segfault/gsnc/sf-gsnc.sh

#! /bin/bash

create_load_seed()
{
	[[ -n $SF_SEED ]] && return
	[[ ! -f "/config/host/etc/seed/seed.txt" ]] && {
		head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/host/etc/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
	}
	SF_SEED="$(cat /config/host/etc/seed/seed.txt)"
	[[ -z $SF_SEED ]] && { echo >&2 "Failed to generated SF_SEED="; exit 254; }
}

[[ ! -d /config/guest ]] && { echo >&2 "Forgot -v \${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest?"; sleep 5; exit 253; }
[[ ! -d /config/host/etc/seed ]] && { echo >&2 "Forgot -v config/etc/seed:/config/host/etc/seed?"; sleep 5; exit 252; }

create_load_seed

ip route del default
ip route add default via 172.22.0.254

# This is the GS_SECRET to get to SSHD (and gs-netcat in cleartext [-C] could be used).
# It can be cryptographically weak. The security is provided by SSHD. 
GS_SECRET=$(echo -n "GS-${SF_SEED}${SF_FQDN}" | sha512sum | base64 | tr -dc '[:alpha:]' | head -c 12)

[[ ! -f /config/guest/gsnc-access-22.txt ]] && echo "${GS_SECRET}" >/config/guest/gsnc-access-22.txt

exec /gs-netcat -l -d "$1" -p 22 -s "22-${GS_SECRET}"
gsnc 2022-07-28 16:19:00 +00:00			`#! /bin/bash`

			`create_load_seed()`
			`{`
			`[[ -n $SF_SEED ]] && return`
cleanup 2022-09-18 11:42:52 +00:00			`[[ ! -f "/config/host/etc/seed/seed.txt" ]] && {`
			`head -c 1024 /dev/urandom \| tr -dc '[:alpha:]' \| head -c 32 >/config/host/etc/seed/seed.txt \|\| { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }`
gsnc 2022-07-28 16:19:00 +00:00			`}`
cleanup 2022-09-18 11:42:52 +00:00			`SF_SEED="$(cat /config/host/etc/seed/seed.txt)"`
gsnc 2022-07-28 16:19:00 +00:00			`[[ -z $SF_SEED ]] && { echo >&2 "Failed to generated SF_SEED="; exit 254; }`
			`}`

sshfs & sftp. Restricted server. FW 2022-09-09 14:19:46 +00:00			`[[ ! -d /config/guest ]] && { echo >&2 "Forgot -v \${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest?"; sleep 5; exit 253; }`
cleanup 2022-09-18 11:42:52 +00:00			`[[ ! -d /config/host/etc/seed ]] && { echo >&2 "Forgot -v config/etc/seed:/config/host/etc/seed?"; sleep 5; exit 252; }`
gsnc 2022-07-28 16:19:00 +00:00
			`create_load_seed`

DMZ TC and isolation 2022-08-09 13:05:52 +00:00			`ip route del default`
			`ip route add default via 172.22.0.254`

gsnc 2022-07-28 16:19:00 +00:00			`# This is the GS_SECRET to get to SSHD (and gs-netcat in cleartext [-C] could be used).`
			`# It can be cryptographically weak. The security is provided by SSHD.`
			`GS_SECRET=$(echo -n "GS-${SF_SEED}${SF_FQDN}" \| sha512sum \| base64 \| tr -dc '[:alpha:]' \| head -c 12)`

sshfs & sftp. Restricted server. FW 2022-09-09 14:19:46 +00:00			`[[ ! -f /config/guest/gsnc-access-22.txt ]] && echo "${GS_SECRET}" >/config/guest/gsnc-access-22.txt`
gsnc 2022-07-28 16:19:00 +00:00
			`exec /gs-netcat -l -d "$1" -p 22 -s "22-${GS_SECRET}"`