# systemd implementation of autossh # # On $CLIENT # * Create keypair (no passphrase): # ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$SERVER # * Show pubkey: # cat ~/.ssh/id_ed25519_$SERVER.pub # # On $SERVER # * Create locked-down user # adduser --system --group --force-badname $CLIENT # * Accept connections from $CLIENT (copy pubkey from above): # su - olav.jones.dk -c "mkdir -p ~/.ssh" # su - olav.jones.dk -c "echo '$PUBKEY' > ~/.ssh/authorized_keys" # # On $CLIENT # * Test (and approve) connection to $SERVER: # ssh -i /root/.ssh/id_ed25519_$SERVER $CLIENT@$SERVER # * Copy this file to /etc/systemd/system/autossh@.service # * Register with systemd, activate, and verify: # systemctl enable autossh@$SERVER # service autossh@$SERVER start # service autossh@$SERVER status # # On $SERVER # * Locate port: # lsof -nai TCP -a -u olav.jones.dk # * Connect: # ssh -p $PORT 127.0.0.1 [Unit] Description=SSH tunnel for %i [Service] Type=simple Restart=always RestartSec=1min ExecStart=/usr/bin/ssh -i /root/.ssh/id_ed25519_%i -o BatchMode=yes -o ExitOnForwardFailure=yes -o IPQoS=lowdelay -o ServerAliveInterval=10 -CNR 0:127.0.0.1:22 %H@%i [Install] WantedBy=multi-user.target h=master'>summaryrefs log tree commit diff

path: root/tags/d1/4b/87wr5xpol8.fsf@debian.home/signed

diff options

Diffstat (limited to 'tags/d1/4b/87wr5xpol8.fsf@debian.home/signed')

-rw-r--r--

tags/d1/4b/87wr5xpol8.fsf@debian.home/signed

1 files changed, 0 insertions, 0 deletions


context:
space:
mode: