Add backtunnel-umount script, host key policy support, and extend TUI/CLI integration

Introduce `backtunnel-umount` as a portable unmount helper, preferring `fusermount3`, `fusermount`, or `umount`. Add `BACKTUNNEL_HOSTKEY_POLICY` for configurable host key handling in `backtunnel-share` and `backtunnel-access`. Update TUIs for remote folder prompts and mount point handling. Enhance bash completion for TUI commands with directory suggestions. Revamp terminal selection logic in `backtunnel-open-term` to prioritize modern emulators like wezterm. Extend tests with scaffolds for host key policy and unmount behavior. Update README with new scripts, workflows, features, and troubleshooting tips.
2025-09-21 18:56:15 +02:00
parent 0e82955af5
commit ae8ab9a7e0
9 changed files with 344 additions and 49 deletions
--- a/scripts/backtunnel-access
+++ b/scripts/backtunnel-access
@@ -41,6 +41,13 @@ set -euo pipefail
 PORT=2222
 MOUNTPOINT="$HOME/remote-rssh"

+# Host key checking policy: env BACKTUNNEL_HOSTKEY_POLICY = yes|no|ask|accept-new (default: accept-new)
+HKP="${BACKTUNNEL_HOSTKEY_POLICY:-accept-new}"
+case "$HKP" in
+  yes|no|ask|accept-new) ;;
+  *) HKP="accept-new" ;;
+esac
+
 usage() {
  echo "Usage: $0 /path/to/folder from remoteuser:remotehost [-p PORT] [-m MOUNTPOINT]" >&2
  exit 1
@@ -151,7 +158,7 @@ if [[ -f "$HOME/.ssh/id_ed25519_backtunnel" ]]; then
  SFTP_ID_OPTS+=( -o IdentityFile="$HOME/.ssh/id_ed25519_backtunnel" -o IdentitiesOnly=yes )
 fi

-if ! ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new \
+if ! ssh -o BatchMode=yes -o StrictHostKeyChecking="$HKP" \
        -p "$PORT" "${SSH_IDENTITY_OPTS[@]}" "$REMOTE_USER@localhost" true 2>/dev/null; then  cat >&2 <<EOF
 ⚠️  Passwordless auth not set for $REMOTE_USER@localhost:$PORT.
    You can initialize a tunnel-only, SFTP-only key with:
@@ -164,14 +171,14 @@ fi
 echo "Checking remote path visibility via SFTP ..."

 # Purpose: quick sanity check that the target path is visible over SFTP before mounting.
-if ! sftp -q -P "$PORT" -o StrictHostKeyChecking=accept-new "${SFTP_ID_OPTS[@]}" \
+if ! sftp -q -P "$PORT" -o StrictHostKeyChecking="$HKP" "${SFTP_ID_OPTS[@]}" \
         "$REMOTE_USER@localhost" <<< "ls -1 \"$FOLDER\"" >/dev/null 2>&1; then
  echo "⚠️  Remote path '$FOLDER' not listable via SFTP. It may not exist or permissions deny access." >&2
  echo "    Proceeding to mount; sshfs may fail if the path is invalid." >&2
 fi

 # Build ssh command used by sshfs (adds keepalive/connect-timeout, identity if present).
-SSH_CMD="ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new"
+SSH_CMD="ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=$HKP"
 # If identity options are present, append them to SSH_CMD
 if [[ ${#SSH_IDENTITY_OPTS[@]} -gt 0 ]]; then
  # Join array safely
@@ -190,4 +197,4 @@ sshfs \
  -- "$REMOTE_USER@localhost:$FOLDER" "$MOUNTPOINT"

 echo "✅ Mounted at: $MOUNTPOINT"
-echo "To unmount:   fusermount -u \"$MOUNTPOINT\" || fusermount3 -u \"$MOUNTPOINT\""
+echo "To unmount:   backtunnel-umount \"$MOUNTPOINT\""
--- a/scripts/backtunnel-access-tui
+++ b/scripts/backtunnel-access-tui
@@ -47,6 +47,13 @@ REMOTE="${REMOTE:-user@vps.example.com}"
 read -r -p "Tunnel port on remote [2222]: " PORT
 PORT="${PORT:-2222}"

+# Ask for the remote folder that should be mounted (first positional of backtunnel-access)
+read -r -p "Remote folder path to mount [~/]: " FOLDER
+FOLDER="${FOLDER:-~/}"
+if [[ "$FOLDER" == "~" ]]; then
+  FOLDER="~/"
+fi
+
 read -r -p "Mount point [${DEFAULT_MP}]: " MP
 MP="${MP:-$DEFAULT_MP}"

