summaryrefslogtreecommitdiff
path: root/autossh
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2017-04-01 23:41:16 +0200
committerJonas Smedegaard <dr@jones.dk>2017-04-01 23:41:16 +0200
commit30cb89e8017b2a9c8a0adf3665fbcfe91ea558fe (patch)
tree907dd4737a24b89162792e284a0bb9b3f198eab2 /autossh
parent4fd40f77d0c2d156c6f817c54d6cdb9977ec5837 (diff)
Systemd implementation of autossh.
Diffstat (limited to 'autossh')
-rw-r--r--autossh/systemd/system/autossh@.service41
1 files changed, 41 insertions, 0 deletions
diff --git a/autossh/systemd/system/autossh@.service b/autossh/systemd/system/autossh@.service
new file mode 100644
index 0000000..2f4d5f3
--- /dev/null
+++ b/autossh/systemd/system/autossh@.service
@@ -0,0 +1,41 @@
+# systemd implementation of autossh
+#
+# On $CLIENT
+# * Create keypair (no passphrase):
+# ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$SERVER
+# * Show pubkey:
+# cat ~/.ssh/id_ed25519_$SERVER.pub
+#
+# On $SERVER
+# * Create locked-down user
+# adduser --system --group --force-badname $CLIENT
+# * Accept connections from $CLIENT (copy pubkey from above):
+# su - olav.jones.dk -c "mkdir -p ~/.ssh"
+# su - olav.jones.dk -c "echo '$PUBKEY' > ~/.ssh/authorized_keys"
+#
+# On $CLIENT
+# * Test (and approve) connection to $SERVER:
+# ssh -i /root/.ssh/id_ed25519_$SERVER $CLIENT@$SERVER
+# * Copy this file to /etc/systemd/system/autossh@.service
+# * Register with systemd, activate, and verify:
+# systemctl enable autossh@$SERVER
+# service autossh@$SERVER start
+# service autossh@$SERVER status
+#
+# On $SERVER
+# * Locate port:
+# lsof -nai TCP -a -u olav.jones.dk
+# * Connect:
+# ssh -p $PORT 127.0.0.1
+
+[Unit]
+Description=SSH tunnel for %i
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1min
+ExecStart=/usr/bin/ssh -i /root/.ssh/id_ed25519_%i -o BatchMode=yes -o ExitOnForwardFailure=yes -o IPQoS=lowdelay -o ServerAliveInterval=10 -CNR 0:127.0.0.1:22 %H@%i
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 21:07:39 +0000