This is my trick to keep a tunnel running on an OSX host. It's setup so that a network state change will trigger the connection. In practice I've found that it's actually very reliable. Certainly beats starting them by hand.
- This uses a 'tunnel' user on your remote host. Because we need to start the tunnel with a passwordless ssh key, it's safer to use a key that just used for this purpose.
- The remote tunnel user should not have priviledges to login. You only need them to be able to forward ports, shell login is not needed to do this.
-
Create a new passwordless ssh key for use with the tunnel script.
$ ssh-keygen -N '' -f ~/.ssh/tunnel
-
Update and add the included plist file to ~/Library/LaunchAgents
-
Create a new user called 'tunnel' that can't login
$ adduser --create-home --shell /bin/false tunnel
-
Add your tunnel.pub key to /home/tunnel/.ssh/authorized_keys
$ sudo su $ cd /home/tunnel $ mkdir .ssh $ vim .ssh/authorized_keys # Copy your pub key in here $ chown tunnel:tunnel -R .ssh
Now you just need to make the script load at startup
$ launchctl load -w ~/Library/LaunchAgents/com.domain.tunnel.irc