Because I want remote access somewhere without others having access to that machine.
Create a user on your machine, set his public_key on his account ( ~/.ssh/authorized_keys ). Transfer the private key to THAT machine.
Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.
Also, on the remote machine, be sure to have your user with a key ( disable the password login ).
Install autossh on the remote machine.
autossh -M 5122 -R 1942:localhost:5522 email@example.com -p 5522 -i .ssh/key -N
What these mean:
-M is the control port ( 5123 will be the echo port )
1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )
The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )
After this, you can connect from your machine to localhost:1942 and safely do:
iptables -I INPUT -p tcp --dport 5522 -j ACCEPT
iptables -A INPUT -p tcp --dport -j DROP
Afterwards, you can just add this to your /etc/crontab
- /1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 firstname.lastname@example.org -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 &