blob: edee95434ea71e2b53e4859278e99073142803eb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
#!/bin/bash
if [ "`id -u`" != "0" ]; then
echo "Must be run as root"
exit 1
fi
user="$1"
if [ "$user" == "" ]; then
echo "parameter user missing. Usage: $0 <user> [<optional-server-address>] [<force-redo>]"
exit 1
fi
if [ "$2" != "" ]; then
BOCASERVER=$2
else
if [[ ! -e /etc/bocaip ]] ; then
echo "O IP do servidor boca nao configurado. Usando bombonera.org"
BOCASERVER=50.116.19.221
else
source /etc/bocaip
BOCASERVER=$BOCAIP
fi
fi
if [ "$BOCASERVER" == "" ]; then
echo "BOCA server not defined. Aborting"
exit 1
fi
echo "Server at $BOCASERVER"
for i in wget sha256sum cut; do
p=`which $i`
if [ -x "$p" ]; then
echo -n ""
else
echo "$i" not found
exit 1
fi
done
temp=/root/.temp.`date +%s%N`.txt
mkdir -p /root/.ssh
if [ ! -f /root/.ssh/$BOCASERVER -o ! -f /root/.ssh/$BOCASERVER.pub -o ! -f /root/.ssh/authorized_keys -o "$3" != "" ]; then
ssh-keygen -q -f /root/.ssh/$BOCASERVER -t rsa -b 4096 -C "${user}@bombonera.org" -N ''
echo -e "Host $BOCASERVER\n HostName $BOCASERVER\n User bocassh\n IdentityFile /root/.ssh/$BOCASERVER\n" > /root/.ssh/config
read -s -p "Password: " pass
echo ""
md=`wget --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/updatessh.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1`
echo "$md" | grep -q PHPSESS
if [ "$?" == "0" ]; then
md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'`
ress=`echo -n $pass | sha256sum - | cut -f1 -d' '`
res=`echo -n "${ress}${md}" | sha256sum - | cut -f1 -d' '`
echo -n "name=${user}" > $temp
[ -f /root/submissions/comp ] && echo -n "comp=`cat /root/submissions/comp`" >> $temp
echo -n "&password=$res" >> $temp
echo -n "&data=" >> $temp
cat /root/.ssh/$BOCASERVER.pub | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
wget --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/updatessh.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null
rm -f $temp
rm -f ${temp}.cookie.txt
grep -qi incorrect ${temp}.out
res=$?
if [ "$res" == "0" ]; then
rm ${temp}.out
echo "$BOCASERVER: User or password incorrect"
exit 3
fi
grep -qi ssh-rsa ${temp}.out
if [ "$?" == "0" ]; then
grep -i ssh-rsa ${temp}.out >> /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
fi
rm ${temp}.out
else
echo "$BOCASERVER: connection failed"
exit 2
fi
echo "authentication successful"
fi
if [ -f /etc/ssh/sshd_config ]; then
grep -iq "^[[:space:]]*AllowUsers" /etc/ssh/sshd_config
if [ "$?" != "0" ]; then
grep -v -i "^[[:space:]]*AllowUsers" /etc/ssh/sshd_config | grep -v -i "^[[:space:]]*PermitRootLogin" | grep -v -i "^[[:space:]]*PasswordAuthentication" > /etc/ssh/sshd_config.tmp
echo "AllowUsers root" >> /etc/ssh/sshd_config.tmp
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config.tmp
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.tmp
mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
service ssh restart
fi
fi
porta=5000
while [ $porta -lt 6000 ]; do
pids=`ps auxw | grep "ssh -v -f -N" | grep ${BOCASERVER} | awk '{print $2;}'`
if [ "$pids" != "" ]; then
kill -9 $pids
fi
echo "Trying $porta"
ssh -v -f -N -o UserKnownHostsFile=/dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -R ${porta}:localhost:22 bocassh@${BOCASERVER} >$temp 2>&1
for k in 1 2 3 4 5 6 7 8; do
sleep 1
grep -q "remote forward.*for:" $temp
if [ $? == 0 ]; then
break
fi
done
grep -q "remote forward success for:" $temp
if [ $? == 0 ]; then
echo "Forward successful at $porta"
break
fi
let "porta = $porta + 1"
done
exit 0
|
