mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-07-09 03:21:34 +00:00
25 lines
1.0 KiB
Bash
25 lines
1.0 KiB
Bash
|
#! /bin/bash
|
||
|
|
||
|
create_load_seed()
|
||
|
{
|
||
|
[[ -n $SF_SEED ]] && return
|
||
|
[[ ! -f "/config/seed/seed.txt" ]] && {
|
||
|
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||
|
}
|
||
|
SF_SEED="$(cat /config/seed/seed.txt)"
|
||
|
[[ -z $SF_SEED ]] && { echo >&2 "Failed to generated SF_SEED="; exit 254; }
|
||
|
}
|
||
|
|
||
|
[[ ! -d /sf/run/gsnc ]] && { echo >&2 "Forgot -v \${SF_SHMDIR:-/dev/shm/sf}/run/gsnc:/sf/run/gsnc?"; sleep 5; exit 253; }
|
||
|
[[ ! -d /config/seed ]] && { echo >&2 "Forgot -v config/etc/seed:/config/seed?"; sleep 5; exit 252; }
|
||
|
|
||
|
create_load_seed
|
||
|
|
||
|
# This is the GS_SECRET to get to SSHD (and gs-netcat in cleartext [-C] could be used).
|
||
|
# It can be cryptographically weak. The security is provided by SSHD.
|
||
|
GS_SECRET=$(echo -n "GS-${SF_SEED}${SF_FQDN}" | sha512sum | base64 | tr -dc '[:alpha:]' | head -c 12)
|
||
|
|
||
|
[[ ! -f /sf/run/gsnc/access-22.txt ]] && echo "${GS_SECRET}" >/sf/run/gsnc/access-22.txt
|
||
|
|
||
|
exec /gs-netcat -l -d "$1" -p 22 -s "22-${GS_SECRET}"
|