]>
Commit | Line | Data |
---|---|---|
ac1cfefa | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
e918b62a | 5 | # Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> # |
70df8302 MT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ac1cfefa MT |
21 | |
22 | use strict; | |
23 | ||
24 | # enable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
27 | ||
9159bd4b PM |
28 | use IO::Socket; |
29 | ||
986e08d9 | 30 | require '/var/ipfire/general-functions.pl'; |
9159bd4b | 31 | require "${General::swroot}/geoip-functions.pl"; |
ac1cfefa MT |
32 | require "${General::swroot}/lang.pl"; |
33 | require "${General::swroot}/header.pl"; | |
34 | ||
9159bd4b PM |
35 | my %color = (); |
36 | my %mainsettings = (); | |
ac1cfefa MT |
37 | my %remotesettings=(); |
38 | my %checked=(); | |
39 | my $errormessage=''; | |
113cd628 | 40 | my $counter = 0; |
ac1cfefa | 41 | |
9159bd4b PM |
42 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); |
43 | &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); | |
44 | ||
ac1cfefa MT |
45 | &Header::showhttpheaders(); |
46 | ||
47 | $remotesettings{'ENABLE_SSH'} = 'off'; | |
ac1cfefa MT |
48 | $remotesettings{'ENABLE_SSH_PORTFW'} = 'off'; |
49 | $remotesettings{'ACTION'} = ''; | |
50 | &Header::getcgihash(\%remotesettings); | |
51 | ||
05c71989 | 52 | if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" ) |
ac1cfefa MT |
53 | { |
54 | # not existing here indicates the box is unticked | |
55 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
56 | $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
57 | ||
58 | ||
59 | &General::writehash("${General::swroot}/remote/settings", \%remotesettings); | |
60 | if ($remotesettings{'ENABLE_SSH'} eq 'on') | |
61 | { | |
62 | &General::log($Lang::tr{'ssh is enabled'}); | |
63 | if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off' | |
64 | and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off') | |
65 | { | |
66 | $errormessage = $Lang::tr{'ssh no auth'}; | |
67 | } | |
9833e7d8 | 68 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); |
ac1cfefa MT |
69 | } |
70 | else | |
71 | { | |
72 | &General::log($Lang::tr{'ssh is disabled'}); | |
73 | unlink "${General::swroot}/remote/enablessh"; | |
74 | } | |
6624878a JPT |
75 | |
76 | if ($remotesettings{'SSH_PORT'} eq 'on') | |
77 | { | |
78 | &General::log("SSH Port 22"); | |
79 | } | |
80 | else | |
81 | { | |
82 | &General::log("SSH Port 222"); | |
83 | } | |
84 | ||
113cd628 CS |
85 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){ |
86 | if ($remotesettings{'ENABLE_SSH'} eq 'off') | |
87 | { | |
88 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); | |
89 | system('/usr/local/bin/sshctrl'); | |
90 | } | |
91 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;} | |
92 | elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;} | |
93 | ||
94 | system("/usr/local/bin/sshctrl tempstart $counter >/dev/null"); | |
70db8683 CS |
95 | } |
96 | else { | |
900832fa | 97 | system('/usr/local/bin/sshctrl') == 0 |
ac1cfefa | 98 | or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; |
70db8683 | 99 | } |
ac1cfefa MT |
100 | } |
101 | ||
102 | &General::readhash("${General::swroot}/remote/settings", \%remotesettings); | |
103 | ||
104 | # not existing here means they're undefined and the default value should be | |
105 | # used | |
106 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
107 | $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
e918b62a | 108 | $remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'}; |
ac1cfefa MT |
109 | |
110 | $checked{'ENABLE_SSH'}{'off'} = ''; | |
111 | $checked{'ENABLE_SSH'}{'on'} = ''; | |
