Skip to content

Instantly share code, notes, and snippets.

@openoms
Created June 10, 2019 13:09
Show Gist options
  • Save openoms/e90f6e6cd1f36a9044ab274e46ea1da3 to your computer and use it in GitHub Desktop.
Save openoms/e90f6e6cd1f36a9044ab274e46ea1da3 to your computer and use it in GitHub Desktop.
###### User friendly interface script for use with ./dojo [command] ######
I set it up to be used with passwordless root login via ssh, as you need to be root to utilize
the ./dojo [commands], also because I run everything headless from my laptop. This may not be
for you if you don't want to permit root login to the machine running your Dojo. I have my VMs
set up with passwordless pubkeys and UFW so that my host machine is the only one that can login
to the VMs via ssh. It is somewhat of a security risk if you do not structure yourself properly,
so please be cautious.
At the end of the script there is haggard documentation on how to setup ssh pubkeys.
Begining of script
-------------------------------------------------------------------------------------------------------------------------
#!/bin/bash
### Dojo information ###################
# All you need to input...
SSH_PORT="22"
IP="xxx.xxx.x.xxx"
PATH_T0_DOJO_DOT_SH="/home/path/to/dojo_dir/docker/my-dojo/"
########################################
SSH_CMD="ssh -tt -p $SSH_PORT root@$IP"
CMD1="cd $PATH_T0_DOJO_DOT_SH"
DOJO_CMD=("---EXIT---" "help" "bitcoin-cli" "logs" "onion" "restart" "start" "stop" "install" "uninstall")
LOG_MODULES=("---BACK---" "bitcoind" "db" "tor" "api" "tracker" "pushtx" "pushtx-orchest")
while true; do
GOBACK="no"
echo " "
echo "---------------- SAMOURAI DOJO INTERACTION SCRIPT ----------------"
# Display options for user selection
for ((i=0; i < ${#DOJO_CMD[*]}; i++)); do
echo " "
echo " $i ) ${DOJO_CMD[$i]}"
done
# Prompt for user selection
while true; do
echo " "
read -p "Please enter a number corresponding to what you'd like to do: " NUM
echo "------------------------------------------------------------------"
# Numbers outside available options loop back
if [[ $NUM -lt 0 || $NUM -gt ${#DOJO_CMD[*]}-1 ]]; then
echo " "
echo "Option not available, please try again..."
echo " "
sleep 2
# User selected Exit
elif [ $NUM -eq 0 ]; then
exit 0
# Prompt for confirmation on start, stop, restart, install, and uninstall options
elif [ $NUM -gt 4 ]; then
while true; do
echo " "
read -p "Please confirm you would like to ${DOJO_CMD[$NUM]} the Dojo [y/n]: " yn
case $yn in
[Yy]* ) CONFIRM="yes"; break;;
[Nn]* ) GOBACK="yes"; break;;
* ) echo "Please answer y or n."
esac
done
else
break
fi
# Prompt again for uninstall
if [ $NUM -eq 9 ]; then
while true; do
echo " "
read -p "Are you ABSOLUTELY sure you'd like to ${DOJO_CMD[$NUM]} the Dojo [y/n]:" yn
case $yn in
[Yy]* ) CONFIRM="yes"; break;;
[Nn]* ) GOBACK="yes"; break;;
* ) echo "Please answer y or n."
esac
done
fi
# Break primary while loop if user selects yes for confirmations
if [[ "$GOBACK" = "yes" || "$CONFIRM" = "yes" ]]; then
break
fi
done
# Options for logs
if [ "${DOJO_CMD[$NUM]}" = "logs" ]; then
while true; do
EXECUTE="no"
echo " "
echo " ---Available Logs---"
echo " "
# Display options for user selection
for ((i=0; i < ${#LOG_MODULES[*]}; i++)); do
echo " $i) ${LOG_MODULES[$i]}"
echo " "
done
echo "----------- press CTRL+C to exit the log when finished -----------"
echo " "
read -p "Please enter a number corresponding to what logs you'd like to view: " LNUM
echo " "
# Numbers outside available options loop back
if [[ $LNUM -lt 0 || $LNUM -gt ${#LOG_MODULES[*]}-1 ]]; then
echo "Option not available, please try again..."
echo " "
sleep 2
# User selection to go back
elif [ $LNUM -eq 0 ]; then
GOBACK="yes"
break
# Additional command options for api tracker pushtx pushtx-orchest
elif [ $LNUM -gt 3 ]; then
echo "Available options are '-d [VALUE]' **OR** '-n [VALUE]'"
echo " "
read -p "Please enter one now: " AVAIL_OPTIONS
EXECUTE="yes"
else
AVAIL_OPTIONS=""
EXECUTE="yes"
fi
if [ "$EXECUTE" = "yes" ]; then
trap "echo" SIGINT SIGTERM
$SSH_CMD "$CMD1 && ./dojo.sh logs ${LOG_MODULES[$LNUM]} $AVAIL_OPTIONS"
trap - SIGINT SIGTERM
fi
done
fi
# bitcoin-cli interaction
if [ "${DOJO_CMD[$NUM]}" = "bitcoin-cli" ]; then
while true; do
read -p "bitcoin-cli [what command?] (x to go back): " BCMD
if [[ "$BCMD" = "X" || "$BCMD" = "x" ]]; then
break
else
$SSH_CMD "$CMD1 && ./dojo.sh ${DOJO_CMD[$NUM]} $BCMD"
echo "------------------------------------------------------------------"
fi
done
# If user selected yes to a prompt, run the selection
elif [ "$GOBACK" != "yes" ]; then
$SSH_CMD "$CMD1 && ./dojo.sh ${DOJO_CMD[$NUM]}"
echo " "
# Prompt for another action
while true; do
read -p "Do something else? [y/n]: " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit 0;;
* ) echo "Please answer y or n."
esac
done
fi
done
--------------------------------------------------------------------------------------------------------------------------
End of script
######### Setup passwordless ssh login to your Dojo ######################################################################
My ssh setup as an example... passwordless ########
|-------------------> # VM 1 #
| pubkey ########
########## pubkey + 2FA + user pass ################ | UFW (Host machine &
# Laptop # ---------------------------------> # Host Machine # <-----| other VMs) VMs only)
########## ################ |
UFW (Laptop & VMs Only) | passwordless ########
|-------------------> # VM 2 #
| pubkey ########
| UFW (Host machine &
| other VMs) VMs only)
|
| passwordless ########
|-------------------> # VM 3 #
| pubkey ########
| UFW (Host machine &
etc. other VMs) VMs only)
## **On the machine that runs Dojo, as non-root user** ##
## If you have already generated passwordless ssh keys, go to STEP 2
## STEP 1:
$ ssh-keygen -b 4096
enter --> enter --> enter
## Correct permissions
$ sudo chmod 700 ~/.ssh
## Get your public key
## STEP 2:
$ cat ~/.ssh/id_rsa.pub
## Copy the pubkey
## Add your non-root user as an authorized login to your root user on your Dojo
## STEP 3:
$ sudo -s
$ if [ -d /root/.ssh ]; then nano /root/.ssh/authorized_keys; else mkdir /root/.ssh; nano /root/.ssh/authorized_keys; fi
##Paste your non-root user's pubkey into your root user's authorized_key file
## Save and exit
ctrl+x --> y --> return
## Correct permissions
$ chmod 600 /root/.ssh/authorized_keys
## Log out of root user
$ exit
## On your laptop or remote machine that you login to your Dojo with,
## repeate STEP 1 & STEP 2, then do STEP 3 again for your Dojo root user
## Add your laptop or remote machine's pubkeys to the authorized_keys of your non-root Dojo user
## STEP 4:
$ nano ~/.ssh/authorized_keys
### Paste your laptop's pubkey into your non-root user's authorized_key file
### Save and exit
ctrl+x --> y --> return
## Correct permissions
$ sudo chmod 600 ~/.ssh/authorized_keys
## Configure sshd_config on Dojo machine
## If you login to the machine that runs Dojo from anywhere else, you will need to add that machine's pubkyes to
## the user's authorized_keys file, otherwise you will be locked out...
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
$ sudo nano /etc/ssh/sshd_config
## Alterations to /etc/ssh/sshd_config:
Port 2222 # <-- only if you want to change it, make sure to update UFW and the script above...
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication no
## Save and exit
ctrl+x --> y --> return
## Restart sshd service
$ sudo service sshd restart
## DO NOT EXIT OUT OF THE TERMINAL CURRENTLY LOGGED INTO YOUR DOJO MACHINE
## On a remote machine you set this up to work with, open a terminal and try to login to the Dojo via ssh.
## Be sure to try loging into both Dojo's non-root & root users
## Done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment