]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/remote.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
remote.cgi: Move SSH Agent Forwarding to the top
[ipfire-2.x.git] / html / cgi-bin / remote.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 use IO::Socket;
29
30 require '/var/ipfire/general-functions.pl';
31 require "${General::swroot}/geoip-functions.pl";
32 require "${General::swroot}/lang.pl";
33 require "${General::swroot}/header.pl";
34
35 my %color = ();
36 my %mainsettings = ();
37 my %remotesettings=();
38 my %checked=();
39 my $errormessage='';
40 my $counter = 0;
41
42 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
43 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
44
45 &Header::showhttpheaders();
46
47 $remotesettings{'ENABLE_SSH'} = 'off';
48 $remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
49 $remotesettings{'ACTION'} = '';
50 &Header::getcgihash(\%remotesettings);
51
52 if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" )
53 {
54 # not existing here indicates the box is unticked
55 $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
56 $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
57
58
59 &General::writehash("${General::swroot}/remote/settings", \%remotesettings);
60 if ($remotesettings{'ENABLE_SSH'} eq 'on')
61 {
62 &General::log($Lang::tr{'ssh is enabled'});
63 if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'
64 and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off')
65 {
66 $errormessage = $Lang::tr{'ssh no auth'};
67 }
68 system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
69 }
70 else
71 {
72 &General::log($Lang::tr{'ssh is disabled'});
73 unlink "${General::swroot}/remote/enablessh";
74 }
75
76 if ($remotesettings{'SSH_PORT'} eq 'on')
77 {
78 &General::log("SSH Port 22");
79 }
80 else
81 {
82 &General::log("SSH Port 222");
83 }
84
85 if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
86 if ($remotesettings{'ENABLE_SSH'} eq 'off')
87 {
88 system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
89 system('/usr/local/bin/sshctrl');
90 }
91 if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
92 elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
93
94 system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
95 }
96 else {
97 system('/usr/local/bin/sshctrl') == 0
98 or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
99 }
100 }
101
102 &General::readhash("${General::swroot}/remote/settings", \%remotesettings);
103
104 # not existing here means they're undefined and the default value should be
105 # used
106 $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
107 $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
108 $remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'};
109
110 $checked{'ENABLE_SSH'}{'off'} = '';
111 $checked{'ENABLE_SSH'}{'on'} = '';
112 $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";
113 $checked{'ENABLE_SSH_PORTFW'}{'off'} = '';
114 $checked{'ENABLE_SSH_PORTFW'}{'on'} = '';
115 $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";
116 $checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';
117 $checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';
118 $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";
119 $checked{'ENABLE_SSH_KEYS'}{'off'} = '';
120 $checked{'ENABLE_SSH_KEYS'}{'on'} = '';
121 $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";
122 $checked{'SSH_PORT'}{'off'} = '';
123 $checked{'SSH_PORT'}{'on'} = '';
124 $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
125 $checked{'SSH_AGENT_FORWARDING'}{'off'} = '';
126 $checked{'SSH_AGENT_FORWARDING'}{'on'} = '';
127 $checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'";
128
129 &Header::openpage($Lang::tr{'remote access'}, 1, '');
130
131 &Header::openbigbox('100%', 'left', '', $errormessage);
132
133 if ($errormessage) {
134 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
135 print "<font class='base'>$errormessage&nbsp;</font>\n";
136 &Header::closebox();
137 }
138
139 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
140
141 &Header::openbox('100%', 'left', $Lang::tr{'ssh'});
142 print <<END
143 <table width='100%'>
144 <tr>
145 <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
146 <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
147 </tr>
148 <tr>
149 <td>&nbsp;</td>
150 <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td>
151 <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td>
152 </tr>
153 <tr>
154 <td>&nbsp;</td>
155 <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
156 <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>
157 </tr>
158 <tr>
159 <td>&nbsp;</td>
160 <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>
161 <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>
162 </tr>
163 <tr>
164 <td>&nbsp;</td>
165 <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>
166 <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
167 </tr>
168 <tr>
169 <td>&nbsp;</td>
170 <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
171 <td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
172 </tr>
173 <tr>
174 <td align='right' colspan='3'>
175 <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
176 <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' />
177 <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
178 </tr>
179 </table>
180 END
181 ;
182 &Header::closebox();
183
184 print "</form>\n";
185
186 &Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'});
187
188 print "<table class='tbl'>\n";
189
190 print <<END
191 <thead>
192 <tr>
193 <th align="center"><strong>$Lang::tr{'ssh key'}</strong></th>
194 <th align="center"><strong>$Lang::tr{'type'}</strong></th>
195 <th align="center"><strong>$Lang::tr{'ssh fingerprint'}</strong></th>
196 <th align="center"><strong>$Lang::tr{'ssh key size'}</strong></th>
197 </tr>
198 </thead>
199 <tbody>
200 END
201 ;
202
203 &viewkey("/etc/ssh/ssh_host_key.pub","RSA1");
204 &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");
205 &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");
206 &viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA");
207 &viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519");
208
209 print "</tbody>\n</table>\n";
210
211 &Header::closebox();
212
213 &Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'});
214
215 print <<END;
216 <table class="tbl" width='66%'>
217 <thead>
218 <tr>
219 <th align="center">
220 <strong>$Lang::tr{'ssh username'}</strong>
221 </th>
222 <th align="center">
223 <strong>$Lang::tr{'ssh login time'}</strong>
224 </th>
225 <th align="center">
226 <strong>$Lang::tr{'ip address'}</strong>
227 </th>
228 <th align="center">
229 <strong>$Lang::tr{'country'}</strong>
230 </th>
231 <th align="center">
232 <strong>$Lang::tr{'rdns'}</strong>
233 </th>
234 </tr>
235 </thead>
236 <tbody>
237 END
238
239 &printactivelogins();
240
241 print "</tbody>\n</table>\n";
242
243 &Header::closebox();
244
245 &Header::closebigbox();
246
247 &Header::closepage();
248
249
250 sub viewkey
251 {
252 my $key = $_[0];
253 my $name = $_[1];
254
255 if ( -e $key )
256 {
257 my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
258 my $keysize = &Header::cleanhtml($temp[0],"y");
259 my $fingerprint = &Header::cleanhtml($temp[1],"y");
260 print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
261 }
262 }
263
264 sub printactivelogins()
265 {
266 # print active SSH logins (grep outpout of "who -s")
267 my $command = "who -s";
268 my @output = `$command`;
269 chomp(@output);
270
271 my $id = 0;
272
273 if ( scalar(@output) == 0 )
274 {
275 # no logins appeared
276 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
277 print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n";
278 } else {
279 # list active logins...
280
281 foreach my $line (@output)
282 {
283 my @arry = split(/\ +/, $line);
284
285 my $username = @arry[0];
286 my $logintime = join(' ', @arry[2..4]);
287 my $remoteip = @arry[5];
288 $remoteip =~ s/[()]//g;
289
290 # display more information about that IP adress...
291 my $ccode = &GeoIP::lookup($remoteip);
292 my $flag_icon = &GeoIP::get_flag_icon($ccode);
293
294 # get rDNS...
295 my $iaddr = inet_aton($remoteip);
296 my $rdns = gethostbyaddr($iaddr, AF_INET);
297 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; };
298
299 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
300
301 print <<END;
302 <tr bgcolor='$table_colour'>
303 <td>$username</td>
304 <td>$logintime</td>
305 <td align='center'><a href='ipinfo.cgi?ip=$remoteip'>$remoteip</a></td>
306 <td align='center'><a href='country.cgi#$ccode'><img src='$flag_icon' border='0' alt='$ccode' title='$ccode' /></a></td>
307 <td>$rdns</td>
308 </tr>
309 END
310 ;
311 }
312 }
313 }
IPFire 2.x development tree