112 | $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'"; | |
ac1cfefa MT |
113 | $checked{'ENABLE_SSH_PORTFW'}{'off'} = ''; |
114 | $checked{'ENABLE_SSH_PORTFW'}{'on'} = ''; | |
115 | $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'"; | |
116 | $checked{'ENABLE_SSH_PASSWORDS'}{'off'} = ''; | |
117 | $checked{'ENABLE_SSH_PASSWORDS'}{'on'} = ''; | |
118 | $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'"; | |
119 | $checked{'ENABLE_SSH_KEYS'}{'off'} = ''; | |
120 | $checked{'ENABLE_SSH_KEYS'}{'on'} = ''; | |
121 | $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'"; | |
6624878a JPT |
122 | $checked{'SSH_PORT'}{'off'} = ''; |
123 | $checked{'SSH_PORT'}{'on'} = ''; | |
124 | $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'"; | |
e918b62a PM |
125 | $checked{'SSH_AGENT_FORWARDING'}{'off'} = ''; |
126 | $checked{'SSH_AGENT_FORWARDING'}{'on'} = ''; | |
127 | $checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'"; | |
ac1cfefa MT |
128 | |
129 | &Header::openpage($Lang::tr{'remote access'}, 1, ''); | |
130 | ||
131 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
132 | ||
133 | if ($errormessage) { | |
134 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
c1a07263 | 135 | print "<font class='base'>$errormessage </font>\n"; |
ac1cfefa MT |
136 | &Header::closebox(); |
137 | } | |
138 | ||
139 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
140 | ||
748cfb0b | 141 | &Header::openbox('100%', 'left', $Lang::tr{'ssh'}); |
ac1cfefa MT |
142 | print <<END |
143 | <table width='100%'> | |
144 | <tr> | |
145 | <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td> | |
146 | <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td> | |
147 | </tr> | |
0851afba MT |
148 | <tr> |
149 | <td> </td> | |
150 | <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td> | |
151 | <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td> | |
152 | </tr> | |
ac1cfefa MT |
153 | <tr> |
154 | <td> </td> | |
155 | <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td> | |
156 | <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td> | |
157 | </tr> | |
158 | <tr> | |
159 | <td> </td> | |
160 | <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td> | |
161 | <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td> | |
162 | </tr> | |
163 | <tr> | |
164 | <td> </td> | |
165 | <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td> | |
166 | <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td> | |
167 | </tr> | |
6624878a JPT |
168 | <tr> |
169 | <td> </td> | |
170 | <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td> | |
171 | <td width='100%' class='base'>$Lang::tr{'ssh port'}</td> | |
172 | </tr> | |
ac1cfefa | 173 | <tr> |
748cfb0b | 174 | <td align='right' colspan='3'> |
bba7212c MT |
175 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' /> |
176 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' /> | |
177 | <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td> | |
ac1cfefa MT |
178 | </tr> |
179 | </table> | |
180 | END | |
181 | ; | |
182 | &Header::closebox(); | |
183 | ||
184 | print "</form>\n"; | |
185 | ||
ea566f84 | 186 | &Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'}); |
ac1cfefa | 187 | |
ea566f84 | 188 | print "<table class='tbl'>\n"; |
ac1cfefa MT |
189 | |
190 | print <<END | |
ea566f84 PM |
191 | <thead> |
192 | <tr> | |
193 | <th align="center"><strong>$Lang::tr{'ssh key'}</strong></th> | |
194 | <th align="center"><strong>$Lang::tr{'type'}</strong></th> | |
195 | <th align="center"><strong>$Lang::tr{'ssh fingerprint'}</strong></th> | |
196 | <th align="center"><strong>$Lang::tr{'ssh key size'}</strong></th> | |
197 | </tr> | |
198 | </thead> | |
199 | <tbody> | |
ac1cfefa MT |
200 | END |
201 | ; | |
202 | ||
203 | &viewkey("/etc/ssh/ssh_host_key.pub","RSA1"); | |
204 | &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2"); | |
205 | &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA"); | |
abcbbd1f | 206 | &viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA"); |
c924c7d1 | 207 | &viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519"); |
ac1cfefa | 208 | |
ea566f84 | 209 | print "</tbody>\n</table>\n"; |
ac1cfefa MT |
210 | |
211 | &Header::closebox(); | |
212 | ||
ea566f84 | 213 | &Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'}); |
9159bd4b PM |
214 | |
215 | print <<END; | |
216 | <table class="tbl" width='66%'> | |
217 | <thead> | |
218 | <tr> | |
219 | <th align="center"> | |
220 | <strong>$Lang::tr{'ssh username'}</strong> | |
221 | </th> | |
222 | <th align="center"> | |
223 | <strong>$Lang::tr{'ssh login time'}</strong> | |
224 | </th> | |
225 | <th align="center"> | |
226 | <strong>$Lang::tr{'ip address'}</strong> | |
227 | </th> | |
228 | <th align="center"> | |
229 | <strong>$Lang::tr{'country'}</strong> | |
230 | </th> | |
231 | <th align="center"> | |
232 | <strong>$Lang::tr{'rdns'}</strong> | |
233 | </th> | |
234 | </tr> | |
235 | </thead> | |
236 | <tbody> | |
237 | END | |
238 | ||
239 | &printactivelogins(); | |
240 | ||
241 | print "</tbody>\n</table>\n"; | |
242 | ||
243 | &Header::closebox(); | |
244 | ||
ac1cfefa MT |
245 | &Header::closebigbox(); |
246 | ||
247 | &Header::closepage(); | |
248 | ||
249 | ||
250 | sub viewkey | |
251 | { | |
252 | my $key = $_[0]; | |
253 | my $name = $_[1]; | |
254 | ||
255 | if ( -e $key ) | |
256 | { | |
257 | my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`); | |
258 | my $keysize = &Header::cleanhtml($temp[0],"y"); | |
259 | my $fingerprint = &Header::cleanhtml($temp[1],"y"); | |
ea566f84 | 260 | print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n"; |
ac1cfefa MT |
261 | } |
262 | } | |
9159bd4b PM |
263 | |
264 | sub printactivelogins() | |
265 | { | |
266 | # print active SSH logins (grep outpout of "who -s") | |
267 | my $command = "who -s"; | |
268 | my @output = `$command`; | |
269 | chomp(@output); | |
270 | ||
271 | my $id = 0; | |
272 | ||
273 | if ( scalar(@output) == 0 ) | |
274 | { | |
275 | # no logins appeared | |
276 | my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; | |
277 | print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n"; | |
278 | } else { | |
279 | # list active logins... | |
280 | ||
281 | foreach my $line (@output) | |
282 | { | |
283 | my @arry = split(/\ +/, $line); | |
284 | ||
285 | my $username = @arry[0]; | |
286 | my $logintime = join(' ', @arry[2..4]); | |
287 | my $remoteip = @arry[5]; | |
288 | $remoteip =~ s/[()]//g; | |
289 | ||
290 | # display more information about that IP adress... | |
291 | my $ccode = &GeoIP::lookup($remoteip); | |
292 | my $flag_icon = &GeoIP::get_flag_icon($ccode); | |
293 | ||
294 | # get rDNS... | |
295 | my $iaddr = inet_aton($remoteip); | |
296 | my $rdns = gethostbyaddr($iaddr, AF_INET); | |
297 | if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }; | |
298 | ||
299 | my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; | |
300 | ||
301 | print <<END; | |
302 | <tr bgcolor='$table_colour'> | |
303 | <td>$username</td> | |
304 | <td>$logintime</td> | |
ea566f84 | 305 | <td align='center'><a href='ipinfo.cgi?ip=$remoteip'>$remoteip</a></td> |
9159bd4b PM |
306 | <td align='center'><a href='country.cgi#$ccode'><img src='$flag_icon' border='0' alt='$ccode' title='$ccode' /></a></td> |
307 | <td>$rdns</td> | |
308 | </tr> | |
309 | END | |
310 | ; | |
311 | } | |
312 | } | |
313 | } |