free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Configure an onion address for ssh access

Bob Mottram 9 years ago
parent
2e07170372
commit
56df44afc8
49 changed files with 36 additions and 0 deletions
Split View Show Diff Stats
  1. BIN
      locale/de/freedombone-addcert.mo
  2. BIN
      locale/de/freedombone-addsipuser.mo
  3. BIN
      locale/de/freedombone-adduser.mo
  4. BIN
      locale/de/freedombone-clientcert.mo
  5. BIN
      locale/de/freedombone-config.mo
  6. BIN
      locale/de/freedombone-controlpanel.mo
  7. BIN
      locale/de/freedombone-image.mo
  8. BIN
      locale/de/freedombone-keydrive.mo
  9. BIN
      locale/de/freedombone-meshweb.mo
  10. BIN
      locale/de/freedombone-recoverkey.mo
  11. BIN
      locale/de/freedombone-remote.mo
  12. BIN
      locale/de/freedombone-renew-cert.mo
  13. BIN
      locale/de/freedombone-rmsipuser.mo
  14. BIN
      locale/de/freedombone-sec.mo
  15. BIN
      locale/de/freedombone-splitkey.mo
  16. BIN
      locale/de/freedombone.mo
  17. BIN
      locale/es/freedombone-addcert.mo
  18. BIN
      locale/es/freedombone-addsipuser.mo
  19. BIN
      locale/es/freedombone-adduser.mo
  20. BIN
      locale/es/freedombone-clientcert.mo
  21. BIN
      locale/es/freedombone-config.mo
  22. BIN
      locale/es/freedombone-controlpanel.mo
  23. BIN
      locale/es/freedombone-image.mo
  24. BIN
      locale/es/freedombone-keydrive.mo
  25. BIN
      locale/es/freedombone-meshweb.mo
  26. BIN
      locale/es/freedombone-recoverkey.mo
  27. BIN
      locale/es/freedombone-remote.mo
  28. BIN
      locale/es/freedombone-renew-cert.mo
  29. BIN
      locale/es/freedombone-rmsipuser.mo
  30. BIN
      locale/es/freedombone-sec.mo
  31. BIN
      locale/es/freedombone-splitkey.mo
  32. BIN
      locale/es/freedombone.mo
  33. BIN
      locale/fr/freedombone-addcert.mo
  34. BIN
      locale/fr/freedombone-addsipuser.mo
  35. BIN
      locale/fr/freedombone-adduser.mo
  36. BIN
      locale/fr/freedombone-clientcert.mo
  37. BIN
      locale/fr/freedombone-config.mo
  38. BIN
      locale/fr/freedombone-controlpanel.mo
  39. BIN
      locale/fr/freedombone-image.mo
  40. BIN
      locale/fr/freedombone-keydrive.mo
  41. BIN
      locale/fr/freedombone-meshweb.mo
  42. BIN
      locale/fr/freedombone-recoverkey.mo
  43. BIN
      locale/fr/freedombone-remote.mo
  44. BIN
      locale/fr/freedombone-renew-cert.mo
  45. BIN
      locale/fr/freedombone-rmsipuser.mo
  46. BIN
      locale/fr/freedombone-sec.mo
  47. BIN
      locale/fr/freedombone-splitkey.mo
  48. BIN
      locale/fr/freedombone.mo
  49. 36
    0
      src/freedombone

