Last active
March 13, 2019 19:13
-
-
Save mpdhavale/85f16d7321cbaa202ef213ffdc535db1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script shares a local internet connection with a remote $HOST. | |
# The result is that that remote $HOST can use "localhost:12345" as a SOCKS5 proxy. | |
# NOTE: This script is only needed if the remote $HOST cannot already SSH to this (local) host | |
# (i.e, the host with an internet connection). If your remote $HOST *CAN* already SSH to a host | |
# with an internet connection, ignore this script and just run the following from the remote $HOST: | |
# ssh -D localhost:12345 $INTERNET_ENABLED_HOST | |
# This script does the following: | |
# 1) Exposes the local host's SSH service to the remote $HOST | |
# 2) Tells the remote $HOST to open up dynamic port forwarding through the exposed service. | |
# Prerequisites: | |
# - AllowTCPForwarding must be enabled on both this host and the remote $HOST. | |
# - Assumes bidirectional passwordless SSH for the user running the script (root/sudo is not needed). | |
# Other notes: | |
# - This host's SSH is exposed as "localhost:56789" on the remote $HOST. | |
# - The remote $HOST should use "localhost:12345" as the SOCKS5 proxy. | |
# - Name resolution should work properly when using the proxied connection. | |
# - Most commands will allow you to explicitly specify a proxy server. EX: | |
# curl --socks5 localhost:12345 -o DESIRED_FILENAME http://URL_TO_FILE | |
# Get remote $HOST from command line: | |
HOST=$1 | |
# Ensure that user specified a host: | |
if [[ -z $HOST ]] | |
then | |
echo "-- ERROR: No hostname specified." | |
echo "-- USAGE: $0 HOSTNAME" | |
exit | |
fi | |
# Kill existing local tunnel: | |
kill $(ps -ef | grep 56789:localhost:22 | grep -v grep | awk '{print $2}') 2>/dev/null | |
# Kill existing remote tunnel: | |
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}') | |
if [[ ! -z $PID ]] | |
then | |
ssh -o loglevel=quiet $HOST "kill $PID" | |
fi | |
# Establish remote port forwarding tunnel to $HOST: | |
ssh -o loglevel=quiet -fN -R 56789:localhost:22 $HOST | |
# Establish dynamic port forwarding tunnel from $HOST back to jump box: | |
ssh -o loglevel=quiet -f $HOST 'ssh -o loglevel=quiet -fN -D localhost:12345 localhost -p 56789' | |
# Verify that tunnel from jump box to $HOST is established: | |
if [[ $(ps -ef | grep 56789:localhost:22 | grep -v grep | wc -l) -eq 1 ]] | |
then | |
echo "-- Jump box SSH successfully exposed to ${HOST}!" | |
else | |
echo "-- ERROR: tunnel from jump box to $HOST failed." | |
fi | |
# Verify that tunnel from $HOST to jump box is established: | |
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}') | |
if [[ ! -z $PID ]] | |
then | |
echo "-- Dynamic forwarding from $HOST to jump box successfully established!" | |
else | |
echo "-- ERROR: tunnel from $HOST to jump box failed." | |
fi | |
# You can see the tunnels involved with: | |
# ps -ef | grep -e 12345 -e 56789 | grep -v grep |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment