Refer to your distribution's documentation for information on how to enable it. Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. To have this tunnel automatically start if the system is rebooted, add a call to the script to rc.local. Make sure you mark the script as executable with:
You can also use -L to change the direction of the port forwarding from Remote to Local and have the initiating system forward data over the tunnel the the remote. Su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:3306:localhost:3306 would allow the target (remote) system to access the local (system initiating the SSH tunnel) system's MySQL server over the tunnel. Ubuntu 14. You can also do that with ssh alone, but autossh comes with added features that are worthwhile exploring and using. Username and domain to use when SSHing to target system With autossh you can establish an SSH reverse tunnel from a given system, provided it can reach some other machine via SSH outside its own network. Localhost or IP address on system initiating tunnel To prevent the possibility of trying to open a failed SSH. Su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R ::: or IP address on target system Needs to be greater than ServerAliveInterval or and ClientAliveInterval, especially for tunnels. # Uses autossh to establish a tunnel to for the Graylog Collector Sidecar Autossh automatically restarts the SSH tunnel when it exits.Ĭopy the following script, making the necessary changes as specified between the and place on the system that will initiate the tunnel (usually /opt):
#PERSISTENT SSH TUNNEL INSTALL#
You will need to install the autossh program on the system that will initiate the SSH tunnel. Note: It is recommended that you also create a normal user on the remote system and not use root. You will need to copy id_rsa.pub file from /home/useradd/.ssh/ to the authorized_keys file on the remote system you want to connect to for the tunnel. Once done, exit back to your normal user shell Now switch to the user and generate an SSH key:
This will prevent user logins to the system. Note: This user does not have a password assigned or a shell. This will allow you to forward non-privileged ports over 1024. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.įirst you will create the user you will use for the tunnel. The following is how to create a persistent SSH Tunnel between two systems.
0 kommentar(er)
