From 65ede3d703d2e226d72a3e719ed85e3ef3fd16ef Mon Sep 17 00:00:00 2001 From: MOIS3Y Date: Mon, 20 Mar 2023 17:34:40 +0900 Subject: [PATCH] gogoCHAD v0.0.2 --- README.md | 103 ++++++++++++++++++++++++++++++++++++++++-- gogoCHAD.sh | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+), 3 deletions(-) create mode 100755 gogoCHAD.sh diff --git a/README.md b/README.md index 55bccbf..0055491 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,101 @@ -# gogoCHAD +```sh +█▀▀ █▀█ █▀▀ █▀█ █▀▀ █░█ ▄▀█ █▀▄ +█▄█ █▄█ █▄█ █▄█ █▄▄ █▀█ █▀█ █▄▀ +⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠛⠛⠛⠋⠉⠈⠉⠉⠉⠉⠛⠻⢿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⡿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⢿⣿⣿⣿⣿ +⣿⣿⣿⣿⡏⣀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣤⣤⣄⡀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿ +⣿⣿⣿⢏⣴⣿⣷⠀⠀⠀⠀⠀⢾⣿⣿⣿⣿⣿⣿⡆⠀⠀⠀⠀⠀⠀⠀⠈⣿⣿ +⣿⣿⣟⣾⣿⡟⠁⠀⠀⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣷⢢⠀⠀⠀⠀⠀⠀⠀⢸⣿ +⣿⣿⣿⣿⣟⠀⡴⠄⠀⠀⠀⠀⠀⠀⠙⠻⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⣿ +⣿⣿⣿⠟⠻⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠶⢴⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⣿ +⣿⣁⡀⠀⠀⢰⢠⣦⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣿⣿⣿⣿⡄⠀⣴⣶⣿⡄⣿ +⣿⡋⠀⠀⠀⠎⢸⣿⡆⠀⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⠗⢘⣿⣟⠛⠿⣼ +⣿⣿⠋⢀⡌⢰⣿⡿⢿⡀⠀⠀⠀⠀⠀⠙⠿⣿⣿⣿⣿⣿⡇⠀⢸⣿⣿⣧⢀⣼ +⣿⣿⣷⢻⠄⠘⠛⠋⠛⠃⠀⠀⠀⠀⠀⢿⣧⠈⠉⠙⠛⠋⠀⠀⠀⣿⣿⣿⣿⣿ +⣿⣿⣧⠀⠈⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠟⠀⠀⠀⠀⢀⢃⠀⠀⢸⣿⣿⣿⣿ +⣿⣿⡿⠀⠴⢗⣠⣤⣴⡶⠶⠖⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡸⠀⣿⣿⣿⣿ +⣿⣿⣿⡀⢠⣾⣿⠏⠀⠠⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠛⠉⠀⣿⣿⣿⣿ +⣿⣿⣿⣧⠈⢹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⣿⣿⣿ +⣿⣿⣿⣿⡄⠈⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⣦⣄⣀⣀⣀⣀⠀⠀⠀⠀⠘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠙⣿⣿⡟⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠁⠀⠀⠹⣿⠃⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⣿⣿⣿⣿⡿⠛⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⢐⣿⣿⣿⣿⣿⣿⣿⣿⣿ +⣿⣿⣿⣿⠿⠛⠉⠉⠁⠀⢻⣿⡇⠀⠀⠀⠀⠀⠀⢀⠈⣿⣿⡿⠉⠛⠛⠛⠉⠉ +⣿⡿⠋⠁⠀⠀⢀⣀⣠⡴⣸⣿⣇⡄⠀⠀⠀⠀⢀⡿⠄⠙⠛⠀⣀⣠⣤⣤⠄ # gogoCHAD by MOIS3Y +``` +# Companion script for Quick access to a server with VM/DCImanager 6 installed + +Allows you to quickly and in one line access the server using the generated platform administrator key. +- Safe +- Reliable +- No hassle + +## Features + +- It finds a guaranteed administrator himself +- Generates a link for authorization +- Container is very small based on Alpine Linux +- Once accessed, container and image will be deleted +- There is error handling if access cannot be obtained + +## Run with gogoCHAD: +- Get instructions and generate a key pair to access the GO server. +- Fill in the parameters in the configuration section +- Give a name to the companion script like gogo +- Give the script permission to execute chmod 754 gogo attributes should be [-rwxr-xr--] +- Place the script in a directory that is on the path of the $PATH environment variable (echo $PATH) + The paths are separated by the symbol : you can put here for example /usr/local/bin/gogo +- Restart terminal + +## The syntax to connect is: +```sh + gogo --vm host.domain.zone 22 + gogo --dci host.domain.zone 2222 + gogo --bill host.domain.zone 22 + gogo --vm 8.8.8.8 220122 + gogo --dns 8.8.8.8 # (without specifying a port, the default port 22 will be used) +``` + + + + +## Info: +Environment variables are used as input to the container: +| ENV | VM6 | DCI6 | +| ------ | ------ |------ | +| PLATFORM | vm |dci | +| CLIENT_HOST |ip |ip | + +To obtain the VM/DCImanager access key, a container is downloaded to the client server, +which connects to the platform stack makes a query to the database receives a list of 10 +finds the first guaranteed admin among them +most likely it will be id 2 or 3. +The container then makes a request to get the key +passing admin id or email via internal authentication api. + + After the container has completed and returns the output with access, it will automatically be deleted. + The command sent by this script also includes a command that will remove the image from + client server, so access leaves no trace on the server. + In addition, the container reads config.json with read-only permissions, while querying the database and + obtaining a key does not affect the operation of the platform and does not make changes. + + Access to panels of the 5th generation remains