Reverse ssh tunnels: Difference between revisions
From dtype.org
Line 19: | Line 19: | ||
-o UserKnownHostsFile=/dev/null \ | -o UserKnownHostsFile=/dev/null \ | ||
-o StreamLocalBindUnlink=yes \ | -o StreamLocalBindUnlink=yes \ | ||
-o BatchMode=yes \ | |||
-i /root/.ssh/id_rsa \ | -i /root/.ssh/id_rsa \ | ||
-R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \ | -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \ |
Revision as of 20:09, 1 August 2021
/etc/systemd/system/j1.service
[Unit] Description=Service to maintain an ssh reverse tunnel Wants=network-online.target After=network-online.target StartLimitIntervalSec=0 [Service] Type=simple Environment="J1HOST=c1" Environment="J1RAND=0" ExecStart= ExecStart=/usr/bin/ssh -qNn \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=3 \ -o ExitOnForwardFailure=yes \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o StreamLocalBindUnlink=yes \ -o BatchMode=yes \ -i /root/.ssh/id_rsa \ -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \ r@j1.alt.org Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
authorized_keys (on jump server)
command="/bin/false",no-agent-forwarding,no-X11-forwarding,permitopen="255.255.255.255:9" ssh-rsa AAAA...
jump.sh (from initiating machine)
# for now this just grabs the first thing of this name, even if there are multiple RANDS SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1) ssh -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@junkvariable