From 375c8f747a1fd9947f18c6aa480bf42585788967 Mon Sep 17 00:00:00 2001 From: Dmitriy Kruglikov Date: Mon, 2 Apr 2012 17:19:18 +0300 Subject: [PATCH] Ready for testing --- autosshd.spec | 33 +++++++++++++++++++------- autosshd/doc/README | 6 +++++ autosshd/etc/rc.d/init.d/autosshd | 49 +++++++++++++++++++++------------------ autosshd/etc/sysconfig/autosshd | 46 +++++++++++++++++++++++++++++++++--- 4 files changed, 101 insertions(+), 33 deletions(-) create mode 100644 autosshd/doc/README diff --git a/autosshd.spec b/autosshd.spec index 0eb4ab3..11c4709 100644 --- a/autosshd.spec +++ b/autosshd.spec @@ -2,9 +2,9 @@ Name: autosshd Version: 0.0.1 -Release: alt1 +Release: alt2 -Summary: System administration - AutSSH daemon +Summary: System administration - AutoSSH system level service Group: System/Servers License: GPL Url: http://etersift.ru @@ -16,11 +16,14 @@ BuildArch: noarch PreReq: pwgen shadow-utils openssh-common +Requires: autossh + %description Run autossh as system service at startup %define autossh_user _autossh %define autossh_group _autossh +%define name autosshd %prep %setup -n autosshd @@ -28,9 +31,12 @@ Run autossh as system service at startup %install mkdir -p %buildroot%_initdir mkdir -p %buildroot%_sysconfdir/sysconfig +mkdir -p %buildroot/var/run/%name mkdir -p %buildroot/var/lib/autosshd/.ssh -install -m 644 etc/rc.d/init.d/autosshd %buildroot%_initdir/autosshd -install -m 644 etc/sysconfig/autosshd %buildroot%_sysconfdir/sysconfig/autosshd +mkdir -p %buildroot%_docdir/%name +install -D -m644 doc/README %buildroot%_docdir/%name/ +install -D -m750 etc/rc.d/init.d/autosshd %buildroot%_initdir/autosshd +install -D -m644 etc/sysconfig/autosshd %buildroot%_sysconfdir/sysconfig/autosshd %pre @@ -38,9 +44,13 @@ install -m 644 etc/sysconfig/autosshd %buildroot%_sysconfdir/sysconfig/autosshd %_sbindir/groupadd -r -f %autossh_group 2>/dev/null ||: %_sbindir/useradd -r -g %autossh_group -c 'Autossh daemon' \ -s /dev/null -d /var/lib/autosshd %autossh_user 2>/dev/null ||: -%_sbindir/usermod -p `pwgen -s 24 1` - -/usr/bin/ssh-keygen -t dsa -b 4096 -C "AutoSSH daemon" -N "" -q -f /var/lib/autosshd/.ssh/autosshd_dsa +%_sbindir/usermod -p `pwgen -s 24 1` %autossh_user +mkdir -p /var/lib/autosshd/.ssh +/usr/bin/ssh-keygen -t dsa -b 4096 -C "AutoSSH daemon" -N "" -q -f /var/lib/autosshd/.ssh/id_dsa +echo "StrictHostKeyChecking no" > /var/lib/autosshd/.ssh/config +cp /var/lib/autosshd/.ssh/id_dsa.pub /var/lib/autosshd/.ssh/authorized_keys +chown -R %autossh_user:%autossh_group /var/lib/autosshd/ +chown %autossh_user:%autossh_group /var/run/autosshd/ %post %post_service %name @@ -51,8 +61,15 @@ install -m 644 etc/sysconfig/autosshd %buildroot%_sysconfdir/sysconfig/autosshd %files %_initdir/* %config(noreplace) %_sysconfdir/sysconfig/autosshd -%dir /var/lib/autosshd/.ssh/ +%dir /var/lib/autosshd +%dir /var/run/%name +%dir %_docdir/%name +%_docdir/%name/* +%attr(0644,root,root) %_docdir/%name/README %changelog +* Tue Apr 03 2012 Dmitriy Kruglikov 0.0.1-alt2 +- Ready for testing + * Mon Apr 02 2012 Dmitriy Kruglikov 0.0.1-alt1 - Initial draft diff --git a/autosshd/doc/README b/autosshd/doc/README new file mode 100644 index 0000000..d9200e9 --- /dev/null +++ b/autosshd/doc/README @@ -0,0 +1,6 @@ +1) Для успешного соединения создайте на удаленном сервере пользователя (_autossh) и +добавьте строку вида +no-agent-forwarding,command="echo 'This is connection to Etersoft server'; tail -f /dev/null" ssh-dss ... +с соответствующим ключем. +2) Укажите параметры подключения (пользователь, сервер, порт) в /etc/sysconfig/autosshd +3) Старт-стоп-статус, как для обычного сервера. diff --git a/autosshd/etc/rc.d/init.d/autosshd b/autosshd/etc/rc.d/init.d/autosshd index b38bc07..06db77e 100755 --- a/autosshd/etc/rc.d/init.d/autosshd +++ b/autosshd/etc/rc.d/init.d/autosshd @@ -1,34 +1,43 @@ #!