PMISuite/BackTunnel
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update default mount point to $HOME/remote-rssh for consistency, and introduce backtunnel-auth-setup script for restricted SFTP-only key management. Update docs, scripts, and uninstall/install logic to reflect changes. Ensure robust handling of user-specified mount points in backtunnel-access.

Browse Source
This commit is contained in:
Matjaž Mozetič
2025-09-20 10:49:45 +02:00
parent c46a1da405
commit 85e73ca4da
9 changed files with 144 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/backtunnel-share
View File

@@ -64,7 +64,7 @@ profile_apply_defaults() { # set globals if unset; named overrides default
# defaults
v="$(ini_get default tunnel_port)"; [[ -n "$v" && "${TUNNEL_PORT}" == "2222" ]] && TUNNEL_PORT="$v"
v="$(ini_get default local_ssh_port)"; [[ -n "$v" && "${LOCAL_SSH_PORT}" == "22" ]] && LOCAL_SSH_PORT="$v"
v="$(ini_get default invite_mount)"; [[ -n "$v" && "${INVITE_MOUNT}" == "/mnt/remote-rssh" ]] && INVITE_MOUNT="$v"
v="$(ini_get default invite_mount)"; [[ -n "$v" && "${INVITE_MOUNT}" == "$HOME/remote-rssh" ]] && INVITE_MOUNT="$v"
v="$(ini_get default invite)"; [[ "${v,,}" == "true" ]] && INVITE=true
v="$(ini_get default qr)"; [[ "${v,,}" == "true" ]] && QR=true
if [[ -z "$DURATION" ]]; then
@@ -84,7 +84,7 @@ LOCAL_SSH_PORT=22 # local sshd port to forward to
DURATION="" # required: e.g. 30m, 2h, 1d
INVITE=false # print a ready-to-copy access command
INVITE_MOUNT="/mnt/remote-rssh"
INVITE_MOUNT="$HOME/remote-rssh"
INVITE_FILE=""
QR=false # render invite as terminal QR (requires qrencode)
@@ -214,19 +214,30 @@ echo
# --- print invite (optional) ---
if $INVITE; then
INVITE_CMD="backtunnel-access '${FOLDER}' from ${REMOTE_USER}@${REMOTE_HOST} -p ${TUNNEL_PORT} -m '${INVITE_MOUNT}'"
# Also provide a one-time auth bootstrap that installs a restricted, tunnel-only SFTP key
AUTH_CMD="backtunnel-auth-setup -p ${TUNNEL_PORT} ${REMOTE_USER}@localhost"
INVITE_TEXT=$(
cat <<EOT
# Paste this on the REMOTE host (or SSH there first, then paste):
cat <<EOT
# 1) (one-time) install a tunnel-only, SFTP-only key via the reverse tunnel:
${AUTH_CMD}
# 2) mount the share:
${INVITE_CMD}
# Unmount when done:
# (use the one available on your system)
fusermount -u '${INVITE_MOUNT}' || fusermount3 -u '${INVITE_MOUNT}'
EOT
)
)
echo "🔗 Invite (copy to chat):"
echo "------------------------------------------------------------"
echo "${AUTH_CMD}"
echo "${INVITE_CMD}"
echo "------------------------------------------------------------"
if [[ -n "${INVITE_FILE}" ]]; then
printf "%s\n" "${INVITE_TEXT}" > "${INVITE_FILE}"
echo "Saved invite to: ${INVITE_FILE}"