BIN
locale/de/freedombone-addcert.mo View File


BIN
locale/de/freedombone-addsipuser.mo View File


BIN
locale/de/freedombone-adduser.mo View File


BIN
locale/de/freedombone-clientcert.mo View File


BIN
locale/de/freedombone-config.mo View File


BIN
locale/de/freedombone-controlpanel.mo View File


BIN
locale/de/freedombone-image.mo View File


BIN
locale/de/freedombone-keydrive.mo View File


BIN
locale/de/freedombone-meshweb.mo View File


BIN
locale/de/freedombone-recoverkey.mo View File


BIN
locale/de/freedombone-remote.mo View File


BIN
locale/de/freedombone-renew-cert.mo View File


BIN
locale/de/freedombone-rmsipuser.mo View File


BIN
locale/de/freedombone-sec.mo View File


BIN
locale/de/freedombone-splitkey.mo View File


BIN
locale/de/freedombone.mo View File


BIN
locale/es/freedombone-addcert.mo View File


BIN
locale/es/freedombone-addsipuser.mo View File


BIN
locale/es/freedombone-adduser.mo View File


BIN
locale/es/freedombone-clientcert.mo View File


BIN
locale/es/freedombone-config.mo View File


BIN
locale/es/freedombone-controlpanel.mo View File


BIN
locale/es/freedombone-image.mo View File


BIN
locale/es/freedombone-keydrive.mo View File


BIN
locale/es/freedombone-meshweb.mo View File


BIN
locale/es/freedombone-recoverkey.mo View File


BIN
locale/es/freedombone-remote.mo View File


BIN
locale/es/freedombone-renew-cert.mo View File


BIN
locale/es/freedombone-rmsipuser.mo View File


BIN
locale/es/freedombone-sec.mo View File


BIN
locale/es/freedombone-splitkey.mo View File


BIN
locale/es/freedombone.mo View File


BIN
locale/fr/freedombone-addcert.mo View File


BIN
locale/fr/freedombone-addsipuser.mo View File


BIN
locale/fr/freedombone-adduser.mo View File


BIN
locale/fr/freedombone-clientcert.mo View File


BIN
locale/fr/freedombone-config.mo View File


BIN
locale/fr/freedombone-controlpanel.mo View File


BIN
locale/fr/freedombone-image.mo View File


BIN
locale/fr/freedombone-keydrive.mo View File


BIN
locale/fr/freedombone-meshweb.mo View File


BIN
locale/fr/freedombone-recoverkey.mo View File


BIN
locale/fr/freedombone-remote.mo View File


BIN
locale/fr/freedombone-renew-cert.mo View File


BIN
locale/fr/freedombone-rmsipuser.mo View File


BIN
locale/fr/freedombone-sec.mo View File


BIN
locale/fr/freedombone-splitkey.mo View File


BIN
locale/fr/freedombone.mo View File


+ 36
- 0
src/freedombone View File 

@@ -86,6 +86,7 @@ INSTALLING_FROM_CONFIGURATION_FILE="no"
86 86 
 CONFIGURATION_FILE="${PROJECT_NAME}.cfg"
87 87
88 88 
 SSH_PORT=2222
89 
+SSH_ONION_PORT=8094
89 90 
 IRC_PORT=6697
90 91
91 92 
 # An optional password to log into IRC. This applies to all users
 
@@ -3680,6 +3681,40 @@ function configure_ssh {
3680 3681 
     echo 'configure_ssh' >> $COMPLETION_FILE
3681 3682 
 }
3682 3683
3684 
+function configure_ssh_onion {
3685 
+    if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
3686 
+        return
3687 
+    fi
3688 
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
3689 
+        return
3690 
+    fi
3691 
+
3692 
+    if [ ! -d /var/lib/tor ]; then
3693 
+        echo $'No Tor installation found. ssh onion domain cannot be configured.'
3694 
+        exit 32672
3695 
+    fi
3696 
+    if ! grep -q "hidden_service_ssh" /etc/tor/torrc; then
3697 
+        echo 'HiddenServiceDir /var/lib/tor/hidden_service_ssh/' >> /etc/tor/torrc
3698 
+        echo "HiddenServicePort ${SSH_PORT} 127.0.0.1:${SSH_ONION_PORT}" >> /etc/tor/torrc
3699 
+        echo $'Added onion domain for ssh'
3700 
+    fi
3701 
+
3702 
+    systemctl restart tor
3703 
+
3704 
+    if [ ! -f /var/lib/tor/hidden_service_ssh/hostname ]; then
3705 
+        echo $'ssh onion domain hostname not found'
3706 
+        exit 62983
3707 
+    fi
3708 
+    SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)
3709 
+    if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
3710 
+        echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
3711 
+    else
3712 
+        sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
3713 
+    fi
3714 
+
3715 
+    echo 'configure_ssh_onion' >> $COMPLETION_FILE
3716 
+}
3717 
+
3683 3718 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
3684 3719 
 function ssh_remove_small_moduli {
3685 3720 
     awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
 
@@ -9712,6 +9747,7 @@ time_synchronisation
9712 9747 
 configure_internet_protocol
9713 9748 
 create_git_project
9714 9749 
 configure_ssh
9750 
+configure_ssh_onion
9715 9751 
 remove_instructions_from_motd
9716 9752 
 check_hwrng
9717 9753 
 search_for_attached_usb_drive