Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Systemd service for autossh
[Unit]
Description=Keeps a tunnel to 'remote.example.com' open
After=network.target
[Service]
User=autossh
# -p [PORT]
# -l [user]
# -M 0 --> no monitoring
# -N Just open the connection and do nothing (not interactive)
# LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -l autossh remote.example.com -L 7474:127.0.0.1:7474 -i /home/autossh/.ssh/id_rsa
[Install]
WantedBy=multi-user.target
@mcyster

This comment has been minimized.

Copy link

commented May 8, 2016

On Ubuntu, this works better:
After=network-online.target

@bvankuik

This comment has been minimized.

Copy link

commented Oct 11, 2016

On Ubuntu (at least from version 16.x Xenual Xerus), create the above file as a normal user, then install it with:

$ sudo mv autossh.service /etc/systemd/system/

Enable as follows:

$ sudo sudo systemctl enable autossh.service
@mikhailnov

This comment has been minimized.

Copy link

commented Mar 12, 2017

After=network-online.target ssh.service

@bakercp

This comment has been minimized.

Copy link

commented Mar 25, 2017

Also, my error, but make sure WantedBy is capitalized correctly. An inspection of

journalctl | grep autossh

revealed:

Mar 24 20:02:50 themachine systemd[1]: [/etc/systemd/system/autossh.service:15] Unknown lvalue 'wantedby' in section 'Install'
@korneil

This comment has been minimized.

Copy link

commented Mar 29, 2017

Also add

Environment=AUTOSSH_GATETIME=0

in the [Service] section if you experience problems like autossh.service: Start request repeated too quickly..

@IvanTurgenev

This comment has been minimized.

Copy link

commented Jul 23, 2017

Will this work on fedora 26? with SELinux

@ghost

This comment has been minimized.

Copy link

commented Oct 28, 2017

For completeness, you should also add:

ExecStop=kill -9 autossh

Without it systemctl stop autossh won't do anything.

@comperem

This comment has been minimized.

Copy link

commented Dec 3, 2017

elFua, the kill command as you have written will not work. Kill takes PID's only, not process names.
Use this instead:
ExecStop=killall -s KILL autossh

@comperem

This comment has been minimized.

Copy link

commented Dec 3, 2017

Also, this link had a line that, I believe, solved the problem of restarting too quickly:
https://gist.github.com/drmalex07/c0f9304deea566842490

# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5

@guettli

This comment has been minimized.

Copy link

commented Dec 22, 2017

Since systemd cares for the restarting, I don't understand why the executable autossh is needed.

Could someone please explain this. I would like to understand the benefit of using autossh.

@jeroenvermeulen

This comment has been minimized.

@Iiridayn

This comment has been minimized.

Copy link

commented Feb 8, 2018

@guettli thank you for the question, I can now remove another dependency. I'd been using autossh for so long that I didn't think about that.
@jeroenvermeulen thank you for the link - my munged version seems to be working great :).

@sean9999

This comment has been minimized.

Copy link

commented Mar 23, 2018

Could this be modified to take advantage of systemd's socket activation? I'd like to have an SSH tunnel only open when I need it (ex: when i make a request to localhost:1080).

@eldog

This comment has been minimized.

Copy link

commented Jun 3, 2018

Consider adding -o "ExitOnForwardFailure=yes" as if the client cuts the connection to the server (like power goes off), the port may still be considered in use on the server. Been having this problem when rebooting a Raspberry Pi via unplugging the USB power.

@matthijskooijman

This comment has been minimized.

Copy link

commented Jul 20, 2018

One reason for using autossh, rather than normal ssh, is to have incremental backoff in the restart delays when the connection fails (e.g. the destination host is temporarily down). Systemd supports a fixed restart delay (RestartSec), but does not support increasing the restart delay (yet, see systemd/systemd#6129)

@llamafilm

This comment has been minimized.

Copy link

commented Jul 25, 2018

@comperem that won't work either because you have to specify the full binary path like this. Also, I found that a SIGKILL will leave the child ssh process running. If you use SIGTERM then it gracefully stops both autossh and ssh. On my distro (Raspbian), this works:
ExecStop=/usr/bin/killall autossh

@ttimasdf

This comment has been minimized.

Copy link

commented Aug 21, 2018

@llamafilm @comperem This is not the best practice in case of systemd.

By default, systemd.kill will send SIGTERM to all processes and subprocesses of the control group with or without an ExecStop command. If there is one, it will be executed first(So it's no need after all).

autossh receiving SIGTERM will start to kill ssh subprocess in its way, and systemd will wait for it (by default 90s) and send SIGKILL after timeout.

In that case, no ExecStop command is needed and systemd will handle it gracefully by default. If you have no patience, tuning TimeoutStopSec is all you need.

@ttimasdf

This comment has been minimized.

Copy link

commented Sep 5, 2018

https://gist.github.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98
Check out my fork if needed. Added:

  • ExitOnForwardFailure.
  • Handle restart automatically. (you can even replace autossh with ssh)
  • Multiple tunnels open simultaneously.
  • Move tunnel settings (key, user, port, etc) to a separate user's ~tunnel/.ssh/config. Easier to manage and test with sudo -u tunnel ssh example.com -v
@Hukkinen

This comment has been minimized.

Copy link

commented Dec 11, 2018

For completeness, you should also add:

ExecStop=kill -9 autossh

Without it systemctl stop autossh won't do anything.

I'd put instead:

ExecStop=/bin/kill $MAINPID

..as in sshd service. This way you can cleanly stop/kill only this particular process (of possibly many instances of autossh, for example).

@dimasmamot

This comment has been minimized.

Copy link

commented May 14, 2019

I get this error

mamot@pg-1-mamot-dawn:/etc/systemd/system$ systemctl start autossh-mamot-hook.service Failed to start autossh-mamot-hook.service: Interactive authentication required. See system logs and 'systemctl status autossh-mamot-hook.service' for details.

this is my script

ExecStart=/usr/bin/autossh -M 0 -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R mamot-hook.serveo.net:80:localhost:80 serveo.net

any idea ?

@jgrevich

This comment has been minimized.

Copy link

commented Jul 8, 2019

@dimasmamot Interactive authentication required seems to be the key part of the error msg to me. Try executing the command first as sudo to see what interactive prompts are required. Most likely you need to add a new host key to /root/.ssh/known_hosts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.