jvaubourg/shareterminal.sh

## shareterminal.sh
#!/bin/bash

# SERVER:
#      sudo apt-get install certbot socat tmux
#      sudo ./shareterminal.sh
#        Your stage: tmux new-session -As remote
#        Your spectators: tmux lsc -t remote
#
# CLIENTS:
#      curl -N https://tmux.example.com:1337
#   or curl -N https://tmux.example.com:1337 -H 'X-Pass: foobar'

_DOMAIN=tmux.example.com
_PORT=1337 # > 1023
_PASS= # empty to disable

_LETSENCRYPT_MAIL=julien@example.com
_UNIX_USER=ju

_TMUX_WIDTH=128
_TMUX_HEIGHT=32


## SCRIPT

set -Efuo pipefail

if [ "${EUID}" -ne 0 ]; then
  echo '[ERR] You must be root.' >&2
  exit 1
fi

function reverse() {
  trap - EXIT ERR INT

  if [ ! -z "${net_device}" ]; then
    iptables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT
    ip6tables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT

    iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null || true
    ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null || true
  fi

  exit 0
}

tmux_name=remote
net_device=$(ip r g 1.2.3.4 | awk '/via/ { print $5 }')

if [ -z "${net_device}" ]; then
  echo '[ERR] Unable to guess your network device.' >&2
  exit 1
fi

trap reverse EXIT ERR INT

ip6tables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT

certbot certonly -qn --standalone --preferred-challenges tls-sni --rsa-key-size 4096 --agree-tos -m "${_LETSENCRYPT_MAIL}" -d "${_DOMAIN}"

mkdir -p "/etc/ssl/${_DOMAIN}/"
cp "/etc/letsencrypt/live/${_DOMAIN}/privkey.pem" "/etc/ssl/${_DOMAIN}/"
cp "/etc/letsencrypt/live/${_DOMAIN}/cert.pem" "/etc/ssl/${_DOMAIN}/"
cp "/etc/letsencrypt/live/${_DOMAIN}/chain.pem" "/etc/ssl/${_DOMAIN}/"

ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT
iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT

ip6tables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT
iptables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT

echo -e "SERVER (${_UNIX_USER}):\n\t tmux new-session -As ${tmux_name}"

if [ -z "${_PASS}" ]; then
  echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT}"
else
  echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT} -H 'X-Pass: ${_PASS}'"
fi

echo -e "\nReady... ^C to stop\n"

sudo -Eu "${_UNIX_USER}" socat\
  "OPENSSL-LISTEN:${_PORT},pf=ip6,ipv6only=0,fork,reuseaddr,cert=/etc/ssl/${_DOMAIN}/cert.pem,key=/etc/ssl/${_DOMAIN}/privkey.pem,cafile=/etc/ssl/${_DOMAIN}/chain.pem,verify=0"\
  "SYSTEM:\
    ( while [ -e /proc/\$PPID ]; do sleep 1; done; kill -TERM \$\$ ) &\
    if [ ! -z \"${_PASS}\" ]; then\
      while read -r i; do\
        if [ \"\$i\" != \"\${i##X-Pass:}\" ]; then\
          [ \"\$i\" = \"X-Pass: ${_PASS}\" ] && break;
          echo Wrong password.;\
          exit 0;\
        fi;\
      done;\
    fi;\
    stty cols ${_TMUX_WIDTH};\
    stty rows ${_TMUX_HEIGHT};\
    exec tmux attach -r -t ${tmux_name}\
",pty,stderr

exit 0
	#!/bin/bash

	# SERVER:
	# sudo apt-get install certbot socat tmux
	# sudo ./shareterminal.sh
	# Your stage: tmux new-session -As remote
	# Your spectators: tmux lsc -t remote
	#
	# CLIENTS:
	# curl -N https://tmux.example.com:1337
	# or curl -N https://tmux.example.com:1337 -H 'X-Pass: foobar'

	_DOMAIN=tmux.example.com
	_PORT=1337 # > 1023
	_PASS= # empty to disable

	_LETSENCRYPT_MAIL=julien@example.com
	_UNIX_USER=ju

	_TMUX_WIDTH=128
	_TMUX_HEIGHT=32


	## SCRIPT

	set -Efuo pipefail

	if [ "${EUID}" -ne 0 ]; then
	echo '[ERR] You must be root.' >&2
	exit 1
	fi

	function reverse() {
	trap - EXIT ERR INT

	if [ ! -z "${net_device}" ]; then
	iptables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT
	ip6tables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT

	iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null \|\| true
	ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null \|\| true
	fi

	exit 0
	}

	tmux_name=remote
	net_device=$(ip r g 1.2.3.4 \| awk '/via/ { print $5 }')

	if [ -z "${net_device}" ]; then
	echo '[ERR] Unable to guess your network device.' >&2
	exit 1
	fi

	trap reverse EXIT ERR INT

	ip6tables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT
	iptables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT

	certbot certonly -qn --standalone --preferred-challenges tls-sni --rsa-key-size 4096 --agree-tos -m "${_LETSENCRYPT_MAIL}" -d "${_DOMAIN}"

	mkdir -p "/etc/ssl/${_DOMAIN}/"
	cp "/etc/letsencrypt/live/${_DOMAIN}/privkey.pem" "/etc/ssl/${_DOMAIN}/"
	cp "/etc/letsencrypt/live/${_DOMAIN}/cert.pem" "/etc/ssl/${_DOMAIN}/"
	cp "/etc/letsencrypt/live/${_DOMAIN}/chain.pem" "/etc/ssl/${_DOMAIN}/"

	ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT
	iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT

	ip6tables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT
	iptables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT

	echo -e "SERVER (${_UNIX_USER}):\n\t tmux new-session -As ${tmux_name}"

	if [ -z "${_PASS}" ]; then
	echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT}"
	else
	echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT} -H 'X-Pass: ${_PASS}'"
	fi

	echo -e "\nReady... ^C to stop\n"

	sudo -Eu "${_UNIX_USER}" socat\
	"OPENSSL-LISTEN:${_PORT},pf=ip6,ipv6only=0,fork,reuseaddr,cert=/etc/ssl/${_DOMAIN}/cert.pem,key=/etc/ssl/${_DOMAIN}/privkey.pem,cafile=/etc/ssl/${_DOMAIN}/chain.pem,verify=0"\
	"SYSTEM:\
	( while [ -e /proc/\$PPID ]; do sleep 1; done; kill -TERM \$\$ ) &\
	if [ ! -z \"${_PASS}\" ]; then\
	while read -r i; do\
	if [ \"\$i\" != \"\${i##X-Pass:}\" ]; then\
	[ \"\$i\" = \"X-Pass: ${_PASS}\" ] && break;
	echo Wrong password.;\
	exit 0;\
	fi;\
	done;\
	fi;\
	stty cols ${_TMUX_WIDTH};\
	stty rows ${_TMUX_HEIGHT};\
	exec tmux attach -r -t ${tmux_name}\
	",pty,stderr

	exit 0