Skip to content

Instantly share code, notes, and snippets.

@qaisjp

qaisjp/autossh-reverse-tunnel.md

Last active May 4, 2022 23:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save qaisjp/a8f9d1d14c5d715321280f929c9e53cd to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save qaisjp/a8f9d1d14c5d715321280f929c9e53cd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
autossh-reverse-tunnel.md

Setting up an autossh reverse tunnel

1. Set up sshtunnel user

Follow this tutorial until step five-ish

If the test does not work because of "public key" issues, run sudo passwd sshtunnel on the server to change the password of the user. (If sudo tail -f /var/log/auth.log says the account is locked, this will be the issue.)

authorized_keys should look a little like:

no-agent-forwarding,no-user-rc,no-X11-forwarding,no-pty,command="/bin/echo do-not-send-commands" ssh-rsa KEYHERE

2. Create the service.

  1. sudo vi /etc/systemd/system/autossh-ssh-tunnel.service
  2. Add this to the contents (replacing SERVERHERE appropriately): 
    [Unit]
Description=AutoSSH reverse ssh tunnel
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -vNR 2201:localhost:22 SERVERHERE
User=sshtunnel

[Install]
WantedBy=multi-user.target
  3. systemctl daemon-reload to tell systemd we've changed the config
  4. systemctl start autossh-mysql-tunnel.service to start the service
  5. systemctl stop autossh-mysql-tunnel.service to stop the service
  6. systemctl status autossh-mysql-tunnel.service to check the status of the service
  7. systemctl enable autossh-mysql-tunnel.service to ensure the service starts on boot

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment