|
#!/bin/bash |
|
|
|
# SERVER: |
|
# sudo apt-get install certbot socat tmux |
|
# sudo ./shareterminal.sh |
|
# Your stage: tmux new-session -As remote |
|
# Your spectators: tmux lsc -t remote |
|
# |
|
# CLIENTS: |
|
# curl -N https://tmux.example.com:1337 |
|
# or curl -N https://tmux.example.com:1337 -H 'X-Pass: foobar' |
|
|
|
_DOMAIN=tmux.example.com |
|
_PORT=1337 # > 1023 |
|
_PASS= # empty to disable |
|
|
|
_LETSENCRYPT_MAIL=julien@example.com |
|
_UNIX_USER=ju |
|
|
|
_TMUX_WIDTH=128 |
|
_TMUX_HEIGHT=32 |
|
|
|
|
|
## SCRIPT |
|
|
|
set -Efuo pipefail |
|
|
|
if [ "${EUID}" -ne 0 ]; then |
|
echo '[ERR] You must be root.' >&2 |
|
exit 1 |
|
fi |
|
|
|
function reverse() { |
|
trap - EXIT ERR INT |
|
|
|
if [ ! -z "${net_device}" ]; then |
|
iptables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT |
|
ip6tables -D INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT |
|
|
|
iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null || true |
|
ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT &> /dev/null || true |
|
fi |
|
|
|
exit 0 |
|
} |
|
|
|
tmux_name=remote |
|
net_device=$(ip r g 1.2.3.4 | awk '/via/ { print $5 }') |
|
|
|
if [ -z "${net_device}" ]; then |
|
echo '[ERR] Unable to guess your network device.' >&2 |
|
exit 1 |
|
fi |
|
|
|
trap reverse EXIT ERR INT |
|
|
|
ip6tables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT |
|
iptables -I INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT |
|
|
|
certbot certonly -qn --standalone --preferred-challenges tls-sni --rsa-key-size 4096 --agree-tos -m "${_LETSENCRYPT_MAIL}" -d "${_DOMAIN}" |
|
|
|
mkdir -p "/etc/ssl/${_DOMAIN}/" |
|
cp "/etc/letsencrypt/live/${_DOMAIN}/privkey.pem" "/etc/ssl/${_DOMAIN}/" |
|
cp "/etc/letsencrypt/live/${_DOMAIN}/cert.pem" "/etc/ssl/${_DOMAIN}/" |
|
cp "/etc/letsencrypt/live/${_DOMAIN}/chain.pem" "/etc/ssl/${_DOMAIN}/" |
|
|
|
ip6tables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT |
|
iptables -D INPUT -p tcp -i "${net_device}" --dport 443 -j ACCEPT |
|
|
|
ip6tables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT |
|
iptables -I INPUT -p tcp -i "${net_device}" --dport "${_PORT}" -j ACCEPT |
|
|
|
echo -e "SERVER (${_UNIX_USER}):\n\t tmux new-session -As ${tmux_name}" |
|
|
|
if [ -z "${_PASS}" ]; then |
|
echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT}" |
|
else |
|
echo -e "CLIENTS:\n\t curl -N https://${_DOMAIN}:${_PORT} -H 'X-Pass: ${_PASS}'" |
|
fi |
|
|
|
echo -e "\nReady... ^C to stop\n" |
|
|
|
sudo -Eu "${_UNIX_USER}" socat\ |
|
"OPENSSL-LISTEN:${_PORT},pf=ip6,ipv6only=0,fork,reuseaddr,cert=/etc/ssl/${_DOMAIN}/cert.pem,key=/etc/ssl/${_DOMAIN}/privkey.pem,cafile=/etc/ssl/${_DOMAIN}/chain.pem,verify=0"\ |
|
"SYSTEM:\ |
|
( while [ -e /proc/\$PPID ]; do sleep 1; done; kill -TERM \$\$ ) &\ |
|
if [ ! -z \"${_PASS}\" ]; then\ |
|
while read -r i; do\ |
|
if [ \"\$i\" != \"\${i##X-Pass:}\" ]; then\ |
|
[ \"\$i\" = \"X-Pass: ${_PASS}\" ] && break; |
|
echo Wrong password.;\ |
|
exit 0;\ |
|
fi;\ |
|
done;\ |
|
fi;\ |
|
stty cols ${_TMUX_WIDTH};\ |
|
stty rows ${_TMUX_HEIGHT};\ |
|
exec tmux attach -r -t ${tmux_name}\ |
|
",pty,stderr |
|
|
|
exit 0 |