Files

send_ip_telegram.service => /etc/systemd/system/send_ip_telegram.service

send_ip_telegram.sh => /usr/local/bin/send_ip_telegram.sh

99-send-ip-to-telegram => /lib/dhcpcd/dhcpcd-hooks/99-send-ip-to-telegram

autossh-tunnel.service => /etc/systemd/system/autossh-tunnel.service

Configure server

sudo adduser --disabled-password --gecos "" tunneluser
sudo usermod -s /usr/sbin/nologin tunneluser
sudo mkdir /home/tunneluser/.ssh
sudo chown tunneluser:tunneluser /home/tunneluser/.ssh
sudo chmod 700 /home/tunneluser/.ssh
sudo chown tunneluser:tunneluser /home/tunneluser/.ssh/authorized_keys
sudo chmod 600 /home/tunneluser/.ssh/authorized_keys
sudo ufw allow 2222/tcp

/etc/ssh/sshd_config:

...
GatewayPorts yes
AllowTcpForwarding yes
...
...
Match User tunneluser
    ForceCommand /usr/bin/echo 'This account is restricted to port forwarding only.'
    AllowTcpForwarding yes

sudo systemctl restart sshd

Connect

[Optional; cause service used] From source (tunnel issuer) - Initiate tunnel:

autossh -N -R 2222:localhost:22 tunneluser@<hostname> -I <identityfile>

From user (not from server and tunnel issuer):

ssh sourceuser@<hostname> -I <identityfile> -p 2222