Autossh Tunnel: Difference between revisions
Created page with "==WHY== Because I want remote access somewhere without others having access to that machine. ==HOW== Create a user on your machine, set his public_key on his account ( ~/.s..." |
m →HOW |
||
(4 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his. | Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his. | ||
Also, on the remote machine, be sure to have your user with a key ( disable the password login ). | |||
Install autossh on the remote machine. | Install autossh on the remote machine. | ||
< | <code lang="bash"> | ||
autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N | autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N | ||
</ | </code> | ||
What these mean: | What these mean: | ||
Line 19: | Line 21: | ||
-M is the control port ( 5123 will be the echo port ) | -M is the control port ( 5123 will be the echo port ) | ||
1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 | 1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 ) | ||
The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin ) | The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin ) | ||
After this, you can connect from your machine to localhost:1942 and safely do: | |||
<code lang="bash"> | |||
iptables -I INPUT -p tcp --dport 5522 -j ACCEPT | |||
iptables -A INPUT -p tcp --dport -j DROP | |||
</code> | |||
Afterwards, you can just add this to your /etc/crontab | |||
<code lang="bash"> | |||
*/1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 & | |||
</code> |
Latest revision as of 20:56, 22 July 2013
WHY
Because I want remote access somewhere without others having access to that machine.
HOW
Create a user on your machine, set his public_key on his account ( ~/.ssh/authorized_keys ). Transfer the private key to THAT machine.
Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.
Also, on the remote machine, be sure to have your user with a key ( disable the password login ).
Install autossh on the remote machine.
autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N
What these mean:
-M is the control port ( 5123 will be the echo port )
1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )
The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )
After this, you can connect from your machine to localhost:1942 and safely do:
iptables -I INPUT -p tcp --dport 5522 -j ACCEPT
iptables -A INPUT -p tcp --dport -j DROP
Afterwards, you can just add this to your /etc/crontab
- /1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 &