#!/bin/bash # Script to safely provide access to tech-support over-the-network. # Uses 'ssh' for connection # 'screen' for terminal screen-sharing # The COMMAND a few lines below limits tech-support's access, # so they can't have absolute control over your system without supervision # For developers: change SSH public key and name ('pritam') before sending this out to customers # Dev. usage: ssh -t user@hostname. -t (force create pty) is compulsory. # Author: Chhatoi Pritam Baral pushd $(dirname $0) &> /dev/null SCRIPTPATH=$(pwd)"/"$(basename $0) popd &> /dev/null COMMAND='command="/usr/bin/screen -rx techsupport",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1kc3MAAACBAIOxiLpVHlg4KOp3E/IaKfTWLiz2f0+hBP311TgGIPgXwOsw8QH9VGSkLlgpcrBHMbYBGAP7fvU1wTvcfZ35g0m1n8dZdMw4t0d9ULlnKLoHRWx/QV10wtnR03m3HOHaAFjlHGTE0uNX70ZWgDIMWGYUqPlbi1rktxqQko4MlsFlAAAAFQDDKG+cryPMbWTblzjEPKadVJKWUwAAAIAQNCkr218mIx9cc6wtBCBj0mSLjso8nLWprL318RS1bR5l9QsviDYVDhVfPLOtE/mwuXejbGBdWjXMBwrSq5ICHr081kG1rfuncjaRAJsP6K5E7qb79p2/xLN4eJuktz81+8Gmr0LVU0qmaScGZLr5EBkfESBDtRtyUsdnDlRzcAAAAIAshIqWaO+BPMSDbl2kl03E6mUkh1XmQCJgcu0TXdRquzC1bYc+TDjHZJ7t6wdF2A701OgNx/+2FTAfGxiHDnV4ZeafIlwRuvnTzWk8Td0fGhHelWSxTLEfBVX5MV6xkQvyiTyFUlRJWIlWtxVELBKkDUbbzD2Jy7KLZY3Ui2ddPg== pritam@Pritam-ArchVaio' which ssh &> /dev/null if [ $? -ne 0 ] then echo "You need to install ssh" echo "Typically, that is done by running this:" echo '"sudo apt-get install ssh"' exit fi if [ ! -d "~/.ssh/" ] then mkdir -p ~/.ssh chmod 700 ~/.ssh fi grep 'pritam@Pritam-ArchVaio' ~/.ssh/authorized_keys &> /dev/null if [ $? -ne 0 ] then echo $COMMAND >> ~/.ssh/authorized_keys fi which screen &> /dev/null if [ $? -ne 0 ] then echo "You need to install screen" echo "Typically, that is done by running this:" echo '"sudo apt-get install screen"' exit fi # Check to see if a session is already active screen -ls | grep -c techsupport &> /dev/null if [ $? -ne 0 ] then screen -S techsupport sh -c "$SCRIPTPATH; bash -i "&> /dev/null sed -i "/techsupport/d" ~/.ssh/authorized_keys exit fi echo -e "\nAll set. Tell pritam to connect\n" echo "He'll need the following info" echo "username:" $(whoami) echo "IP addresses" $(ip addr show | grep -o 'inet [0-9.]*' | grep -o '[0-9.]*') echo # Alert user if session is active, but this is not the session echo $STY | grep techsupport &> /dev/null if [ $? -ne 0 ] then echo "Screen is already running, but elsewhere." echo "If you know where, switch to it." echo "If you don't, run the following to see the screen" echo echo "screen -rx techsupport" echo fi