Last active
October 22, 2022 07:22
-
-
Save johnsimcall/61a2c6d05899dd1da4d68614c5faf263 to your computer and use it in GitHub Desktop.
systemd unit file for establishing an SSH tunnel to a remote host that runs (or can reach) a proxy service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Host example-bastion | |
HostName example-bastion.fqdn.com | |
IdentityFile /root/.ssh/id_ed25519 # -i | |
User john # -l | |
ExitOnForwardFailure yes | |
ServerAliveInterval 10 | |
SessionType none # -N | |
RequestTTY no # -T | |
GatewayPorts yes # -g | |
LocalForward 3129 outside.proxy.com:3128 # -L |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Setup a secure tunnel to %i | |
After=network-online.target | |
[Service] | |
ExecStart=/usr/bin/autossh -M 0 -F /etc/ssh/ssh-tunnel-%i.config %i | |
RestartSec=5 | |
Restart=always | |
[Install] | |
WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All of this systemd trickery is the equivalent of just running
Here are some other options to consider that can put the
ssh
command into the background (-f
) and expose the forwarded port(s) to other hosts in the local network (g
)If you also have control over the remote
sshd
daemon, you might consider applying this: