Reverse ssh tunnels
From dtype.org
/etc/systemd/system/j1.service
[Unit] Description=Service to maintain an ssh reverse tunnel Wants=network-online.target After=network-online.target StartLimitIntervalSec=0 [Service] Type=simple Environment="J1HOST=c1" Environment="J1RAND=0" ExecStart= ExecStart=/usr/bin/ssh -qNn \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=3 \ -o ExitOnForwardFailure=yes \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o StreamLocalBindUnlink=yes \ -i /root/.ssh/id_rsa \ -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \ r@j1.alt.org Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
jump.sh (from initiating machine)
# for now this just grabs the first thing of this name, even if there are multiple RANDS SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1) ssh -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@localhost