Reverse ssh tunnels: Difference between revisions

From dtype.org
(Created page with "== /etc/systemd/system/j1.service == <nowiki>[Unit] Description=Service to maintain an ssh reverse tunnel Wants=network-online.target After=network-online.target StartLimitIn...")
 
No edit summary
Line 1: Line 1:
== /etc/systemd/system/j1.service ==
== /etc/systemd/system/j1.service ==


<nowiki>[Unit]
<nowiki>[Unit]
Description=Service to maintain an ssh reverse tunnel
Description=Service to maintain an ssh reverse tunnel
Wants=network-online.target
Wants=network-online.target
Line 27: Line 27:
[Install]
[Install]
WantedBy=multi-user.target</nowiki>
WantedBy=multi-user.target</nowiki>
== jump.sh (from initiating machine) ==
<nowiki># for now this just grabs the first thing of this name, even if there are multiple RANDS
SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1)
ssh -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@localhost</nowiki>

Revision as of 20:01, 1 August 2021

/etc/systemd/system/j1.service

[Unit]
Description=Service to maintain an ssh reverse tunnel
Wants=network-online.target
After=network-online.target
StartLimitIntervalSec=0

[Service]
Type=simple
Environment="J1HOST=c1"
Environment="J1RAND=0"
ExecStart=
ExecStart=/usr/bin/ssh -qNn \
  -o ServerAliveInterval=30 \
  -o ServerAliveCountMax=3 \
  -o ExitOnForwardFailure=yes \
  -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o StreamLocalBindUnlink=yes \
  -i /root/.ssh/id_rsa \
  -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \
  r@j1.alt.org
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

jump.sh (from initiating machine)

# for now this just grabs the first thing of this name, even if there are multiple RANDS
SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1)
ssh -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@localhost