Reverse ssh tunnels: Difference between revisions
From dtype.org
No edit summary |
|||
Line 36: | Line 36: | ||
ssh -o StrictHostKeyChecking=no \ | ssh -o StrictHostKeyChecking=no \ | ||
-o UserKnownHostsFile=/dev/null \ | -o UserKnownHostsFile=/dev/null \ | ||
-o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@ | -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@junkvariable</nowiki> |
Revision as of 20:06, 1 August 2021
/etc/systemd/system/j1.service
[Unit] Description=Service to maintain an ssh reverse tunnel Wants=network-online.target After=network-online.target StartLimitIntervalSec=0 [Service] Type=simple Environment="J1HOST=c1" Environment="J1RAND=0" ExecStart= ExecStart=/usr/bin/ssh -qNn \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=3 \ -o ExitOnForwardFailure=yes \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o StreamLocalBindUnlink=yes \ -i /root/.ssh/id_rsa \ -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \ r@j1.alt.org Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
authorized_keys (on jump server)
command="/bin/false",no-agent-forwarding,no-X11-forwarding,permitopen="255.255.255.255:9" ssh-rsa AAAA...
jump.sh (from initiating machine)
# for now this just grabs the first thing of this name, even if there are multiple RANDS SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1) ssh -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@junkvariable