mpdhavale/expose_internet.sh

## expose_internet.sh
#!/bin/bash

# This script shares a local internet connection with a remote $HOST.
# The result is that that remote $HOST can use "localhost:12345" as a SOCKS5 proxy.

# NOTE: This script is only needed if the remote $HOST cannot already SSH to this (local) host
# (i.e, the host with an internet connection).  If your remote $HOST *CAN* already SSH to a host
# with an internet connection, ignore this script and just run the following from the remote $HOST:
# ssh -D localhost:12345 $INTERNET_ENABLED_HOST

# This script does the following:
# 1) Exposes the local host's SSH service to the remote $HOST
# 2) Tells the remote $HOST to open up dynamic port forwarding through the exposed service.

# Prerequisites:
# - AllowTCPForwarding must be enabled on both this host and the remote $HOST.
# - Assumes bidirectional passwordless SSH for the user running the script (root/sudo is not needed).

# Other notes:
# - This host's SSH is exposed as "localhost:56789" on the remote $HOST.
# - The remote $HOST should use "localhost:12345" as the SOCKS5 proxy.
# - Name resolution should work properly when using the proxied connection.
# - Most commands will allow you to explicitly specify a proxy server. EX:
#   curl --socks5 localhost:12345 -o DESIRED_FILENAME http://URL_TO_FILE


# Get remote $HOST from command line:
HOST=$1

# Ensure that user specified a host:
if [[ -z $HOST ]]
then
   echo "-- ERROR:  No hostname specified."
   echo "-- USAGE:  $0 HOSTNAME"
   exit
fi

# Kill existing local tunnel:
kill $(ps -ef | grep 56789:localhost:22 | grep -v grep | awk '{print $2}') 2>/dev/null

# Kill existing remote tunnel:
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}')
if [[ ! -z $PID ]]
then
   ssh -o loglevel=quiet $HOST "kill $PID"
fi

# Establish remote port forwarding tunnel to $HOST:
ssh -o loglevel=quiet -fN -R 56789:localhost:22 $HOST

# Establish dynamic port forwarding tunnel from $HOST back to jump box:
ssh -o loglevel=quiet -f $HOST 'ssh -o loglevel=quiet -fN -D localhost:12345 localhost -p 56789'

# Verify that tunnel from jump box to $HOST is established:
if [[ $(ps -ef | grep 56789:localhost:22 | grep -v grep | wc -l) -eq 1 ]]
then
   echo "-- Jump box SSH successfully exposed to ${HOST}!"
else
   echo "-- ERROR: tunnel from jump box to $HOST failed."
fi

# Verify that tunnel from $HOST to jump box is established:
PID=$(ssh -o loglevel=quiet $HOST "ps -ef | grep localhost:12345 | grep -v grep" | awk '{print $2}')
if [[ ! -z $PID ]]
then
   echo "-- Dynamic forwarding from $HOST to jump box successfully established!"
else
   echo "-- ERROR: tunnel from $HOST to jump box failed."
fi

# You can see the tunnels involved with:
# ps -ef | grep -e 12345 -e 56789 | grep -v grep
	#!/bin/bash

	# This script shares a local internet connection with a remote $HOST.
	# The result is that that remote $HOST can use "localhost:12345" as a SOCKS5 proxy.

	# NOTE: This script is only needed if the remote $HOST cannot already SSH to this (local) host
	# (i.e, the host with an internet connection). If your remote $HOST CAN already SSH to a host
	# with an internet connection, ignore this script and just run the following from the remote $HOST:
	# ssh -D localhost:12345 $INTERNET_ENABLED_HOST

	# This script does the following:
	# 1) Exposes the local host's SSH service to the remote $HOST
	# 2) Tells the remote $HOST to open up dynamic port forwarding through the exposed service.

	# Prerequisites:
	# - AllowTCPForwarding must be enabled on both this host and the remote $HOST.
	# - Assumes bidirectional passwordless SSH for the user running the script (root/sudo is not needed).

	# Other notes:
	# - This host's SSH is exposed as "localhost:56789" on the remote $HOST.
	# - The remote $HOST should use "localhost:12345" as the SOCKS5 proxy.
	# - Name resolution should work properly when using the proxied connection.
	# - Most commands will allow you to explicitly specify a proxy server. EX:
	# curl --socks5 localhost:12345 -o DESIRED_FILENAME http://URL_TO_FILE


	# Get remote $HOST from command line:
	HOST=$1

	# Ensure that user specified a host:
	if [[ -z $HOST ]]
	then
	echo "-- ERROR: No hostname specified."
	echo "-- USAGE: $0 HOSTNAME"
	exit
	fi

	# Kill existing local tunnel:
	kill $(ps -ef \| grep 56789:localhost:22 \| grep -v grep \| awk '{print $2}') 2>/dev/null

	# Kill existing remote tunnel:
	PID=$(ssh -o loglevel=quiet $HOST "ps -ef \| grep localhost:12345 \| grep -v grep" \| awk '{print $2}')
	if [[ ! -z $PID ]]
	then
	ssh -o loglevel=quiet $HOST "kill $PID"
	fi

	# Establish remote port forwarding tunnel to $HOST:
	ssh -o loglevel=quiet -fN -R 56789:localhost:22 $HOST

	# Establish dynamic port forwarding tunnel from $HOST back to jump box:
	ssh -o loglevel=quiet -f $HOST 'ssh -o loglevel=quiet -fN -D localhost:12345 localhost -p 56789'

	# Verify that tunnel from jump box to $HOST is established:
	if [[ $(ps -ef \| grep 56789:localhost:22 \| grep -v grep \| wc -l) -eq 1 ]]
	then
	echo "-- Jump box SSH successfully exposed to ${HOST}!"
	else
	echo "-- ERROR: tunnel from jump box to $HOST failed."
	fi

	# Verify that tunnel from $HOST to jump box is established:
	PID=$(ssh -o loglevel=quiet $HOST "ps -ef \| grep localhost:12345 \| grep -v grep" \| awk '{print $2}')
	if [[ ! -z $PID ]]
	then
	echo "-- Dynamic forwarding from $HOST to jump box successfully established!"
	else
	echo "-- ERROR: tunnel from $HOST to jump box failed."
	fi

	# You can see the tunnels involved with:
	# ps -ef \| grep -e 12345 -e 56789 \| grep -v grep