How can I autostart a SSH -D tunnel at login for a SOCKS proxy?

ssh startup proxy tunnel

9,551

Solution 1

Set up password-less SSH login according to this answer:
- ssh-keygen (you will be prompted for a password, leave it blank)
- ssh-copy-id user@userserver (enter your SSH login password for the last time)
Add an startup entry for SSH:

enter image description here

Solution 2

How about using an ssh-key setup, as Source Lab suggested, but setting up your key with a pass phrase and make sure ssh-agent is running on your machine so it only needs to be entered once per login session.

There's a few advantages doing it that way: - You can get automated password-less login (apart from first boot/login) whenever you issue your ssh command - Your key has a pass phrase so it's safer - Using pub/private keys is very standard and will be supported by most SSH Server installations

To set up SSH key authentication:

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

To use ssh-agent/keychain (to cache the pass-phrase throughout the login session):

http://www.cyberciti.biz/faq/ssh-passwordless-login-with-keychain-for-scripts/

As far as automating the tunnel creation on startup, one idea might be to create a quick shell script which starts the tunnel:

~$ sudo cat <<EOF >> /usr/local/bin/start_tunnel.sh
ssh-add # ensure key is added to agent
ssh -D 9000 user@userserver # substitute real server in here (of course)
EOF
~$ chmod +x /usr/local/bin/start_tunnel.sh

Then add it as a startup program (System -> Preferences -> Startup Applications), should work, anyway!

9,551

SantoshKumar

Will travel for gelato, Pythonista, Seattleite sans freeze, CMU alum. Currently @stripe 👨🏻‍💻 in 🇦🇺.

Updated on September 18, 2022

Comments

SantoshKumar over 1 year
I know that if I want to start an SSH tunnel
```
ssh -d 9000 user@userserver
```
This is one solution for a dynamic tunnel to be opened on port 9000 for a user named "user" on the host "userserver"

However, how can I automate this process in Ubuntu so that I don't have to open up a terminal every time I log in and start the tunnel? I want to be SSH'd the moment I log in.

I know I could create a bash file but wouldn't I have to store my server user's password in plaintext as I would be prompted for it after the initial command?
- Admin about 13 years
  
  you can setup ssh-keys instead of using a password (see pkeck.myweb.uga.edu/ssh ), but no matter how your setup is you will be compromising security if you automate login's...
- Admin almost 13 years
  
  Not exactly about your question, but I recommend you try using sshuttle for routing your internet through a SSH. It doesn't solve password-less login issues.
SantoshKumar about 13 years

Is there anyway to do this via the network proxy section of the settings in Ubuntu? There is an option for user verification and you can pre-input your username and password? Just in case my settings ever change I wouldn't want to have to go in and redit the file.
skerit about 13 years

I'm afraid that doesn't work, not even with autossh.
Oxwivi almost 13 years

@Stefano, thank you! Half the credit goes to Rinzwind and Marco who enlightened me about password-less SSH in the first place!
Braiam over 10 years

Please bear in mind that the set up of a ssh key is dedicated. Blindly accepting all the prompts without reading what is being done could compromise your service/system.