#!/bin/sh
#
# Alternate Access Tunnel for Remote Hosts
#
# Opens an SSH connection to a central aggregation host and forwards the local
# SSH port over that connection. This allows remote connections to the server
# from the central aggregation host. In the absence of true OOB recovery
# systems this mechanism provides some OOB recovery capability provided the
# entire internet connection is not down.
#

SSH_KEY=${SSH_KEY:-/srv/phonehome/phonehome.id_rsa}

DEFAULT_HOST="phonehome.crute.me"
REMOTE_PORT="4321"

if [ -z "$FWD_PORT" ]; then
    echo "No FWD_PORT was found in environment"
    exit 1
fi

if [ ! -r "$SSH_KEY" ]; then
    echo "Unable to read '$SSH_KEY', verify it is mounted and readable by $(id -nu)"
    exit 1
fi 

# Alt host hedges against DNS being down if the default DNS server is on the
# wrong side of a collapsed ssh tunnel
#
# Grab only answers starting with numbers since we're trying to resolve the IP
# itself not the hostname (in the absence of normal DNS). Grab the first numeric
# answer in the case of multiple records 
HOST_IP=$(dig +short @8.8.8.8 $DEFAULT_HOST | awk '/^[0-9]+/ { print $0; exit; }') 

while true; do
    if ! pgrep autossh > /dev/null; then
        echo "[$(date -Iseconds)] Starting autossh"
        /usr/bin/autossh -M 2000 -gNxCT \
            -o StrictHostKeyChecking=no \
            -i $SSH_KEY \
            -R $FWD_PORT:localhost:22 \
            -l phonehome -p $REMOTE_PORT \
            $HOST_IP
        echo $?
    fi
    sleep 30
done