diff --git a/awit-ssh b/awit-ssh index 3c1bde49493b1890f7c18bd76aa0ed18e7ae7550..8a7ab4d417b3925c8a52358404b2683ff4e56a3c 100755 --- a/awit-ssh +++ b/awit-ssh @@ -50,7 +50,7 @@ use User::pwent; my $NAME = "AWIT-SSH-Client"; -our $VERSION = "0.5.0"; +our $VERSION = "0.6.0"; print(STDERR "$NAME v$VERSION - Copyright (c) 2016, AllWorldIT\n\n"); @@ -67,6 +67,8 @@ GetOptions(\%optctl, "debug", "knock=s", + + "rsync", ) or exit 1; # Check for help @@ -81,6 +83,13 @@ if (defined($optctl{'version'})) { exit 0; } +# Check if we using rsync instead of SSH +my $useRsync = 0; +my @rsyncParams; +if (defined(my $rsyncHost = $optctl{'rsync'})) { + $useRsync = $rsyncHost; +} + # Check if we should be doing port knocking my ($knockHost,$knockPort); if (defined(my $knock = $optctl{'knock'})) { @@ -97,7 +106,33 @@ if (defined(my $knock = $optctl{'knock'})) { my $loginUsername; # Pull in hostname -my $hostSpec = shift(@ARGV) // ""; +my $hostSpec; +if ($useRsync) { + foreach my $param (@ARGV) { + # Look for the remote:// param + if ($param =~ /remote:\/\//) { + # Remove it and set the hostSpec + my $removedTag = substr($param,9); + # Assing hostSpec to the first part of the tag + ($hostSpec) = split(/[\/:]/,$removedTag); + # Change first / to a :/ + $removedTag =~ s,/,:/,; + push(@rsyncParams,$removedTag); + # Else just add it + } else { + push(@rsyncParams,$param); + } + } + # Make sure we got a hostSpec + if (!defined($hostSpec)) { + logger('ERROR',color('magenta')."awit-ssh --rsync needs a remote://SERVER.... to be specified on the command line". + color('reset')); + exit 1; + } + +} else { + $hostSpec = shift(@ARGV) // ""; +} my ($loginHost,$loginPort) = split(':',$hostSpec); if (defined($loginHost)) { # Suck in username if specified @@ -524,16 +559,34 @@ if (defined($forwardSocket)) { logger('NOTICE',"Connecting to host '".color('green')."$forwardHost".color('reset')."'" . (defined($forwardPort) ? " on port '".color('green')."$forwardPort".color('reset')."'" : "") . "...\n\n\n"); - # Fire up ssh - system('/usr/bin/ssh', - @sshArgs, - # Override where we connecting to - '-o',"ProxyCommand=nc -U $forwardSocket", - # Explicitly disable control master - '-o','ControlMaster=no', - $realLoginHost - ); - + # Check what operation we're doing + if ($useRsync) { + # Build SSH command + my $sshCmd = join(' ','/usr/bin/ssh', + @sshArgs, + # Override where we connecting to + '-o',"ProxyCommand=\"nc -U $forwardSocket\"", + # Explicitly disable control master + '-o','ControlMaster=no', + ); + # Run rsync + system('/usr/bin/rsync', + '-e',$sshCmd, + @rsyncParams + ); + + # Normal SSH + } else { + # Fire up SSH + system('/usr/bin/ssh', + @sshArgs, + # Override where we connecting to + '-o',"ProxyCommand=nc -U $forwardSocket", + # Explicitly disable control master + '-o','ControlMaster=no', + $realLoginHost + ); + } # Unlink socket and unset it to designate we exited normally unlink($forwardSocket); @@ -564,13 +617,31 @@ if (defined($forwardSocket)) { push(@sshArgs,'-p',$loginPort); } - system('/usr/bin/ssh', - @sshArgs, - # Use basic compression - '-o','Compression=yes', - '-o','CompressionLevel=1', - $loginHost - ); + # Check what operation we're doing + if ($useRsync) { + # Build SSH command + my $sshCmd = join(' ','/usr/bin/ssh', + @sshArgs, + # Use basic compression + '-o','Compression=yes', + '-o','CompressionLevel=1' + ); + # Run rsync + system('/usr/bin/rsync', + '-e',$sshCmd, + @rsyncParams + ); + + # Normal SSH + } else { + system('/usr/bin/ssh', + @sshArgs, + # Use basic compression + '-o','Compression=yes', + '-o','CompressionLevel=1', + $loginHost + ); + } } @@ -636,11 +707,17 @@ sub displayHelp { print(STDERR< [USER@]HOST + $0 --rsync -- remote://[USER@]HOST/file.name /tmp General Options: --help What you're seeing now. --version Display version. - --debug Enable debugging. + + Secure Copy: (using rsync) + --rsync Run rsync instead of ssh, passing all + command line parameters after the host + to it. HOST is used for searching + LDAP. Port Knocking: --knock HOST:PORT Port knock a host to get access.