Last active
August 25, 2020 07:38
-
-
Save suma/8134207 to your computer and use it in GitHub Desktop.
Autossh init script(Ubuntu) for reverse ssh tunneling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| ### BEGIN INIT INFO | |
| # Provides: autosshd | |
| # Required-Start: $remote_fs $syslog | |
| # Required-Stop: $remote_fs $syslog | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: autosshd initscript | |
| # Description: This file should be used to construct scripts to be | |
| # placed in /etc/init.d. | |
| ### END INIT INFO | |
| # | |
| # autosshd This script starts and stops the autossh daemon | |
| # | |
| # chkconfig: 2345 95 15 | |
| # processname: autosshd | |
| # description: autosshd is the autossh daemon. | |
| # Load the VERBOSE setting and other rcS variables | |
| . /lib/init/vars.sh | |
| # Define LSB log_* functions. | |
| # Depend on lsb-base (>= 3.2-14) to ensure that this file is present | |
| # and status_of_proc is working. | |
| . /lib/lsb/init-functions | |
| # Check that networking is up. | |
| #[ ${NETWORKING} = "no" ] && exit 0 | |
| PATH=/sbin:/usr/sbin:/bin:/usr/bin | |
| NAME=autossh | |
| DAEMON=/usr/bin/$NAME | |
| TUNNEL_HOST="your public ssh server" | |
| TUNNEL_PORT=90022 | |
| DAEMON_ARGS=" -M 0 -f -nNT -i PATH_TO_YOUR/id_rsa -R $TUNNEL_PORT:localhost:22 $TUNNEL_HOST" | |
| DESC="autossh for reverse ssh" | |
| PIDFILE=/var/run/$NAME.pid | |
| export AUTOSSH_PIDFILE=$PIDFILE | |
| SCRIPTNAME=/etc/init.d/$NAME | |
| # | |
| # Function that starts the daemon/service | |
| # | |
| do_start() | |
| { | |
| # Return | |
| # 0 if daemon has been started | |
| # 1 if daemon was already running | |
| # 2 if daemon could not be started | |
| start-stop-daemon --start --quiet --exec $DAEMON --test > /dev/null \ | |
| || return 1 | |
| start-stop-daemon --start --quiet --exec $DAEMON -- \ | |
| $DAEMON_ARGS \ | |
| || return 2 | |
| # Add code here, if necessary, that waits for the process to be ready | |
| # to handle requests from services started subsequently which depend | |
| # on this one. As a last resort, sleep for some time. | |
| } | |
| # | |
| # Function that stops the daemon/service | |
| # | |
| do_stop() | |
| { | |
| # Return | |
| # 0 if daemon has been stopped | |
| # 1 if daemon was already stopped | |
| # 2 if daemon could not be stopped | |
| # other if a failure occurred | |
| start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME | |
| RETVAL="$?" | |
| [ "$RETVAL" = 2 ] && return 2 | |
| # Wait for children to finish too if this is a daemon that forks | |
| # and if the daemon is only ever run from this initscript. | |
| # If the above conditions are not satisfied then add some other code | |
| # that waits for the process to drop all resources that could be | |
| # needed by services started subsequently. A last resort is to | |
| # sleep for some time. | |
| start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON | |
| [ "$?" = 2 ] && return 2 | |
| # Many daemons don't delete their pidfiles when they exit. | |
| rm -f $PIDFILE | |
| return "$RETVAL" | |
| } | |
| # | |
| # Function that sends a SIGHUP to the daemon/service | |
| # | |
| case "$1" in | |
| start) | |
| [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" | |
| do_start | |
| case "$?" in | |
| 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |
| 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |
| esac | |
| ;; | |
| stop) | |
| [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" | |
| do_stop | |
| case "$?" in | |
| 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |
| 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |
| esac | |
| ;; | |
| status) | |
| status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? | |
| ;; | |
| *) | |
| echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2 | |
| exit 3 | |
| ;; | |
| esac | |
| : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host remote_name | |
| HostName 127.0.0.1 # or use your any hostname wrote to /etc/hosts in public ssh server | |
| ProxyCommand ssh your_public_ssh_server nc localhost 90022 |
hello
is it possible use a different ssh user than root? i tried multiple options:
- -l other_user
- --user argument for start-stop-daemon
- setting DAEMON_USER variable to other user
nothing seems to work.
any suggestions would be appreciated.
thanks in advance.
Hello,
You can write username on TUNNEL_HOST variable.
TUNNEL_HOST="user@your_public_ssh_server"
For some people experiencing this kindof errors:
- Too many authentication failures (you have a lot of keys into your ~/.ssh, without a complete ~/.ssh/config)
- The server unknown in your ~/.ssh/known_hosts
Add more options to your ssh command: -o IdentitiesOnly=yes -o StrictHostKeyChecking=no
This is especially true when it does not work as root, but sudo.
Also note that:
- you do not use the autossh monitoring in this example. With monitoring enabled the stop command will not kill the "ssh" process
- you should rather use the binary and not the wrapper of autossh :
DAEMON=/usr/lib/autossh/autossh
Interesting source about PID file management with autossh: http://stackoverflow.com/questions/34094792/autossh-pid-is-not-equal-to-the-one-in-pidfile-when-using-start-stop-daemon
Here is my own gist, based on yours: https://gist.github.com/Clement-TS/48ae8d23f6452cd1a3a071640c1bd07b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
are you having any trouble keeping the ssh tunnel open???
i cant seem to get a stable connection from raspberry pi to a vps
any ideas?