssh/authorized_keys
+
+and paste the public key into that file.
+
+Seal the user's homedir
+remote$ chmod 400 .ssh/authorized_keys
+remote$ chmod 500 . .ssh
+
+Confirm that you can establish a tunnel:
+local$ ssh -vgN -i etc/key -R 2222:localhost:22 tunnel@remote.com
+
+And finally, configure the options in bin/tund. An upstart script is located in etc/tund.conf for your convenience; simply run bin/setup for automatic startup.
8 etc/init/tund.conf
@@ -0,0 +1,8 @@
+description "tund"
+
+start on net-device-up
+stop on runlevel [016]
+
+respawn
+
+exec /usr/local/bin/tund
Please sign in to comment.
Something went wrong with that request. Please try again.