Skip to content

Instantly share code, notes, and snippets.

@niflostancu

niflostancu/AutoSSH.md

Last active January 7, 2025 08:28
Show Gist options
  • Save niflostancu/4eda8afa500709efe3cc25ff1a648f8e to your computer and use it in GitHub Desktop.
Save niflostancu/4eda8afa500709efe3cc25ff1a648f8e to your computer and use it in GitHub Desktop.
Download ZIP
Autossh tutorial for reverse SSH tunneling (using a systemd service)
Raw
AutoSSH.md

Prerequisites:

  • the device you're trying to access (behind NAT);
  • a public SSH server (you need root access + custom sshd configuration to forward ports on 0.0.0.0, otherwise you can use jump hosts);

Setup steps:

  • install autossh on the device behind nat;
  • generate a private ssh key pair to /etc/ssh/id_autossh;
  • authorize the public key on the public server (you may optionally create a limited account);
  • create /etc/systemd/system/autossh.service and /etc/ssh/autossh.vars and fill it with your specific setup variables;
  • systemctl daemon-reload && systemctl restart autossh && systemctl enable autossh
  • check systemctl status autossh && netstat -tlnp on the public server';
Raw
autossh.service
[Unit]
Description=AutoSSH Reverse Port Forwarding
Wants=network-online.target
After=network.target network-online.target
StartLimitInterval=0
[Service]
Type=simple
User=root
EnvironmentFile=/etc/ssh/autossh.vars
ExecStart=/usr/bin/autossh -M 0 -N -o "ServerAliveInterval 60" \
-o "ServerAliveCountMax 3" -o StrictHostKeychecking=no -o ExitOnForwardFailure=yes \
-o UserKnownHostsFile=/dev/null -p ${AUTOSSH_SSH_PORT} -l ${AUTOSSH_SSH_USER} \
-i /etc/ssh/id_autossh ${AUTOSSH_SSH_HOST} \
-R 0.0.0.0:${AUTOSSH_FORWARD_PORT}:127.0.0.1:22
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
Raw
autossh.vars
AUTOSSH_SSH_HOST=public-server.example.com
AUTOSSH_SSH_PORT=22
AUTOSSH_SSH_USER=autossh
AUTOSSH_FORWARD_PORT=10001
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment