-
Notifications
You must be signed in to change notification settings - Fork 1
/
portknock
98 lines (84 loc) · 1.88 KB
/
portknock
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/bash
# Port Knocker
#
# 1 - Put this code in ~/.bashrc.d/portknock
# 2 - source that path in your .bashrc or .bash_profile
# 3 - Create a ~/.portknock directory and one or more files in it with
# entries like:
# host_regexp port1,port2,...,portN
# (lines with # are ignored)
# ...
# 4 - You must open a new terminal session to use the new function
# 5 - Use it as you would use the ssh command
# ssh user@server => pssh user@server
# - or with psshproxy as a ProxyCommand in .ssh/config
# ProxyCommand psshproxy %h %p
#
# It accepts the usual options of the SSH program
PORTKNOCKDIR=~/.portknock
portknock() {
HOST=$1
old_IFS=$IFS
IFS=$'\n'
for line in `cat $PORTKNOCKDIR/*`
do
first=`echo $line | cut -c1`
if test x$first == x#
then
continue
fi
regexp=`echo $line | cut -d' ' -f1`
ports=`echo $line | cut -d' ' -f2`
echo $HOST | grep -E $regexp > /dev/null 2>&1
if test $? == 0
then
IFS=' '
for port in `echo $ports | cut -d, -f1- --output-delimiter=' '`
do
nc -w 1 $HOST $port
done
IFS=$old_IFS
return 0
fi
done
echo "ERROR: please specify a port knock sequence for $HOST in $PORTKNOCKDIR"
return 1
}
pssh() {
while getopts "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:W:XYy" FLAG
do
true
done
HOST=${@:$OPTIND:1}
HOST=${HOST#*@}
portknock $HOST || return
ssh $*
}
pscp() {
while getopts "dfl:prtvBCc:i:P:q1246S:o:F:" FLAG
do
true
done
j=$OPTIND
while [ ${@:$j:1} ]
do
# FIXME: this lets through args without :
HOST=${@:$j:1}
HOST=${HOST#*@}
HOST=${HOST%:*}
if [ "$HOST" != "." ] && [ "$HOST" != ".." ]
then
HOSTS="${HOSTS}${HOST}\n"
fi
((j++))
done
echo -e $HOSTS | sort -u | \
while read HOST
do
if [ ! -e $HOST ]
then
portknock $HOST || return 1
fi
done
scp $*
}