Skip to content

Instantly share code, notes, and snippets.

@johnandersen777

johnandersen777/README-setup-tunnel-as-systemd-service.md

Forked from drmalex07/README-setup-tunnel-as-systemd-service.md
Last active September 14, 2020 17:11
Show Gist options
  • Save johnandersen777/aaea638f7ea9955b4c07a1fd893b42a7 to your computer and use it in GitHub Desktop.
Save johnandersen777/aaea638f7ea9955b4c07a1fd893b42a7 to your computer and use it in GitHub Desktop.
Download ZIP
Setup a secure (SSH) tunnel as a systemd service. #systemd #ssh #ssh-tunnel #ssh-forward
Raw
README-setup-tunnel-as-systemd-service.md

README

Create a template service file at /etc/systemd/system/[email protected]. The template parameter will correspond to the name of target host:

[Unit]
Description=Setup a secure tunnel to %I
After=network.target

[Service]
User=$USER
Group=$USER
EnvironmentFile=/etc/default/secure-tunnel@%i
ExecStart=/usr/bin/ssh -nNT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${REMOTE_ADDR}:${REMOTE_PORT}:${LOCAL_ADDR}:${LOCAL_PORT} ${TARGET}
# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target

We need a configuration file (inside /etc/default) for each target host we will be creating tunnels for. For example, let's assume we want to tunnel to a host named jupiter (probably aliased in /etc/hosts). Create the file at /etc/default/secure-tunnel@example:

TARGET=example.com
LOCAL_ADDR=127.0.0.1
LOCAL_PORT=22
REMOTE_ADDR=127.0.0.1
REMOTE_PORT=2222

Note that for the above to work we need to have allready setup a password-less SSH login to target (e.g. by giving access to a non-protected private key).

ssh-copy-id [email protected]

Now we can enable it, so it get's started at boot time:

sudo systemctl enable --now [email protected]
sudo systemctl status [email protected]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment