Part 6B: Automatically Connect/Disconnect SSH connection

Control your SSH connection from a webpage

Instead of having the reverse SSH connection from your office to your home computer be always on, it would be nice to just be able to turn it on when needed.
This is done using a webpage which the office server checks every 15 minutes.

This means that the SSH connection is not left on all the time -- so it is harder to detect.
Also, I've added a random sleep time so that instead of checking the controlling website every 15 minutes, it checks at some random number of minutes between 12 and 18. This should also make it harder to detect, but I don't really know if it makes a difference.

Make a webpage with appropriate cgi scripts

  • This webpage will set the text in another file to be either YES or NO
  • You must keep the name of the webpage secret or other people can control your connection.
  • For this example it is called ssh_buttons.html
  • This webpage (illustrated below) will write YES or NO to the file http://mysite.com/sshonoff.txt.
  • You can also just look at this webpage to see what the connection status is
  • There may be problems with your browser caching the result so that you won't see that the status has changed. I've tried to set no-cache in all the appropriate places.

First get the HTML for this webpage here
Save it to your website (mysite.com) under some name that can't be guessed (ssh_buttons.html)
Now put the following script on your website (mysite.com) in the /cgi-bin folder and call it connection.pl
This is the script that writes YES or NO to the file sshonoff.txt depending on which button was clicked on the page above.
You will probably have to fiddle with the paths depending on your ISP
#!/usr/bin/perl use CGI qw/:standard/; use CGI::Carp qw(fatalsToBrowser); ### read(STDIN, my $Data, $ENV{'CONTENT_LENGTH'}); (my $Name, my $Val) = split(/=/, $Data); #### open FILE, ">../public_html/mysite.com/sshonoff.txt" or die $!; if ($Name eq "btnYes") { # Button1 was clicked, write YES to the file sshonoff.txt print FILE "YES"; } elsif ($Name eq "btnNo") { # Button3 was clicked, write NO .... print FILE "NO"; } else { # No button clicked; ... } close FILE; ### # print redirect('http://mysite.com/ssh_buttons.html'); # Need to sleep for 10 seconds first! print <<EOF; Content-Type: text/html <HTML> <HEAD> </HEAD> <Body> $ENV{REMOTE_ADDR} <br> CONTENT_LENGTH = $ENV{'CONTENT_LENGTH'} <br> DATA = $Data <br> NAME= $Name<br> Val = $Val<br> <!-- UNCOMMENT THIS TO GO BACK TO THE ORIGINAL PAGE. But needs CACHE refreshing <script type=text/javascript> history.go(-1);return true; </script> --> </BODY> </HTML> EOF ### The following doesn't seem to be used for anything. They probably didn't work. #<BODY onLoad="Javascript:history.back();"> # $pagetoopen = "http:\/\/mysite.com\/ssh_buttons.html"; # "Location.href=$pagetoopen\n";

On WorkLinSrv write a script to check the webpage

This will check the file "http://mysite.com/sshonoff.txt" and see if it says YES or NO.
If YES then it makes a connection if none exists.
If NO then it kills any connection that exists.

On your linux server at work, copy the following into $HOME/scripts/controlSSH
Make the script executable by running: chmod u+x controlSSH
Hopefully the > and < signs get copied ok and don't get messed up by HTML
#!/bin/bash #control script to start / stop SSH #MUST have no-cache or it takes hours for the cache to clear wget http://mysite.com/sshonoff.txt -O /home/osmium/scripts/onoff.txt --no-cache #for logging delete this text: #LOG: #DT=`date` #LOG: echo "\n\n$DT\tControlSSH" >> $HOME/scripts/sshconnect.log if [ `cat $HOME/scripts/onoff.txt` = 'NO' ]; then #need to kill ssh ANS1=`ps -ef | grep ssh | grep StrictHostKey` PID=`echo $ANS1 | awk '{ print $2 }'` kill $PID #LOG: echo "NO : EXIT" >> $HOME/scripts/sshconnect.log exit 0 fi #LOG: echo "YES: CONTINUE" >> $HOME/scripts/sshconnect.log #make a random number between 1 and 6 RAND=`tr -dc '1-6' < /dev/urandom | head -c 1` #DEBUG echo $RAND #sleep for a random # of minutes (1-6) (for non-detection) sleep "$RAND"m #now start sshstarter (this will see if SSH is already running) $HOME/scripts/sshstarter
Now put the following into crontab
Note that we no longer use sshstarter. It is replaced with controlSSH
# crontab ... # every 15 minutes check for SSH connection #*/15 * * * * $HOME/scripts/sshstarter # every 12 minutes check. script wil sleep for 1-6 minutes */12 * * * * $HOME/scripts/controlSSH # midnight once a week: 0 0 * */2 * mv $HOME/scripts/sshconnect.log $HOME/scripts/sshconnect.log.old

Automate using scripts

These two scripts can be typed at the commandline to turn the connection on and off (doing exactly the same thing as the buttons do). Sometimes this is preferable to firing up a browser, etc.
They can be put on any Linux computer, and you could probably easily modify them to work in batch files in Windows.

Save the following into $HOME/bin/workon
#!/bin/bash curl http://mysite.com/cgi-bin/connectY.pl
Save the following into $HOME/bin/workoff
#!/bin/bash curl http://mysite.com/cgi-bin/connectN.pl
Now make the scripts executable by running: chmod u+x work*
Now put these two scripts (connectY.pl and connectN.pl) into /cgi-bin on your website.
You'll have to change the path to sshonoff.txt depending on your ISP.
connectY.pl
#!/usr/bin/perl use CGI qw/:standard/; use CGI::Carp qw(fatalsToBrowser); ### open FILE, ">../public_html/mysite.com/sshonoff.txt" or die $!; print FILE "YES"; close FILE; print <<EOF; Content-Type: text/html <HTML>yes</HTML> EOF
connectN.pl
#!/usr/bin/perl use CGI qw/:standard/; use CGI::Carp qw(fatalsToBrowser); ### open FILE, ">../public_html/mysite.com/sshonoff.txt" or die $!; print FILE "NO"; close FILE; print <<EOF; Content-Type: text/html <HTML>no</HTML> EOF