On Tue, Aug 25, 2020 at 9:23 PM Alex Regan <[email protected]> wrote:
> Hi, I have a fedora32 system behind a firewall without any access from > the outside. I'd like to build a reverse ssh tunnel so I can get to it > from my remote location while working remotely. I'm familiar with how > remote ssh tunnels work, but can't quite get systemctl to create a > proper service, presumably because ssh expects to be tied to a terminal. > > I've built the following shell script. I believe "bash -s" can be used > to spawn processes not connected to a terminal. > > # cat /etc/init.d/ssh-tunnel.sh > #!/bin/bash -s > ssh -i /root/.ssh/orion-key -R 43022:localhost:22 [email protected] > I was using this script in a unit file, but got closer to what I want by > placing the ssh command itself into the unit file as the ExecStart > parameter. > > # cat /etc/systemd/system/connection.service > [Unit] > Description=Reverse SSH to orion > After=network.target > > [Service] > Type=forking > #EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin > #EnvironmentFile=-/etc/sysconfig/sshd > #ExecStart=/etc/init.d/ssh-tunnel.sh > ExecStart=ssh -tt -i /root/.ssh/orion-key -R 43022:localhost:22 > [email protected] > #ExecReload=/bin/kill -HUP $MAINPID > User=root > KillMode=process > Restart=on-failure > #RestartSec=42s > > [Install] > WantedBy=multi-user.target > I also read that -tt can be passed to ssh to start it on a pseudo-terminal. > > I then added the unit file as a service using "systemctl enable > connection.service" > > Can someone guide me on the unit parameters I should be using for this? > Should Type=forking? There is already a service which does what you are trying to accomplish called autossh. Steps to work: $ sudo dnf install autossh Place config file into /etc/autossh for example, for the config file name I use the ipaddress without spaces and the remote port (because sometimes I need more than one remote port). /etc/autossh/ipaddress-port OPTIONS=-i /path/to/private/key -M 10985 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -o "StrictHostKeyChecking=no" -tt -R 6667:localhost:22 [email protected] $ sudo systemctl start autossh@ipaddress-port $ sudo systemctl enable autossh@ipaddress-port Regards, -Jamie
_______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