@@ -62,7 +69,7 @@ if [[ ! -w "$MP" ]]; then
 fi

 echo
-echo "Running: backtunnel-access '<remote-folder>' from '$REMOTE' -p '$PORT' -m '$MP'"
-echo "Note: you'll be prompted on the remote for the exact folder (as per your workflow)."
+echo "Running: backtunnel-access '${FOLDER}' from '${REMOTE}' -p '${PORT}' -m '${MP}'"
+echo "Note: the folder is accessed via SFTP on the remote through the reverse tunnel."
 # Replace this process with backtunnel-access (no return to this script after exec)
-exec backtunnel-access "$MP" from "$REMOTE" -p "$PORT" -m "$MP"
+exec backtunnel-access "$FOLDER" from "$REMOTE" -p "$PORT" -m "$MP"
--- a/scripts/backtunnel-open-term
+++ b/scripts/backtunnel-open-term
@@ -78,7 +78,8 @@ cmd=( "$@" )
    if [[ -n "${KDE_FULL_SESSION:-}" ]] && command -v konsole >/dev/null 2>&1; then
      echo "konsole"; return
    fi
-    for t in kitty alacritty kgx gnome-terminal tilix xfce4-terminal konsole xterm; do
+    # Prefer widely used modern terminals first when not on KDE
+    for t in wezterm kitty alacritty kgx gnome-terminal tilix xfce4-terminal konsole xterm; do
      if command -v "$t" >/dev/null 2>&1; then echo "$t"; return; fi
    done
    echo ""  # none
@@ -101,6 +102,7 @@ cmd=( "$@" )
  # Run command in terminal (use hold/noclose if supported)
  case "$term" in
    konsole)         exec konsole --noclose -e "${cmd[@]}" ;;
+    wezterm)         exec wezterm start -- "${cmd[@]}" ;;
    kitty)           exec kitty -e "${cmd[@]}" ;;
    alacritty)       exec alacritty -e "${cmd[@]}" ;;
    gnome-terminal)  exec gnome-terminal -- bash -lc "exec $shell_cmd" ;;
--- a/scripts/backtunnel-share
+++ b/scripts/backtunnel-share
@@ -75,6 +75,13 @@

 set -euo pipefail

+# Host key checking policy: env BACKTUNNEL_HOSTKEY_POLICY = yes|no|ask|accept-new (default: accept-new)
+HKP="${BACKTUNNEL_HOSTKEY_POLICY:-accept-new}"
+case "$HKP" in
+  yes|no|ask|accept-new) ;;
+  *) HKP="accept-new" ;;
+esac
+
 # ----------------------------
 # Config discovery
 # Purpose: choose the highest-precedence profiles.ini available.
@@ -464,7 +471,7 @@ ${AUTH_CMD}
 ${INVITE_CMD}

 # Unmount when done:
-fusermount -u '${INVITE_MOUNT}' || fusermount3 -u '${INVITE_MOUNT}'
+backtunnel-umount '${INVITE_MOUNT}'
 EOT
    )
  else
@@ -476,7 +483,7 @@ EOT
 ${INVITE_CMD}

 # Unmount when done:
-fusermount -u '${INVITE_MOUNT}' || fusermount3 -u '${INVITE_MOUNT}'
+backtunnel-umount '${INVITE_MOUNT}'
 EOT
    )
  fi
@@ -512,7 +519,7 @@ echo "To stop sharing early: press Ctrl+C in this window."
 # Pre-flight: warn if remote loopback port already in use (best-effort)
 # Purpose: give an actionable warning before attempting the -R bind.
 # ----------------------------
-if ssh -o BatchMode=yes -o ConnectTimeout=5 "${REMOTE_USER}@${REMOTE_HOST}" \
+if ssh -o BatchMode=yes -o StrictHostKeyChecking="$HKP" -o ConnectTimeout=5 "${REMOTE_USER}@${REMOTE_HOST}" \
     "command -v nc >/dev/null 2>&1 && nc -z 127.0.0.1 ${TUNNEL_PORT}"; then
  echo "⚠️  Port ${TUNNEL_PORT} on remote 127.0.0.1 appears in use; choose another with -p." >&2
  # You may 'exit 1' here if you prefer a hard failure
@@ -545,6 +552,7 @@ ssh -N \
  -o ExitOnForwardFailure=yes \
  -o ServerAliveInterval=15 \
  -o ServerAliveCountMax=3 \
+  -o StrictHostKeyChecking="$HKP" \
  -R "${TUNNEL_PORT}:localhost:${LOCAL_SSH_PORT}" \
  -- "${REMOTE_USER}@${REMOTE_HOST}" &
 SSH_PID=$!
--- a/scripts/backtunnel-umount
+++ b/scripts/backtunnel-umount
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-3.0-or-later
+# Name: backtunnel-umount
+# Summary: Unmount a BackTunnel FUSE mount point using the best available helper.
+# Usage:
+#   backtunnel-umount <mountpoint>
+# Notes:
+#   - Prefers fusermount3, then fusermount; falls back to umount.
+#   - Expands a leading "~" in the mountpoint.
+set -euo pipefail
+
+usage() {
+  echo "Usage: $(basename "$0") <mountpoint>" >&2
+  exit 1
+}
+
+case "${1:-}" in
+  -h|--help) usage ;;
+esac
+
+MP="${1:-}"
+[[ -n "$MP" ]] || usage
+
+# Expand leading ~
+if [[ "$MP" == "~"* ]]; then
+  MP="${MP/#\~/$HOME}"
+fi
+
+if command -v fusermount3 >/dev/null 2>&1; then
+  exec fusermount3 -u -- "$MP"
+elif command -v fusermount >/dev/null 2>&1; then
+  exec fusermount -u -- "$MP"
+else
+  exec umount -- "$MP"
+fi