Autossh Tunnel

From D3xt3r01.tk
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

WHY

Because I want remote access somewhere without others having access to that machine.

HOW

Create a user on your machine, set his public_key on his account ( ~/.ssh/authorized_keys ). Transfer the private key to THAT machine.

Change his login to /sbin/nologin, he doesn't need to get in your box, you need to get into his.

Also, on the remote machine, be sure to have your user with a key ( disable the password login ).

Install autossh on the remote machine.

autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N

What these mean:

-M is the control port ( 5123 will be the echo port )

1942:localhost:5522 - means that it'll open port 1942 on YOUR machine and will forward everything to port 5522 on THAT machine ( I have ssh set on 5522 )

The rest is just ssh telling to go login with the user on host 192.168.1.95 on port 5522 ( yes, I have 5522 set up in sshd_config on both my and the remote machine ) with the private key and -N tells not to execute a command ( if it tries to .. it'll fail and disconnect because of /sbin/nologin )

After this, you can connect from your machine to localhost:1942 and safely do:

iptables -I INPUT -p tcp --dport 5522 -j ACCEPT

iptables -A INPUT -p tcp --dport -j DROP

Afterwards, you can just add this to your /etc/crontab

  • /1 * * * * root flock -xon /root/ssh.lock -c "autossh -M 5122 -R 1942:localhost:5522 user@192.168.1.95 -p 5522 -i .ssh/key -N" >/tmp/autossh_log 2>&1 &

Retrieved from "https://wiki.d3xt3r01.tk//index.php?title=Autossh_Tunnel&oldid=6594"