the same if the client server listens only on port 443 +will have to remove it from the link. +When the container is updated, you will need to replace the version tag in the configuration: 0.0.x + + + + +### Known issues: + +- Sometimes the key for DCI/VMmanager 6 may work, +therefore, this problem is solved by connecting by cookies. +- If the client did not provide a port or access is denied, the access script will not work, +you need to find out the correct port and ask to remove the firewall restrictions. +Moreover, if these are panels of the 5th generation, you will receive an access link, but it will not work as expected +this is due to the fact that the link is generated before the request to the client server. -Companion script for QuickAccess helps to remotely access the web interface of VM/DCImanager 6. -Also for 5th generation control panels \ No newline at end of file diff --git a/gogoCHAD.sh b/gogoCHAD.sh new file mode 100755 index 0000000..987b5bc --- /dev/null +++ b/gogoCHAD.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash + +# █▀▀ █▀█ █▄░█ █▀▀ █ █▀▀ +# █▄▄ █▄█ █░▀█ █▀░ █ █▄█ +# --------------------------------------- + +# REQUIRED: +go_server="ssh.ispsystem.net" # set here GO server address +key_path="/home/stepan/.ssh/ispkeys/ISP_ecdsa" # set here fullpath to you private ssh_key +key_username="s.zhukovskii" # set first half your name from corp email + +# UPGRADABLE OVER TIME +image="mois3y/isp_support:0.0.2" # set image helpfull image for access to VM/DCI + +# OPTIONAL: +hide_output=">> /dev/null" # uncomment this line to hide image pull and rm info + + + +# █▀▄▀█ ▄▀█ █ █▄░█ +# █░▀░█ █▀█ █ █░▀█ +# ---------------------------- + +# Check second arument (if empty set default 22 port) +if ! [ -z $3 ]; then PORT=$3; else PORT=22; fi + +# Parse address +address=$(echo $2 | egrep -o '[a-zA-Z0-9\.\-]+\.[a-zA-Z0-9\.\-]+') + +# SSH full command: +ssh_run="ssh -t -i $key_path $key_username@$go_server go $address -p$PORT" + +# Access functions: +access_vmdci() { + # bin command: + docker_pull="/usr/bin/docker pull $image $hide_output" + docker_rm="/usr/bin/docker image rm $image $hide_output" # delete image from client host + docker_run="/usr/bin/docker run" + + # docker command params: + conf_file="/opt/ispsystem/$platform/config.json" + scripts_path="/root" + + mount_conf="--mount type=bind,source=$conf_file,target=/app/config.json,readonly" + mount_host="--mount type=bind,source=$scripts_path,target=/app/host" + + # start container: + container_params="$network $mount_conf $mount_host -e PLATFORM=$platform -e CLIENT_HOST=$address --rm $image" + + # ENTRYPOINT: + echo "Сonnect to client server and get access to web UI please wait...." + $ssh_run "$docker_pull && $docker_run $container_params && $docker_rm" + echo "Сonnect to client server again with ssh session please wait...." + $ssh_run + +} + +access_fivegen() { + KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + # bin command: + key_gen="/usr/local/mgr5/sbin/mgrctl -m $panel session.newkey key=$KEY" + + # ENTRYPOINT: + echo "Сonnect to client server and get access to web UI please wait...." + $ssh_run "$key_gen" + echo "" + echo "Your access link:" + echo "" + echo "=============================================================================" + echo "https://$address:1500/$panel?func=auth&key=$KEY" + echo "=============================================================================" + echo "" + echo "Сonnect to client server again with ssh session please wait...." + echo "" + $ssh_run +} + + +if [[ "$1" == "--vm" ]]; then + platform="vm" + network="--network=vm_vm_box_net" + access_vmdci + +elif [[ "$1" == "--dci" ]]; then + platform="dci" + network="--network=dci_auth" + access_vmdci + +elif [[ "$1" == "--bill" ]]; then + panel="billmgr" + access_fivegen + +elif [[ "$1" == "--ip" ]]; then + panel="ipmgr" + access_fivegen + +elif [[ "$1" == "--dns" ]]; then + panel="dnsmgr" + access_fivegen + +elif [[ "$1" == "--vm5" ]]; then + panel="vmmgr" + access_fivegen + +elif [[ "$1" == "--dci5" ]]; then + panel="dcimgr" + access_fivegen + +else + cat <<- EOF +============================================ + Usage : access.sh host port --panel + + Available Control panels: + + --vm + --dci + --bill + --ip + --dns + --vm5 + --dci5 + +============================================= + EOF +fi +