/bin/sh # -# autosshd autossh system service +# autosshd autossh system service +# +# chkconfig: 2345 30 60 +# +# description: autosshd run autossh as system service +# +# processname: autossh # WITHOUT_RC_COMPAT=1 # Source function library. -. /etc/rc.d/init.d/functions +. /etc/init.d/functions + +SourceIfExists /etc/sysconfig/autosshd LOCKFILE=/var/lock/subsys/autosshd -PIDFILE=/var/run/autosshd.pid +PIDFILE=/var/run/autosshd/autossh.pid RETVAL=0 -SourceIfExists /etc/sysconfig/autosshd start() { - start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _autosshd --name autosshd -- autossh ${OPTIONS} - RETVAL=$? - return $RETVAL - + start_daemon --pidfile "$PIDFILE" --make-pidfile --lockfile "$LOCKFILE" --user _autossh --name autossh -- autossh ${AUTOSSH_OPTIONS} + RETVAL=$? + sleep 2 + ps ax | grep autossh: | grep -v grep | awk {'print $1'} > "$PIDFILE" + return $RETVAL } stop() { - stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _autossh --name autossh -- autossh - RETVAL=$? - return $RETVAL + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _autossh --name autossh -- autossh + RETVAL=$? + rm -f "$PIDFILE" + return $RETVAL } restart() @@ -38,33 +47,29 @@ restart() start } -status() -{ - return 0 -} - case "$1" in start) - start + start ;; stop) - stop + stop ;; restart|reload) - restart + restart ;; condstop) if [ -e "$LOCKFILE" ]; then - stop + stop fi ;; condrestart|condreload) if [ -e "$LOCKFILE" ]; then - restart + restart fi ;; status) - status + status --pidfile "$PIDFILE" --name autossh -- autossh + RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" diff --git a/autosshd/etc/sysconfig/autosshd b/autosshd/etc/sysconfig/autosshd index 18d1a30..e79854d 100644 --- a/autosshd/etc/sysconfig/autosshd +++ b/autosshd/etc/sysconfig/autosshd @@ -1,14 +1,54 @@ +#usage: autossh [-V] [-M monitor_port[:echo_port]] [-f] [SSH_OPTIONS] +# +# -M specifies monitor port. May be overridden by environment +# variable AUTOSSH_PORT. 0 turns monitoring loop off. +# Alternatively, a port for an echo service on the remote +# machine may be specified. (Normally port 7.) +# -f run in background (autossh handles this, and does not pass it to ssh.) +# -V print autossh version and exit. +# +#Environment variables are: +# AUTOSSH_LOGLEVEL - level of log verbosity +AUTOSSH_LOGLEVEL=4 + +# AUTOSSH_MESSAGE - message to append to echo string (max 64 bytes) +# AUTOSSH_PIDFILE - write pid to this file +# AUTOSSH_FIRST_POLL - time before first connection check (seconds) +# + +# AUTOSSH_POLL - how often to check the connection (seconds) #AUTOSSH_POLL=600 +# AUTOSSH_PORT - port to use for monitor connection #AUTOSSH_PORT=20000 +# AUTOSSH_GATETIME - how long must an ssh session be established +# before we decide it really was established +# (in seconds). Default is 30 seconds; use of -f +# flag sets this to 0. #AUTOSSH_GATETIME=30 +# AUTOSSH_LOGFILE - file to log to (default is to use the syslog facility) #AUTOSSH_LOGFILE=$HOST.log -#AUTOSSH_DEBUG=yes + +# AUTOSSH_DEBUG - turn logging to maximum verbosity and log to stderr +AUTOSSH_DEBUG=yes + +# AUTOSSH_PATH - path to ssh if not default #AUTOSSH_PATH=/usr/local/bin/ssh -#USER=_autossh + +AUTOSSH_USER=_autossh + +# AUTOSSH_MAXSTART - max times to restart (default is no limit) +AUTOSSH_MAXSTART=100 + +# AUTOSSH_MAXLIFETIME - set the maximum time to live (seconds) + +AUTOSSH_PIDFILE=/var/run/autosshd/autossh.pid +AUTOSSH_LOGFILE=/var/lib/autosshd/autosshd.log HOST=127.0.0.1 +#HOST=10.9.8.3 +USER=_autossh LOCAL_PORT=22 REMOTE_PORT=2200 MON_INTERVAL=20000 -OPTIONS=" autossh -2 -fN -M ${MON_INTERVAL} -R ${REMOTE_PORT}:localhost:${LOCAL_PORT} ${USER}@${HOST}" +AUTOSSH_OPTIONS=" -M ${MON_INTERVAL} -R ${REMOTE_PORT}:localhost:${LOCAL_PORT} -f ${AUTOSSH_USER}@${HOST}" -- 2.11.4.GIT