start autossh reverse tunnel automatically when network comes up

ssh ssh-tunneling bash-script
13,717

OK, finally got it working. The details are in this question: Remote desktop over SSH reverse tunnel to replace TeamViewer

In summary:

On desktop (that will receive support): 

su -l -c "autossh -M 5234 -N -f -R 1234:localhost:22 [email protected] &" username

On laptop (giving support):

me@laptop:~/.ssh$ nano config

Host family_desktops
  ProxyCommand ssh middleman_fqdn nc localhost %p
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then I just connect to "remote desktop" in one step:

me@laptop:~$ ssh family_desktops -p 1234

Share:
13,717

Related videos on Youtube

Jarek
Author by

Jarek

You may be interested in the story of SE moderator Monica Cellio and how she was unfairly treated by the corporate management of this site. More info here. An update is available. Let's hope we can cultivate a more fair environment for content creators and moderators going forward.

Updated on September 18, 2022

Comments

  • Jarek
    Jarek almost 2 years

    I connect from my home PC thru an Internet server I own to a restricted client (that I also own) using a reverse ssh tunnel.

    I have a script that sets up the restricted client to middleman leg of this ssh tunnel. It works fine if I execute the script manually. Here it is:

    #!/bin/sh
autossh -M 12399 -oPubkeyAuthentication=yes -oPasswordAuthentication=no -oLogLevel=error  -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -i ~/.ssh/named_id_rsa -R 12345:localhost:22 [email protected] -p 22

    I want to have it run automatically whenever the network is up on this machine.

    To accomplish this I thought about saving it as: /etc/network/if-up.d/reverse_ssh_tunnel.sh

    I know I would have to remove "~/" and specify the full path to the private key as home/username/.ssh/named_id_rsa.

    I suspect I'll have to use su -c my_script_name username, but I can't get that to work. Solving this part of my question is the most important. It needs to be fully automatic & unattended.

    To connect from my home, I do two manual steps:

    A. ssh home -> middleman
    B. ssh middleman -> restricted client

    Can A & B be done in a single step? (This would be nice, but not essential.)

    In summary:

    1. Ideally, I'd like to do A & B in one step, manually.
    2. And I need the restricted client -> middleman autossh connection to be fully automatic.
  • Mcol
    Mcol over 9 years
    Nice tip for supporting *nix boxes, but this won't replace Teamviewer for supporting Wind*ws environments.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Enabling system management privileges for non-local users - How the heck does `polkit` work, anyways?
Forward all ports SSH
My reverse-ssh tunnel is using keepalives but they're not helping
SSH tunnel hanging
Can sshd restrict client tunnel endpoints to localhost?
How to parameterize the LocalForward option in ssh_config?
How to print from remote over SSH to local LAN printer?
SSH jumping over socks(4/5) proxy chain. Host -> socks proxy -> socks proxy -> destination
Establishing client VNC connection over SSH in one step (e.g., with the -via option)
Double port forwarding - SSH