Reverse ssh tunnels

From dtype.org
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

/etc/systemd/system/j1.service

[Unit]
Description=Service to maintain an ssh reverse tunnel
Wants=network-online.target
After=network-online.target
StartLimitIntervalSec=0

[Service]
Type=simple
Environment="J1HOST=c1"
ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment J1RAND=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20)"
ExecStart=/usr/bin/ssh -qNn \
  -o ServerAliveInterval=30 \
  -o ServerAliveCountMax=3 \
  -o ExitOnForwardFailure=yes \
  -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o StreamLocalBindUnlink=yes \
  -o BatchMode=yes \
  -i /root/.ssh/id_rsa \
  -R /home/r/socks/${J1HOST}.${J1RAND}.sock:localhost:22 \
  r@j1.alt.org
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

authorized_keys (on jump server)

command="/bin/false",no-agent-forwarding,no-X11-forwarding,permitopen="255.255.255.255:9" ssh-rsa AAAA...

jump.sh (from initiating machine)

# for now this just grabs the first thing of this name, even if there are multiple RANDS
SOCKFILE=$(ssh root@j1.alt.org find /home/r/socks -name "${1}.*" | head -n 1)
ssh -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  -o "ProxyCommand ssh root@j1.alt.org socat - UNIX-CLIENT:${SOCKFILE}" root@junkvariable
Retrieved from "https://dtype.org/index.php?title=Reverse_ssh_tunnels&oldid=2313"