Systemd service for autossh

00-Systemd_service_for_autossh.md

Usage

Set up the host to connect to and port base to open:

export HOSTNAME=foo.bar
export JUMPHOST=jumphost.baz
export PORTBASE=1234

Create the autossh user:

sudo useradd --system --create-home --shell /usr/sbin/nologin autossh

Create the SSH key:

sudo -u autossh ssh-keygen -t ed25519
sudo -u autossh sed -i -e "s/$/ (generated on $(date +%Y-%m-%d))/" ~autossh/.ssh/id_ed25519.pub

Add the SSH key to the jumphost:

PUBKEY=$(sudo cat ~autossh/.ssh/id_ed25519.pub)
cat <<EOF
# ${HOSTNAME}: ports ${PORTBASE}4, ${PORTBASE}6
no-pty,no-X11-forwarding,permitopen="localhost:${PORTBASE}4",permitopen="localhost:${PORTBASE}6",command="/bin/echo do-not-send-commands" ${PUBKEY}
EOF

Connect to the host as autossh to add the SSH keys to known_hosts:

sudo -u autossh ssh -4 ${JUMPHOST}
sudo -u autossh ssh -6 ${JUMPHOST}

Download and fix the config files:

curl -sSL https://gist.githubusercontent.com/tdussa/f0920a329bd91b58ae58c9b4c83d45f0/raw/autossh@hostname-v4 | \
  sed -e "s/-R 4:/-R ${PORTBASE}4:/" -e "s/TARGET_HOST=.*/TARGET_HOST=${JUMPHOST}/" -e "s/autossh@hostname-/autossh@${JUMPHOST}-/" | \
  sudo tee /etc/default/autossh@${JUMPHOST}-v4
curl -sSL https://gist.githubusercontent.com/tdussa/f0920a329bd91b58ae58c9b4c83d45f0/raw/autossh@hostname-v6 | \
  sed -e "s/-R 6:/-R ${PORTBASE}6:/" -e "s/TARGET_HOST=.*/TARGET_HOST=${JUMPHOST}/" -e "s/autossh@hostname-/autossh@${JUMPHOST}-/" | \
  sudo tee /etc/default/autossh@${JUMPHOST}-v6

Download the unit file:

curl -sSL https://gist.githubusercontent.com/tdussa/f0920a329bd91b58ae58c9b4c83d45f0/raw/[email protected] | \
  sudo tee /etc/systemd/system/[email protected]

Enable and start the service:

systemctl enable --now autossh@${JUMPHOST}-v4.service
systemctl enable --now autossh@${JUMPHOST}-v6.service

Verify all is good

systemctl status autossh@${JUMPHOST}-v4.service
systemctl status autossh@${JUMPHOST}-v6.service
journalctl -u autossh@${JUMPHOST}-v4
journalctl -u autossh@${JUMPHOST}-v6

[email protected]

[Unit]
Description=Keeps an ssh tunnel to %I open
After=network-online.target ssh.service

[Service]
User=autossh
# no monitoring
Environment="AUTOSSH_PORT=0"
# Disable gatetime behaviour
Environment="AUTOSSH_GATETIME=0"
EnvironmentFile=/etc/default/autossh@%i
RestartSec=3
Restart=always

# -NT Just open the connection and do nothing (not interactive, no tty alloc)
# use /usr/bin/ssh instead of autossh is good as well
ExecStart=/usr/bin/autossh -NT -o "ExitOnForwardFailure=yes" $SSH_OPTIONS ${TARGET_HOST} $FORWARDS
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

autossh@hostname-v4

# Options for [email protected]
# Place it at /etc/default

# Save all your credential/user/port related config in ~/.ssh/config is strongly recommanded
# Leave hostname here only
TARGET_HOST=remote.example.com

# -L LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
# can set multiple forwardings here
FORWARDS=-R 4:localhost:22

# === Settings below for ADVANCED users only ===

SSH_OPTIONS=-4 -p 24 -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3"
AUTOSSH_PORT=0
AUTOSSH_GATETIME=0

autossh@hostname-v6

# Options for [email protected]
# Place it at /etc/default

# Save all your credential/user/port related config in ~/.ssh/config is strongly recommanded
# Leave hostname here only
TARGET_HOST=remote.example.com

# -L LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
# can set multiple forwardings here
FORWARDS=-R 6:localhost:22

# === Settings below for ADVANCED users only ===

SSH_OPTIONS=-6 -p 26 -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3"
AUTOSSH_PORT=0
AUTOSSH_GATETIME=0