[BASH] - SSH Config Example

1. #!/system/xbin/bash
2. . /system/etc/sshd.conf
3. clear
4.  
5. echo "---CONFIGURE-SSH-DAEMON---"
6. echo ""
7. read -s -p "Enter password:" CPASS
8. echo ""
9. until [ "$CPASS" = "$PASS" ]; do
10. read -s -p "Wrong password, try again:" CPASS
11. echo ""
12. done
13.  
14. mount -o remount,rw /system
15.  
16. echo ""
17.  
18. read -s -p "Enter new password:" NEWPASS
19. echo ""
20. while [[ -z "$NEWPASS" ]]; do
21. echo ""
22. echo "Password CAN NOT be blank"
23. echo ""
24. read -s -p "Enter new password:" NEWPASS;
25. echo ""
26. done
27.  
28. sed -i -e"s/^PASS=.*/PASS=$NEWPASS/" /etc/sshd.conf
29. if test $? -eq 0; then
30. echo 'password written'
31. else
32. echo 'write attempt failed!'
33. fi
34.  
35. echo ""
36.  
37. read -p "Enter new port: " NEWPORT
38. if test "$NEWPORT" = ""; then
39. echo "DEFAULT PORT #2222"; sed -i -e"s/^PORT=.*/PORT=2222/" /etc/sshd.conf
40. else
41. sed -i -e"s/^PORT=.*/PORT=$NEWPORT/" /etc/sshd.conf
42. fi
43.  
44. if test $? -eq 0; then
45. echo "port set"
46. else
47. echo "write attempt failed!"
48. fi
49.  
50. echo ""
51.  
52. while true
53.   do
54.     read -r -p 'Enable SSH? ' choice
55.   case "$choice" in
56.     n|N|no|No|NO) echo "SSH disabled";
57.   if [[ -e /system/etc/init.d/60dropbear ]]; then
58.     rm /etc/init.d/60dropbear
59.   else
60.     break
61.   fi;
62.     break;;
63.     y|Y|yes|Yes|YEs|YES|YeS|yeS|yES) echo "SSH enabled";
64.   if [[ ! -e /system/etc/init.d/60dropbear ]]; then
65.     touch /system/etc/init.d/60dropbear;
66.     echo "#!/system/bin/sh" >> /system/etc/init.d/60dropbear;
67.     echo "" >> /system/etc/init.d/60dropbear;
68.     echo "if [[ ! -d /data/data/br.com.bott.droidsshd ]]; then
69. ln -s /system/etc/dropbear/data/br.com.bott.droidsshd /data/data/br.com.bott.droidsshd
70. fi" >> /system/etc/init.d/60dropbear;
71.     echo "" >> /system/etc/init.d/60dropbear;
72.     echo "sleep 1" >> /system/etc/init.d/60dropbear;
73.     echo "" >> /system/etc/init.d/60dropbear;
74.     echo "dropbear" >> /system/etc/init.d/60dropbear;
75.     chmod 755 /etc/init.d/60dropbear;
76.   else
77.     break
78.   fi; break;;
79.     *) echo 'Nothing done';
80.     break;;
81.   esac
82. done
83.  
84. echo ""
85.  
86. echo "---CONFIGURE-REVERSE-SSH---"
87.  
88. echo ""
89.  
90. read -p "Enter reverse listen port: " NEWREVPORT
91. if test "$NEWREVPORT" = ""; then
92. echo "DEFAULT IS BLANK"; sed -i -e"s/^REVPORT=.*/REVPORT=/" /etc/sshd.conf
93. else
94. sed -i -e"s/^REVPORT=.*/REVPORT=$NEWREVPORT/" /etc/sshd.conf
95. fi
96.  
97. if test $? -eq 0; then
98. echo "port set"
99. else
100. echo "write attempt failed!"
101. fi
102.  
103. echo ""
104.  
105. read -p "Enter remote server: " NEWREMSERV
106. if test "$NEWREMSERV" = ""; then
107. echo "DEFAULT IS BLANK"; sed -i -e"s/^REMSERV=.*/REMSERV=/" /etc/sshd.conf
108. else
109. sed -i -e"s/^REMSERV=.*/REMSERV=$NEWREMSERV/" /etc/sshd.conf
110. fi
111.  
112. if test $? -eq 0; then
113. echo "server set"
114. else
115. echo "write attempt failed!"
116. fi
117.  
118. echo ""
119.  
120. read -p "Enter remote serv port: " NEWREMSERVPORT
121. if test "$NEWREMSERVPORT" = ""; then
122. echo "DEFAULT IS 22"; sed -i -e"s/^REMSERVPORT=.*/REMSERVPORT=22/" /etc/sshd.conf
123. else
124. sed -i -e"s/^REMSERVPORT=.*/REMSERVPORT=$NEWREMSERVPORT/" /etc/sshd.conf
125. fi
126.  
127. if test $? -eq 0; then
128. echo "port set"
129. else
130. echo "write attempt failed!"
131. fi
132.  
133. echo ""
134.  
135. read -p "Enter remote username: " NEWREMUSER
136. if test "$NEWREMUSER" = ""; then
137. echo "DEFAULT IS BLANK"; sed -i -e"s/^REMUSER=.*/REMUSER=/" /etc/sshd.conf
138. else
139. sed -i -e"s/^REMUSER=.*/REMUSER=$NEWREMUSER/" /etc/sshd.conf
140. fi
141.  
142. if test $? -eq 0; then
143. echo "username set"
144. else
145. echo "write attempt failed!"
146. fi
147.  
148. echo ""
149.  
150. while true
151.   do
152.     read -r -p 'Enable reverse ssh? ' choice
153.     case "$choice" in
154.     n|N|no|No|NO) echo "Reverse SSH disabled";
155.   if [[ -e /system/etc/init.d/70sshtunnel ]]; then
156.     rm /etc/init.d/70sshtunnel
157.   else
158.     break
159.   fi;
160.     break;;
161.     y|Y|yes|Yes|YEs|YES|YeS|yeS|yES) echo "Reverse SSH enabled";
162.   if [[ ! -e /system/etc/init.d/70sshtunnel ]]; then
163.     touch /etc/init.d/70sshtunnel;
164.     echo "#!/system/xbin/bash" >> /system/etc/init.d/70sshtunnel;
165.     echo "" >> /system/etc/init.d/70sshtunnel;
166.     echo "reverse_ssh >/dev/null" >> /system/etc/init.d/70sshtunnel;
167.     chmod 755 /etc/init.d/70sshtunnel;
168.   else
169.     break
170.   fi;
171.     break;;
172.     *) echo 'Nothing done';
173.     break;;
174.   esac
175. done
176.  
177. echo ""
178.  
179. echo "---CONFIGURE-HTTP-PROXY---"
180. echo ""
181.  
182. read -p "Enter socks listen port: " NEWSOCKPORT
183. if test "$NEWSOCKPORT" = ""; then
184. echo "DEFAULT IS BLANK"; sed -i -e"s/^SOCKSPORT=.*/SOCKSPORT=/" /etc/sshd.conf
185. else
186. sed -i -e"s/^SOCKSPORT=.*/SOCKSPORT=$NEWSOCKPORT/" /etc/sshd.conf
187. fi
188.  
189. if test $? -eq 0; then
190. echo "port set"
191. else
192. echo "write attempt failed!"
193. fi
194.  
195. echo ""
196.  
197. while true
198.   do
199.     read -r -p 'Enable http tunnel? ' choice
200.     case "$choice" in
201.     n|N|no|No|NO) echo "HTTP tunnel disabled";
202.    if [[ -e /system/etc/init.d/80httptunnel ]]; then
203.      rm /etc/init.d/80httptunnel
204.    else
205.     break
206.    fi; break;;
207.     y|Y|yes|Yes|YEs|YES|YeS|yeS|yES) echo "HTTP tunnel enabled";
208.    if [[ ! -e /system/etc/init.d/80httptunnel ]]; then
209.     touch /system/etc/init.d/80httptunnel;
210.     echo "#!/system/xbin/bash" >> /system/etc/init.d/80httptunnel;
211.     echo "" >> /system/etc/init.d/80httptunnel;
212.     echo "http_tunnel >/dev/null" >> /system/etc/init.d/80httptunnel;
213.     chmod 755 /etc/init.d/80httptunnel;
214.   else
215.     break
216.   fi; break;;
217.     *) echo 'Nothing done';
218.     break;;
219.   esac
220.   done
221.  
222. echo ""
223.  
224. echo "--CONFIGURE-DDNS--"
225. echo ""
226.  
227. read -p "Enter username: " DDNSUSER
228. if test "DDNSUSER" = ""; then
229. echo "DEFAULT UNCONFIGURED"; sed -i -e"s/^--username .*/--username/" /etc/inadyn.conf
230. else
231. sed -i -e"s/^--username .*/--username $DDNSUSER/" /etc/inadyn.conf
232. fi
233.  
234. if test $? -eq 0; then
235. echo "user set"
236. else
237. echo "write attempt failed!"
238. fi
239.  
240. echo ""
241.  
242. read -p "Enter password: " DDNSPASS
243. if test "DDNSPASS" = ""; then
244. echo "DEFAULT UNCONFIGURED"; sed -i -e"s/^--password .*/--password/" /etc/inadyn.conf
245. else
246. sed -i -e"s/^--password .*/--password $DDNSPASS/" /etc/inadyn.conf
247. fi
248.  
249. if test $? -eq 0; then
250. echo "pass set"
251. else
252. echo "write attempt failed!"
253. fi
254.  
255. echo ""
256.  
257. read -p "Enter alias: " DDNSALIAS
258. if test "DDNSALIAS" = ""; then
259. echo "DEFAULT UNCONFIGURED"; sed -i -e"s/^--alias .*/--alias/" /etc/inadyn.conf
260. else
261. sed -i -e"s/^--alias .*/--alias $DDNSALIAS/" /etc/inadyn.conf
262. fi
263.  
264. if test $? -eq 0; then
265. echo "alias set"
266. else
267. echo "write attempt failed!"
268. fi
269.  
270. echo ""
271.  
272. read -p "Enter provider: " DDNSSYSTEM
273. if test "DDNSSYSTEM" = ""; then
274. echo "DEFAULT UNCONFIGURED"; sed -i -e"s/^--dyndns_system .*/--dyndns_system/" /etc/inadyn.conf
275. else
276. sed -i -e"s/^--dyndns_system .*/--dyndns_system $DDNSSYSTEM/" /etc/inadyn.conf
277. fi
278.  
279. if test $? -eq 0; then
280. echo "provider set"
281. else
282. echo "write attempt failed!"
283. fi
284.  
285. echo ""
286.  
287. while true
288.   do
289.     read -r -p 'Enable DDNS? ' choice
290.     case "$choice" in
291.     n|N|no|No|NO) echo "DDNS disabled";
292.   if [[ -e /system/etc/init.d/50inadyn ]]; then
293.     rm /etc/init.d/50inadyn
294.   else
295.     break
296.   fi;
297.     break;;
298.     y|Y|yes|Yes|YEs|YES|YeS|yeS|yES) echo "DDNS enabled";
299.   if [[ ! -e /system/etc/init.d/50inadyn ]]; then
300.     touch /etc/init.d/50inadyn;
301.     echo "#!/system/xbin/bash" >> /system/etc/init.d/50inadyn;
302.     echo "" >> /system/etc/init.d/50inadyn;
303.     echo "inadyn >/dev/null" >> /system/etc/init.d/50inadyn;
304.     chmod 755 /etc/init.d/50inadyn;
305.   else
306.     break
307.   fi; break;;
308.     *) echo 'Nothing done';
309.     break;;
310.   esac
311. done
312.  
313. echo ""
314.  
315. echo "---REMOVE-OLD-KEYS---"
316. echo ""
317.  
318. while true
319.   do
320.     read -r -p 'Remove old key(s)? ' choice
321.     case "$choice" in
322.     n|N|no|No|NO) echo "Keeping old key(s)";
323.     break;;
324.     y|Y|yes|Yes|YEs|YES|YeS|yeS|yES) echo "Removing old key(s)";
325.     rm /etc/dropbear/data/br.com.bott.droidsshd/files/etc/dropbear_*_host_key;
326.     break;;
327.     *) echo 'Keeping old key(s)';
328.     break;;
329.   esac
330.   done
331.  
332. echo ""
333.  
334. echo "---GENERATING-RSA-KEY---"; dropbearkey -t rsa -f /etc/dropbear/data/br.com.bott.droidsshd/files/etc/dropbear_rsa_host_key; chmod 400 /etc/dropbear/data/br.com.bott.droidsshd/files/etc/dropbear_rsa_host_key
335.  
336. echo ""
337.  
338. echo "---GENERATING-DSS-KEY---"; dropbearkey -t dss -f /etc/dropbear/data/br.com.bott.droidsshd/files/etc/dropbear_dss_host_key; chmod 400 /etc/dropbear/data/br.com.bott.droidsshd/files/etc/dropbear_dss_host_key
339.  
340. echo ""
341.  
342. read -p "Enter path to private key: "  PRIKEYLOC
343. echo ""
344. echo "---CONVERTING-PRIVATE-KEY---"; mkdir /system/etc/.ssh; mkdir /sdcard/.ssh; rm /system/etc/.ssh/reverse_ssh_key; dropbearconvert openssh dropbear "$PRIKEYLOC" /system/etc/.ssh/reverse_ssh_key; chmod 400 /system/etc/.ssh/reverse_ssh_key; cp "$PRIKEYLOC" /system/etc/.ssh/openssh_key; chmod 400 /system/etc/.ssh/openssh_key
345.  
346. echo ""; echo "Restarting dropbear with new settings..."
347.  
348. killall dropbear
349.  
350. echo ""
351.  
352. dropbear
353.  
354. echo ""
355.  
356. echo ""; echo "Press RETURN to continue"; read return; clear
357.  
358. mount -o remount,ro /system
359.  
360. exit 0