arlimus/ssh tunnelling vagrant env

## ssh tunnelling vagrant env
# -*- mode: ruby -*-
# vi: set ft=ruby :

name = 'saucy'
IP   = {
  'saucy' => '192.168.123.123',
  'client1' => '192.168.123.101',
  'client2' => '192.168.123.102'
}

def setup_scenario
  authorized_keys = File::read(File::expand_path('~/.ssh/id_rsa.pub'))

  # create the sshd_config
  "cat > /etc/ssh/sshd_config <<-IOF\n#{SSHD_CONFIG}\nIOF\n" +
  %w{client1 client2}.map do |client|
    # configure the scenario for each client
    <<EOF
useradd -s /bin/false #{client}
mkdir -p /home/#{client}/.ssh
cat > /home/#{client}/.ssh/authorized_keys <<-IOF
#{authorized_keys}
IOF
chown -R #{client}:#{client} /home/#{client}/.ssh
EOF
  end.join("\n")
end

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.define name do |c|
    # Every Vagrant virtual environment requires a box to build off of.
    c.vm.box = "#{name}64"
    c.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/#{name}/current/#{name}-server-cloudimg-amd64-vagrant-disk1.box"

    c.vm.network "private_network", ip: IP[name]

    c.vm.provision "shell", inline: "apt-get update"
    c.vm.provision "shell", inline: "apt-get install -y openssh-server"
    c.vm.provision "shell", inline: setup_scenario
  end

  %w{client1 client2}.each do |name|
    config.vm.define name do |c|
      c.vm.box = 'precise64'
      c.vm.network 'private_network', ip: IP[name]
    end
  end

end

SSHD_CONFIG=<<EOF
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
UsePAM yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes

X11Forwarding no
TCPKeepAlive yes
AcceptEnv LANG LC_*

GatewayPorts no
AllowTcpForwarding remote
EOF
	# -- mode: ruby --
	# vi: set ft=ruby :

	name = 'saucy'
	IP = {
	'saucy' => '192.168.123.123',
	'client1' => '192.168.123.101',
	'client2' => '192.168.123.102'
	}

	def setup_scenario
	authorized_keys = File::read(File::expand_path('~/.ssh/id_rsa.pub'))

	# create the sshd_config
	"cat > /etc/ssh/sshd_config <<-IOF\n#{SSHD_CONFIG}\nIOF\n" +
	%w{client1 client2}.map do \|client\|
	# configure the scenario for each client
	<<EOF
	useradd -s /bin/false #{client}
	mkdir -p /home/#{client}/.ssh
	cat > /home/#{client}/.ssh/authorized_keys <<-IOF
	#{authorized_keys}
	IOF
	chown -R #{client}:#{client} /home/#{client}/.ssh
	EOF
	end.join("\n")
	end

	# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
	VAGRANTFILE_API_VERSION = "2"

	Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	config.vm.define name do \|c\|
	# Every Vagrant virtual environment requires a box to build off of.
	c.vm.box = "#{name}64"
	c.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/#{name}/current/#{name}-server-cloudimg-amd64-vagrant-disk1.box"

	c.vm.network "private_network", ip: IP[name]

	c.vm.provision "shell", inline: "apt-get update"
	c.vm.provision "shell", inline: "apt-get install -y openssh-server"
	c.vm.provision "shell", inline: setup_scenario
	end

	%w{client1 client2}.each do \|name\|
	config.vm.define name do \|c\|
	c.vm.box = 'precise64'
	c.vm.network 'private_network', ip: IP[name]
	end
	end

	end

	SSHD_CONFIG=<<EOF
	Port 22
	Protocol 2
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	HostKey /etc/ssh/ssh_host_ecdsa_key
	UsePrivilegeSeparation yes

	SyslogFacility AUTH
	LogLevel INFO

	LoginGraceTime 120
	PermitRootLogin yes
	StrictModes yes

	RSAAuthentication yes
	PubkeyAuthentication yes
	UsePAM yes

	IgnoreRhosts yes
	RhostsRSAAuthentication no
	HostbasedAuthentication no
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	PasswordAuthentication yes

	X11Forwarding no
	TCPKeepAlive yes
	AcceptEnv LANG LC_*

	GatewayPorts no
	AllowTcpForwarding remote
	EOF