summaryrefslogtreecommitdiff
path: root/autossh/systemd/system/autossh@.service
blob: 72eb4e3e987d38639a0a914ef058552172838cde (plain) 
    

  1. # systemd implementation of autossh
    2. 

  2. #
    3. 

  3. # On $CLIENT
    4. 

  4. #  * Create keypair (no passphrase):
    5. 

  5. #    ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$SERVER
    6. 

  6. #  * Show pubkey:
    7. 

  7. #    cat ~/.ssh/id_ed25519_$SERVER.pub
    8. 

  8. #
    9. 

  9. # On $SERVER
    10. 

  10. #  * Create locked-down user
    11. 

  11. #    adduser --system --group --force-badname $CLIENT
    12. 

  12. #  * Accept connections from $CLIENT (copy pubkey from above):
    13. 

  13. #    su -s /bin/sh -c "mkdir -p ~/.ssh" - $CLIENT
    14. 

  14. #    su -s /bin/sh -c "echo '$PUBKEY' > ~/.ssh/authorized_keys" - $CLIENT
    15. 

  15. #
    16. 

  16. # On $CLIENT
    17. 

  17. #  * Test (and approve) connection to $SERVER:
    18. 

  18. #    ssh -i /root/.ssh/id_ed25519_$SERVER $CLIENT@$SERVER
    19. 

  19. #  * Copy this file to /etc/systemd/system/autossh@.service
    20. 

  20. #  * Register with systemd, activate, and verify:
    21. 

  21. #    systemctl enable autossh@$SERVER
    22. 

  22. #    service autossh@$SERVER start
    23. 

  23. #    service autossh@$SERVER status
    24. 

  24. #
    25. 

  25. # On $SERVER
    26. 

  26. #  * Locate port:
    27. 

  27. #    lsof -nai TCP -a -u $CLIENT
    28. 

  28. #  * Connect:
    29. 

  29. #    ssh -p $PORT 127.0.0.1
    30. 

  30. 

  31. [Unit]
    32. 

  32. Description=SSH tunnel for %i
    33. 

  33. 

  34. [Service]
    35. 

  35. Type=simple
    36. 

  36. Restart=always
    37. 

  37. RestartSec=1min
    38. 

  38. ExecStart=/usr/bin/ssh -i /root/.ssh/id_ed25519_%i -o BatchMode=yes -o ExitOnForwardFailure=yes -o IPQoS=lowdelay -o ServerAliveInterval=10 -CNR 0:127.0.0.1:22 %H@%i
    39. 

  39. 

  40. [Install]
    41. 

  41. WantedBy=multi-user.target
    42.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-28 03:33:56 +0000