让他以其他用户运行,比如用户名为”user"
#!/bin/ksh
su - user -s /bin/ksh "/home/ssh_monitor.sh $*"
ssh_monitor.sh:
#!/bin/ksh
###### config ########
LOGFILE="./ssh_admin.log"
KNOWN_HOSTS="/home/user/.ssh/known_hosts"
ssh_pid='0'
BREAK_OUT='N'
STATE_KEY_STRING='ESTABLISHED'
hasUserConnected=0
########## ssh forward ##########
SSH_PORT='22'
REMOTE_HOST='192.168.1.142'
REMOTE_HTTP_PORT='22003'
USER_NAME='user'
total_seconds=600
############end################
isClientExit()
{
#echo "enter isClientExit"
# Is the tunnel up? Perform two tests:
# 1. Check for relevant process ($COMMAND)
#pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND
# 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST
echo "ssh -p $SSH_PORT $USER_NAME@$REMOTE_HOST netstat -an |egrep \"tcp.*:$REMOTE_HTTP_PORT.*$STATE_KEY_STRING\" |wc -l"
num=$(ssh -p $SSH_PORT $USER_NAME@$REMOTE_HOST netstat -an |egrep "tcp.*:$REMOTE_HTTP_PORT.*$STATE_KEY_STRING" |wc -l) \
> /dev/null 2>&1
if (( hasUserConnected == 1 && num ==0 ))
then
echo "Client has exited." >> $LOGFILE
BREAK_OUT='Y'
elif (( num != 0 && hasUserConnected == 0 ))
then
echo "Client has connected." >> $LOGFILE
hasUserConnected=1
fi
}
trap_exit()
{
print "Enter trap_exit" >> $LOGFILE
#post_event_script
BREAK_OUT='Y'
}
post_event_script()
{
print "Enter post_event_script " >> $LOGFILE
#ps -ef|grep "ssh " | grep -v grep | awk '{print $2}'| read kill_pids
#echo $kill_pids
echo "kill -9 ${ssh_pid}" >> $LOGFILE
kill -9 "$ssh_pid"
ssh-keygen -R $REMOTE_HOST
return 0
}
################
# start of main#
################
trap 'trap_exit' 1 2 3 15
[[ ! -s $LOGFILE ]] && touch $LOGFILE
[[ ! -s $KNOWN_HOSTS ]] && touch $KNOWN_HOSTS
echo "##################################################" >> $LOGFILE
echo "SSH tunnel Start." >> $LOGFILE
echo "wait..." >> $LOGFILE
######### process paramter ############
echo $*
while getopts ":p:u:r:o:" arg #选项后面的冒号表示该选项需要参数
do
case $arg in
p)
REMOTE_HTTP_PORT=$OPTARG
;;
u)
USER_NAME=$OPTARG
;;
r)
REMOTE_HOST=$OPTARG
;;
o)
total_seconds=$OPTARG
;;
?) #当有不认识的选项的时候arg为?
echo "unkonw argument"
exit 1
;;
esac
done
echo "++++++++++++++++++++++++++"
echo $REMOTE_HOST
echo $USER_NAME
echo $REMOTE_HTTP_PORT
echo $total_seconds
echo "++++++++++++++++++++++++++"
echo $SHELL
#ssh -p 22003 user@127.0.0.1
#echo "ssh -R 22003:127.0.0.1:22 -N user@192.168.1.142 "
# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND="ssh -o "\'"StrictHostKeyChecking no"\'" -p $SSH_PORT -q -N -R $REMOTE_HOST:$REMOTE_HTTP_PORT:127.0.0.1:$SSH_PORT $USER_NAME@$REMOTE_HOST"
echo $COMMAND
ksh "$COMMAND" |& #????? 'StrictHostKeyChecking no' has no method to make it legal.
#ssh -o 'StrictHostKeyChecking no' -p $SSH_PORT -q -N -R $REMOTE_HOST:$REMOTE_HTTP_PORT:127.0.0.1:$SSH_PORT $USER_NAME@$REMOTE_HOST &
ssh_pid=$!
echo "ssh pid: ${ssh_pid}" >> $LOGFILE
until (( total_seconds == 0 ))
do
isClientExit
echo $BREAK_OUT
if [[ $BREAK_OUT = 'Y' ]]
then
break
fi
(( total_seconds = total_seconds-1 ))
sleep 1
# echo "after sleep 1s"
# echo "$total_seconds"
done
##kill all ssh and -R;
post_event_script
exit 0