#!/bin/bash
#
# Alternate Access Tunnel for Remote Hosts
#
# Opens an SSH connection to a central aggregation host and forwards the local
# SSH port over that connection. This allows remote connections to the server
# from the central aggregation host. In the absence of true OOB recovery
# systems this mechanism provides some OOB recovery capability provided the
# entire internet connection is not down.
#

KEY=/root/.ssh/phonehome.id_rsa
CRONTAB=/var/spool/cron/crontabs/root
CRON_ENTRY="*/5 * * * * /root/phonehome.sh"

DEFAULT_HOST="phonehome.crute.me"

# Alt host hedges against DNS being down if the default DNS server is on the
# wrong side of a collapsed ssh tunnel
#
# Grab only answers starting with numbers since we're trying to resolve the IP
# itself not the hostname (in the absence of normal DNS). Grab the first numeric
# answer in the case of multiple records
ALT_HOST=$(dig +short @8.8.8.8 phonehome.crute.me | awk '/^[0-9]+/ { print $0; exit; }')

function start_autossh {
    autossh -f \
        -gNxCT \
        -l phonehome -p 4321 $1 \
        -i $KEY \
        -R $REMOTE_PORT:localhost:22
}

if [ ! -f /etc/default/phonehome ]; then
    echo "echo 'REMOTE_PORT=1234' > /etc/default/phonehome"
    exit 1
else
    source /etc/default/phonehome
fi

if ! grep 'phonehome.sh' $CRONTAB 2>&1 > /dev/null; then
    echo "Not in crontab, adding"
    echo "$CRON_ENTRY" >> $CRONTAB
else
    if ! grep -F "$CRON_ENTRY" $CRONTAB 2>&1 > /dev/null; then
        echo "In crontab but not correct, fixing"
        sed -i '/phonehome.sh/d' $CRONTAB
        echo "$CRON_ENTRY" >> $CRONTAB
    fi
fi

if ! pgrep autossh > /dev/null; then
    start_autossh $ALT_HOST
fi