Skip to content

Instantly share code, notes, and snippets.

@ssalonen

ssalonen/OpenWrt SSH tunnel.md

Last active May 20, 2025 18:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ssalonen/9755dfd631a60951a369d563bb20cd71 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ssalonen/9755dfd631a60951a369d563bb20cd71 to your computer and use it in GitHub Desktop.
Download ZIP
OpenWrt SSH tunnel
Raw
OpenWrt SSH tunnel.md

Short how-to for creating a reverse ssh tunnel to a remote server. Useful for breaking NATted connection for example.

  1. At OpenWrt:
opkg update
opkg install sshtunnel
  1. At remote server: create client ssh keys
ssh-keygen -b 2048 -t rsa

Move the resulting private key to OpenWrt /root/.ssh/id_rsa, and assign chmod 600.

  1. At remote server: Authorize OpenWrt client at remote server (authorized_keys)

  2. At OpenWrt: Store remote host public key as known host

ssh MYUSER@REMOTEHOST
# accept yes, and press ctrl + c
  1. At OpenWrt: Enable service (Start on bootup)
/etc/init.d/sshtunnel enable
  1. At OpenWrt: Start service
/etc/init.d/sshtunnel start
  1. At OpenWrt: configure sshtunnel

See https://wiki.openwrt.org/doc/uci/sshtunnel for more information

Example configuration

config server myremote
	option user	myuser
	option hostname	remotehost
	option IdentityFile	/root/.ssh/id_rsa
	option retrydelay	5
	option ServerAliveInterval	30
	option ServerAliveCountMax	3
	option LogLevel		DEBUG1

config tunnelR sshtunnel
	option server	myremote
	option remoteport	44423
	option remoteaddress	*
	option localport	22
	option localaddress	127.0.0.1

/etc/init.d/sshtunnel reload

@ssalonen
Copy link
Copy Markdown
Author

ssalonen commented Jun 1, 2017

In order to allow binding to all interfaces, server configuration might need changing, see this comment in stackoverflow.com on GatewayPorts setting.

@lavinkabul
Copy link
Copy Markdown

lavinkabul commented Jan 23, 2023

Great article. But I have password authorization on an ssh server (Ubuntu). Is there any way to automate the connection using sshtunnel to my Ubuntu server by password?

@stokito
Copy link
Copy Markdown

stokito commented Jun 3, 2023

@lavinkabul no, it's not possible. You need to setup the Public Key Auth. It's like a password that is stored in a file. But splitted into public key id_rsa.pub and a secret id_rsa.

@stokito
Copy link
Copy Markdown

stokito commented Jun 21, 2023

The new wiki page about the sshtunnel is https://openwrt.org/docs/guide-user/services/ssh/sshtunnel
@samaaron I created a Luci app to configure the SSH tunnel openwrt/luci#6424
Could you please try it and give a feedback?

@stokito
Copy link
Copy Markdown

stokito commented Feb 13, 2024

For Ubuntu and other desktop Linux I created the https://github.com/yurt-page/sshtunnel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment