1,3 → 1,4 |
|
#!/bin/bash |
|
# alcasar-ssh.sh |
30,12 → 31,12 |
NUM_REGEX='^[0-9]+$' |
if ! [[ $SSH_PORT =~ $NUM_REGEX ]]; |
then |
echo "The port+$SSH_PORT+is invalid" |
echo "The port $SSH_PORT is invalid" |
exit 1 |
fi |
if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ] |
then |
echo "The port+$SSH_PORT+is invalid" |
echo "The port $SSH_PORT is invalid" |
exit 1 |
fi |
;; |
62,11 → 63,11 |
exit 0 |
;; |
--off | -off) |
$NETWORK={NETWORK:="none"} |
NETWORK=${NETWORK:="none"} |
if [ $NETWORK == "wan" ] |
then |
# Editing Alcasar configuration - Deleting the port |
$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF |
$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF |
# Editing SSH configuration - Deleting any port other than 22 |
$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF |
# Applying iptables |
74,7 → 75,7 |
elif [ $NETWORK == "lan" ] |
then |
# Editing Alcasar configuration |
$SED "s/^SSH_LAN=.*/SSH_LAN=off/g" $ALCASAR_CONF |
$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
else |
81,18 → 82,7 |
echo "$usage" |
exit 0 |
fi |
# Check if LAN and WAN is off |
LAN_STATUS = `grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2` |
LAN_STATUS=${LAN_STATUS:=off} |
WAN_STATUS = `grep ^SSH_WAN= $CONF_FILE|cut -d"=" -f2` |
WAN_STATUS=${WAN_STATUS:=off} |
if [ $LAN_STATUS == off ] && [ $WAN_STATUS == off ] |
then |
$SYSTEMCTL stop sshd |
$SYSTEMCTL disable sshd |
else |
$SYSTEMCTL restart sshd |
fi |
exit 0 |
;; |
--on | -on) |
99,25 → 89,29 |
NETWORK=${NETWORK:="none"} |
if [ $NETWORK == "wan" ] |
then |
# Getting LAN IP |
LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f1` |
# Setting accepted IP in Alcasar configuration |
IP_FROM=${IP_FROM:="0.0.0.0\/0"} |
$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM g" $ALCASAR_CONF |
IP_FROM=${IP_FROM:="0.0.0.0"} |
$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF |
# Setting SSH port in Alcasar configuration |
SSH_PORT=${SSH_PORT:=22} |
$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF |
# Checking if there is already a port other than 22 set |
if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ] |
LAN_PORT =`$GREP "^SSH_LAN=" $ALCASAR_CONF | cut -d"=" -f2` |
LAN_PORT=${LAN_PORT:=0} |
# Checking if there is already a port other than the LAN port set |
if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$LAN_PORT$"` -gt 0 ] |
then |
if [ $SSH_PORT -ne 22 ] |
if [ $SSH_PORT -ne $LAN_PORT ] |
then |
# Editing SSH configuration - Changing any port other than 22 |
$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF |
# Editing SSH configuration - Changing any port other than the LAN port |
$SED "/\s$LAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF |
else |
# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used) |
$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF |
# Editing SSH configuration - Deleting any port other than the LAN port |
$SED "/^.*Port\s[0-9]*/{/\s$LAN_PORT$/!d}" $SSH_CONF |
fi |
else |
if [ $SSH_PORT -ne 22 ] |
if [ $SSH_PORT -ne $LAN_PORT ] |
then |
# Adding the new SSH port in the config |
echo "Port $SSH_PORT" >> $SSH_CONF |
127,8 → 121,36 |
/usr/local/bin/alcasar-iptables.sh |
elif [ $NETWORK == "lan" ] |
then |
# Getting WAN IP |
WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f2` |
# Setting accepted IP in Alcasar configuration |
IP_FROM=${IP_FROM:="0.0.0.0"} |
$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF |
# Editing Alcasar configuration |
$SED "s/^SSH_LAN=.*/SSH_LAN=on/g" $ALCASAR_CONF |
$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF |
# Setting SSH port in Alcasar configuration |
SSH_PORT=${SSH_PORT:=22} |
$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF |
WAN_PORT =`$GREP "^SSH_WAN=" $ALCASAR_CONF | cut -d"=" -f2` |
WAN_PORT=${WAN_PORT:=0} |
# Checking if there is already a port other than the WAN port set |
if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$WAN_PORT$"` -gt 0 ] |
then |
if [ $SSH_PORT -ne $WAN_PORT ] |
then |
# Editing SSH configuration - Changing any port other than the WAN port |
$SED "/\s$WAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF |
else |
# Editing SSH configuration - Deleting any port other than the WAN port |
$SED "/^.*Port\s[0-9]*/{/\s$WAN_PORT$/!d}" $SSH_CONF |
fi |
else |
if [ $SSH_PORT -ne $WAN_PORT ] |
then |
# Adding the new SSH port in the config |
echo "Port $SSH_PORT" >> $SSH_CONF |
fi |
fi |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
else |
135,16 → 157,7 |
echo "$usage" |
exit 0 |
fi |
# Check if sshd is enabled |
SSHD_STATUS=`systemctl is-enabled sshd` |
SSHD_STATUS=${SSHD_STATUS:=disabled} |
if [ $SSHD_STATUS == "enabled" ] |
then |
$SYSTEMCTL restart sshd |
else |
$SYSTEMCTL enable sshd |
$SYSTEMCTL restart sshd |
fi |
exit 0 |
;; |
*) |