Skip to content

Instantly share code, notes, and snippets.

@dayne

dayne/0_autossh_on_reboot.md

Last active March 22, 2023 03:13
Show Gist options
  • Save dayne/5653f864a3de06f238648cb087597512 to your computer and use it in GitHub Desktop.
Save dayne/5653f864a3de06f238648cb087597512 to your computer and use it in GitHub Desktop.
Download ZIP
autossh on reboot
Raw
0_autossh_on_reboot.md

A script (that needs some work) that documents for me how to setup and launch an autossh session to a cloud server. Not really useful for others.

Server Setup

If you want to setup your own server though the steps are: Create the remote cloud server autossh account (Only need to do this once)

useradd -m -s /bin/false autossh
mkdir ~autossh/.ssh && chmod 700 ~autossh/.ssh
touch ~autossh/.ssh/authorized_keys && chmod 600 ~autossh/.ssh/authorized_keys
chown -R autossh.autossh ~autossh/.ssh

Client/remote box setup

For eachbox you want autossh installed onto steps:

curl https://gist.githubusercontent.com/dayne/5653f864a3de06f238648cb087597512/raw/setup-autossh.sh | bash

or curl https://git.io/fpwsk | bash

After running that you need to do the following steps:

  • Add the ~/.ssh/id_rsa-autossh.pub key to autossh@cloud_server:.ssh/authorized_keys
    • curl --upload-file $HOME/.ssh/id_rsa-autossh.pub https://transfer.sh/pubkey.txt can help copy-n-paste if needed
  • Ensure the cloud server ssh key is known to the user account
    • ssh cloud_server and accept the key
    • or I should upgrade:
    ssh-keyscan -H n1nj4.net > ~/.ssh/known_hosts
ssh-keyscan -H `host n1nj4.net | awk '{print $NF}'` > ~/.ssh/known_hosts
  • Modify ~/.local/autossh-on-reboot.sh to use the proper name of cloud_server (or setup the below .ssh/config line)
    • vi ~/.local/autossh-on-reboot.cfg and set any vairables needed for configuration - at minimum you likely need to set `CLOUD_S
  • Test it out

Here is an example of how to setup your workstation to be able to type ssh remote_box and have that session proxy jump through cloud_server and through the autossh tunnel.

Host cloud_server
  Hostname 1.2.3.4
  User  ubuntu
Host remote_box
  User pi
  Hostname localhost
  Port 50322
  ProxyJump cloud_server
Raw
autossh-on-reboot.sh
#!/bin/bash
# Autossh on reboot
#
# https://linuxaria.com/howto/permanent-ssh-tunnels-with-autossh
#
# Local box:
# ssh-keygen -t rsa -N "" -C autossh-${HOSTNAME} -f ${HOME}/.ssh/id_rsa-autossh
# cat ${HOME}/.ssh/id_rsa-autossh.pub
# crontab -e
# @reboot $HOME/.local/autossh-on-reboot.sh
#
# Remote (cloud server) server:
# useradd -m -s /bin/false autossh
# mkdir ~autossh/.ssh && chmod 700 ~autossh/.ssh
# touch ~autossh/.ssh/authorized_keys && chmod 600 ~autossh/.ssh/authorized_keys
# # insert the contents of id_rsa-autossh.pub into the authorized_keys files
#
# Example: Flip it around: forward remote 5022 to local 50322
# -NL 50322:localhost:5022 \
#
# Todo: env variables for user@system and remote port
# load the cfg if it is exists
test -f $HOME/.local/autossh-on-reboot.cfg && source ${_}
# set default settings not already set in environment or from the cfg file
test -n "$AUTOSSH_LOCAL_PORT" || AUTOSSH_LOCAL_PORT=22
test -n "$AUTOSSH_REMOTE_PORT" || AUTOSSH_REMOTE_PORT=50022
test -n "$AUTOSSH_SERVER_HOST" || AUTOSSH_SERVER_HOST="cloud_server_address"
test -n "$AUTOSSH_SERVER_USER" || AUTOSSH_SERVER_USER="autossh"
test -n "$AUTOSSH_SERVER_PORT" || AUTOSSH_SERVER_PORT=22
test -n "$AUTOSSH_IDENTITY" || AUTOSSH_IDENTITY="$HOME/.ssh/id_rsa-autossh"
if [ -t 0 ]; then
# interactive shell, report our plan/config:
echo "($AUTOSSH_LOCAL_PORT) $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST:$AUTOSSH_SERVER_PORT ($AUTOSSH_REMOTE_PORT)"
echo ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
exit
fi
autossh \
-f \
-M 0 \
-N \
-o ExitOnForwardFailure=yes \
-i $AUTOSSH_IDENTITY \
-o "ServerAliveInterval 30" \
-o "ServerAliveCountMax 3" \
-R $AUTOSSH_REMOTE_PORT:localhost:$AUTOSSH_LOCAL_PORT \
$AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST \
-p $AUTOSSH_SERVER_PORT
Raw
setup-autossh.sh
#!/bin/bash
function install_autossh() {
which autossh > /dev/null 2>&1
if [ $? -ne 0 ]; then
sudo apt install autossh
if [ $? -ne 0 ]; then
echo "autossh not found and failed to apt install it"
echo "install autossh and then try this again"
exit 1
fi
else
echo "autossh found - skipping install"
fi
}
function create_autossh_key() {
if [ ! -d $HOME/.ssh ]; then
mkdir $HOME/.ssh
chmod 700 $HOME/.ssh
fi
if [ ! -f $HOME/.ssh/id_rsa-autossh ]; then
echo "creating id_rsa-autossh key"
ssh-keygen -t rsa -N "" -C autossh-logger -f $HOME/.ssh/id_rsa-autossh
cat $HOME/.ssh/id_rsa-autossh.pub
else
echo "id_rsa-autossh already exists - skipping creation"
fi
}
function install_reboot_script() {
if [ ! -d $HOME/.local ]; then
mkdir $HOME/.local
fi
if [ ! -f $HOME/.local/autossh-on-reboot.sh ]; then
echo "downloading autossh-on-reboot.sh"
curl -o $HOME/.local/autossh-on-reboot.sh https://gist.githubusercontent.com/dayne/5653f864a3de06f238648cb087597512/raw/autossh-on-reboot.sh
chmod +x $HOME/.local/autossh-on-reboot.sh
else
echo "$HOME/.local/autossh-on-reboot.sh found - skipping download"
fi
}
function setup_cronjob() {
crontab -l | grep autossh-on-reboot > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "setting up crontab to launch autossh-on-reboot.sh"
echo "@reboot $HOME/.local/autossh-on-reboot.sh" > /tmp/autossh.crontab
crontab /tmp/autossh.crontab
rm /tmp/autossh.crontab
else
echo "autossh-on-reboot.sh found in crontab already - skipping crontab setup"
fi
}
install_autossh
create_autossh_key
install_reboot_script
setup_cronjob
echo
echo
curl --upload-file $HOME/.ssh/id_rsa-autossh.pub https://transfer.sh/pubkey.txt
echo
echo "put that pub key in place"
echo "don't forget to add the remote ssh key identity (just manually run autossh-on-reboot.sh)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment