dayne/0_autossh_on_reboot.md

## 0_autossh_on_reboot.md

      
    Raw
  

              0_autossh_on_reboot.md
            
          
    A script (that needs some work) that documents for me how to setup and launch an autossh session to a cloud server.  Not really useful for others.
Server Setup

If you want to setup your own server though the steps are:
Create the remote cloud server autossh account (Only need to do this once)
useradd -m -s /bin/false autossh
mkdir ~autossh/.ssh && chmod 700 ~autossh/.ssh
touch ~autossh/.ssh/authorized_keys && chmod 600 ~autossh/.ssh/authorized_keys
chown -R autossh.autossh ~autossh/.ssh

Client/remote box setup

For eachbox you want autossh installed onto steps:
curl https://gist.githubusercontent.com/dayne/5653f864a3de06f238648cb087597512/raw/setup-autossh.sh | bash
or
curl https://git.io/fpwsk | bash
After running that you need to do the following steps:

Add the ~/.ssh/id_rsa-autossh.pub key to autossh@cloud_server:.ssh/authorized_keys

curl --upload-file $HOME/.ssh/id_rsa-autossh.pub https://transfer.sh/pubkey.txt can help copy-n-paste if needed


Ensure the cloud server ssh key is known to the user account

ssh cloud_server and accept the key
or I should upgrade:

ssh-keyscan -H n1nj4.net > ~/.ssh/known_hosts
ssh-keyscan -H `host n1nj4.net | awk '{print $NF}'` > ~/.ssh/known_hosts


Modify ~/.local/autossh-on-reboot.sh to use the proper name of cloud_server (or setup the below .ssh/config line)

vi ~/.local/autossh-on-reboot.cfg and set any vairables needed for configuration - at minimum you likely need to set `CLOUD_S


Test it out

Here is an example of how to setup your workstation to be able to type ssh remote_box and have that session proxy jump through cloud_server and through the autossh tunnel.
Host cloud_server
  Hostname 1.2.3.4
  User  ubuntu
Host remote_box
  User pi
  Hostname localhost
  Port 50322
  ProxyJump cloud_server


## autossh-on-reboot.sh
#!/bin/bash
# Autossh on reboot
#
#  https://linuxaria.com/howto/permanent-ssh-tunnels-with-autossh
#
# Local box:
#   ssh-keygen -t rsa -N "" -C autossh-${HOSTNAME} -f ${HOME}/.ssh/id_rsa-autossh
#   cat ${HOME}/.ssh/id_rsa-autossh.pub
#   crontab -e
#   @reboot $HOME/.local/autossh-on-reboot.sh
#
# Remote (cloud server) server:
#   useradd -m -s /bin/false autossh
#   mkdir ~autossh/.ssh && chmod 700 ~autossh/.ssh
#   touch ~autossh/.ssh/authorized_keys && chmod 600 ~autossh/.ssh/authorized_keys
#   # insert the contents of id_rsa-autossh.pub into the authorized_keys files
#
#  Example: Flip it around: forward remote 5022 to local 50322
#  -NL 50322:localhost:5022  \
#
# Todo: env variables for user@system and remote port

# load the cfg if it is exists
test -f $HOME/.local/autossh-on-reboot.cfg && source ${_}

# set default settings not already set in environment or from the cfg file
test -n "$AUTOSSH_LOCAL_PORT"  || AUTOSSH_LOCAL_PORT=22
test -n "$AUTOSSH_REMOTE_PORT" || AUTOSSH_REMOTE_PORT=50022
test -n "$AUTOSSH_SERVER_HOST" || AUTOSSH_SERVER_HOST="cloud_server_address"
test -n "$AUTOSSH_SERVER_USER" || AUTOSSH_SERVER_USER="autossh"
test -n "$AUTOSSH_SERVER_PORT" || AUTOSSH_SERVER_PORT=22
test -n "$AUTOSSH_IDENTITY"    || AUTOSSH_IDENTITY="$HOME/.ssh/id_rsa-autossh"

if [ -t 0 ]; then
  # interactive shell, report our plan/config:
  echo "($AUTOSSH_LOCAL_PORT) $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST:$AUTOSSH_SERVER_PORT ($AUTOSSH_REMOTE_PORT)"

  echo ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
  ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
  exit
fi

autossh \
  -f \
  -M 0 \
  -N \
  -o ExitOnForwardFailure=yes \
  -i $AUTOSSH_IDENTITY \
  -o "ServerAliveInterval 30" \
  -o "ServerAliveCountMax 3" \
  -R $AUTOSSH_REMOTE_PORT:localhost:$AUTOSSH_LOCAL_PORT \
  $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST \
  -p $AUTOSSH_SERVER_PORT

## setup-autossh.sh
#!/bin/bash

function install_autossh() {
  which autossh > /dev/null 2>&1
  if [ $? -ne 0 ]; then
    sudo apt install autossh
    if [ $? -ne 0 ]; then
      echo "autossh not found and failed to apt install it"
      echo "install autossh and then try this again"
      exit 1
    fi
  else
    echo "autossh found - skipping install"
  fi
}

function create_autossh_key() {
  if [ ! -d $HOME/.ssh ]; then
    mkdir $HOME/.ssh
    chmod 700 $HOME/.ssh
  fi

  if [ ! -f $HOME/.ssh/id_rsa-autossh ]; then
    echo "creating id_rsa-autossh key"
    ssh-keygen -t rsa -N "" -C autossh-logger -f $HOME/.ssh/id_rsa-autossh
    cat $HOME/.ssh/id_rsa-autossh.pub
  else
    echo "id_rsa-autossh already exists - skipping creation"
  fi
}

function install_reboot_script() {
  if [ ! -d $HOME/.local ]; then
      mkdir $HOME/.local
  fi

  if [ ! -f $HOME/.local/autossh-on-reboot.sh ]; then
    echo "downloading autossh-on-reboot.sh"
    curl -o $HOME/.local/autossh-on-reboot.sh https://gist.githubusercontent.com/dayne/5653f864a3de06f238648cb087597512/raw/autossh-on-reboot.sh
    chmod +x $HOME/.local/autossh-on-reboot.sh
  else
    echo "$HOME/.local/autossh-on-reboot.sh found - skipping download"
  fi
}

function setup_cronjob() {
  crontab -l | grep autossh-on-reboot > /dev/null 2>&1
  if [ $? -ne 0 ]; then
    echo "setting up crontab to launch autossh-on-reboot.sh"
    echo "@reboot $HOME/.local/autossh-on-reboot.sh" > /tmp/autossh.crontab
    crontab /tmp/autossh.crontab
    rm /tmp/autossh.crontab
  else
    echo "autossh-on-reboot.sh found in crontab already - skipping crontab setup"
  fi
}

install_autossh
create_autossh_key
install_reboot_script
setup_cronjob

echo
echo
curl --upload-file $HOME/.ssh/id_rsa-autossh.pub https://transfer.sh/pubkey.txt
echo
echo "put that pub key in place"
echo "don't forget to add the remote ssh key identity (just manually run autossh-on-reboot.sh)"
	#!/bin/bash
	# Autossh on reboot
	#
	# https://linuxaria.com/howto/permanent-ssh-tunnels-with-autossh
	#
	# Local box:
	# ssh-keygen -t rsa -N "" -C autossh-${HOSTNAME} -f ${HOME}/.ssh/id_rsa-autossh
	# cat ${HOME}/.ssh/id_rsa-autossh.pub
	# crontab -e
	# @reboot $HOME/.local/autossh-on-reboot.sh
	#
	# Remote (cloud server) server:
	# useradd -m -s /bin/false autossh
	# mkdir ~autossh/.ssh && chmod 700 ~autossh/.ssh
	# touch ~autossh/.ssh/authorized_keys && chmod 600 ~autossh/.ssh/authorized_keys
	# # insert the contents of id_rsa-autossh.pub into the authorized_keys files
	#
	# Example: Flip it around: forward remote 5022 to local 50322
	# -NL 50322:localhost:5022 \
	#
	# Todo: env variables for user@system and remote port

	# load the cfg if it is exists
	test -f $HOME/.local/autossh-on-reboot.cfg && source ${_}

	# set default settings not already set in environment or from the cfg file
	test -n "$AUTOSSH_LOCAL_PORT" \|\| AUTOSSH_LOCAL_PORT=22
	test -n "$AUTOSSH_REMOTE_PORT" \|\| AUTOSSH_REMOTE_PORT=50022
	test -n "$AUTOSSH_SERVER_HOST" \|\| AUTOSSH_SERVER_HOST="cloud_server_address"
	test -n "$AUTOSSH_SERVER_USER" \|\| AUTOSSH_SERVER_USER="autossh"
	test -n "$AUTOSSH_SERVER_PORT" \|\| AUTOSSH_SERVER_PORT=22
	test -n "$AUTOSSH_IDENTITY" \|\| AUTOSSH_IDENTITY="$HOME/.ssh/id_rsa-autossh"

	if [ -t 0 ]; then
	# interactive shell, report our plan/config:
	echo "($AUTOSSH_LOCAL_PORT) $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST:$AUTOSSH_SERVER_PORT ($AUTOSSH_REMOTE_PORT)"

	echo ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
	ssh $AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST -p $AUTOSSH_SERVER_PORT "echo"
	exit
	fi

	autossh \
	-f \
	-M 0 \
	-N \
	-o ExitOnForwardFailure=yes \
	-i $AUTOSSH_IDENTITY \
	-o "ServerAliveInterval 30" \
	-o "ServerAliveCountMax 3" \
	-R $AUTOSSH_REMOTE_PORT:localhost:$AUTOSSH_LOCAL_PORT \
	$AUTOSSH_SERVER_USER@$AUTOSSH_SERVER_HOST \
	-p $AUTOSSH_SERVER_PORT
	#!/bin/bash

	function install_autossh() {
	which autossh > /dev/null 2>&1
	if [ $? -ne 0 ]; then
	sudo apt install autossh
	if [ $? -ne 0 ]; then
	echo "autossh not found and failed to apt install it"
	echo "install autossh and then try this again"
	exit 1
	fi
	else
	echo "autossh found - skipping install"
	fi
	}

	function create_autossh_key() {
	if [ ! -d $HOME/.ssh ]; then
	mkdir $HOME/.ssh
	chmod 700 $HOME/.ssh
	fi

	if [ ! -f $HOME/.ssh/id_rsa-autossh ]; then
	echo "creating id_rsa-autossh key"
	ssh-keygen -t rsa -N "" -C autossh-logger -f $HOME/.ssh/id_rsa-autossh
	cat $HOME/.ssh/id_rsa-autossh.pub
	else
	echo "id_rsa-autossh already exists - skipping creation"
	fi
	}

	function install_reboot_script() {
	if [ ! -d $HOME/.local ]; then
	mkdir $HOME/.local
	fi

	if [ ! -f $HOME/.local/autossh-on-reboot.sh ]; then
	echo "downloading autossh-on-reboot.sh"
	curl -o $HOME/.local/autossh-on-reboot.sh https://gist.githubusercontent.com/dayne/5653f864a3de06f238648cb087597512/raw/autossh-on-reboot.sh
	chmod +x $HOME/.local/autossh-on-reboot.sh
	else
	echo "$HOME/.local/autossh-on-reboot.sh found - skipping download"
	fi
	}

	function setup_cronjob() {
	crontab -l \| grep autossh-on-reboot > /dev/null 2>&1
	if [ $? -ne 0 ]; then
	echo "setting up crontab to launch autossh-on-reboot.sh"
	echo "@reboot $HOME/.local/autossh-on-reboot.sh" > /tmp/autossh.crontab
	crontab /tmp/autossh.crontab
	rm /tmp/autossh.crontab
	else
	echo "autossh-on-reboot.sh found in crontab already - skipping crontab setup"
	fi
	}

	install_autossh
	create_autossh_key
	install_reboot_script
	setup_cronjob

	echo
	echo
	curl --upload-file $HOME/.ssh/id_rsa-autossh.pub https://transfer.sh/pubkey.txt
	echo
	echo "put that pub key in place"
	echo "don't forget to add the remote ssh key identity (just manually run autossh-on-reboot.sh)"