Created
March 27, 2021 15:03
-
-
Save geektheripper/5232ed42ce9068181e8f9d0f64ed2798 to your computer and use it in GitHub Desktop.
套娃 ssh 转发,转发私钥登录的 ssh 为密码登录
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| SP_USER=geektr | |
| SP_PORT=2222 | |
| # in docker: | |
| # create user and echo it's password | |
| if [[ "$IN_DOCKER" == "true" ]]; then | |
| SP_PASSWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)" | |
| echo "==================" | |
| echo "password: $SP_PASSWD" | |
| echo "==================" | |
| ssh-keygen -A | |
| adduser $SP_USER -s /bin/matryoshka -D | |
| echo "$SP_USER:$SP_PASSWD" | chpasswd | |
| /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config | |
| exit | |
| fi | |
| # as user shell in ssh in docker: | |
| # ssh to target server | |
| if [[ "$SHELL" == "/bin/matryoshka" ]]; then | |
| ssh -i /key -o StrictHostKeyChecking=no root@kyou.geektr.co | |
| fi | |
| # run in workspace and ssh-proxy not create yet: | |
| # create it | |
| if [[ "$(docker ps -f 'Name=ssh-proxy' -q)" == "" ]]; then | |
| docker run -it --rm --name ssh-proxy \ | |
| -v "$HOME/.ssh/keys/geektr.co/root:/key" \ | |
| -v "$PWD/matryoshka.sh:/bin/matryoshka" \ | |
| -e IN_DOCKER=true \ | |
| -p 2222:22 \ | |
| geektr/alpine-ssh /bin/matryoshka | |
| exit | |
| fi | |
| # run in workspace and ssh-proxy created: | |
| # clear fingerprint and connect to it | |
| ssh-keygen -f "/home/geektr/.ssh/known_hosts" -R '[localhost]:'"$SP_PORT" | |
| ssh -p 2222 -o StrictHostKeyChecking=no geektr@localhost |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment