Skip to content

Instantly share code, notes, and snippets.

@xfgavin

xfgavin/sshtunnel.service

Created June 3, 2022 19:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save xfgavin/cedd35ce3adf98a5431b25423c1ce5da to your computer and use it in GitHub Desktop.
Save xfgavin/cedd35ce3adf98a5431b25423c1ce5da to your computer and use it in GitHub Desktop.
Download ZIP
Yet another WORKING autossh systemd script
Raw
sshtunnel.service
[Unit]
Description=Keeps a tunnel to 'remote.com' open
After=network.target network-online.target sshd.service
#####################
#Reference: https://transang.me/create-a-remote-ssh-background-service-with-autossh-and-systemctl/
[Service]
User=YOUR_USER_NAME
Environment="AUTOSSH_GATETIME=30"
Environment="AUTOSSH_POLL=30"
Environment="AUTOSSH_FIRST_POLL=30"
Type=forking
RuntimeDirectory=sshtunnel
RuntimeDirectoryMode=0750
Environment="AUTOSSH_PIDFILE=/var/run/sshtunnel/sshtunnel.pid"
PIDFile=/var/run/sshtunnel/sshtunnel.pid
# Set aggressive network timeouts not autossh systemd unit timeouts and also avoid Broken pipe errors.
# After 30 seconds of no server response, Autossh will re-negotiate a new session.
# This assumes SSH version >=2. See https://bit.ly/3bINv8v
# Set 'ClientAliveInterval 10' in the remote sshd_config so unresponsive SSH clients will be
# disconnected after approx. (10 x ClientAliveCountMax) = 30 seconds
# -p [PORT]
# -l [user]
# -M 0 --> no monitoring, no need to supply since autossh script will determine an available port
# -N Just open the connection and do nothing (not interactive)
# LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
ExecStart=/usr/bin/autossh -CNfg -q \
-o "ServerAliveInterval 10" \
-o "ServerAliveCountMax 3" \
-o "StreamLocalBindUnlink yes" \
-o "ExitOnForwardFailure yes" \
-l YOUR_USER_NAME -R YOUR_REDIRECTION_PORT:localhost:22 remote.com
ExecReload=kill -HUP $MAINPID
ExecStop=/bin/kill $MAINPID
Restart=always
# On Linux TCP_TIMEWAIT_LEN is not tunable and set to (60*HZ), about 60 seconds. TCP_FIN_TIMEOUT also defauls to 60 seconds.
RestartSec=60
# See systemd.kill(5)
KillMode=process
[Install]
WantedBy=multi-user.target
@xfgavin
Copy link
Author

xfgavin commented Jun 3, 2022
edited

This systemd service file can manage your autossh session very well (start/stop/restart).
Here are the steps to install/start:

cp /path/to/sshtunnel.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable sshtunnel.service
systemctl start sshtunnel.service

When this service is started, systemd will put autossh's pid into /var/run/sshtunnel/sshtunnel.pid

Steps to uninstall:

systemctl stop sshtunnel.service
systemctl disable sshtunnel.service
systemctl daemon-reload
rm /etc/systemd/system/sshtunnel.service

Q: Since we can setup ssh redirection systemd service directly using similar way, Is autossh redundant?
A: I don't think so, autossh can monitor the health of the ssh connection and reconnect if needed.

P.S. this systemd script works in Debian, may need to adapt accordingly for other systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment