Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
autossh initscript for always-up reverse tunneling. [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ChadJoan
n00b
n00b


Joined: 17 Oct 2010
Posts: 30

PostPosted: Fri Apr 29, 2011 5:50 am    Post subject: autossh initscript for always-up reverse tunneling. [SOLVED] Reply with quote

I'm just going to start off marking this as [SOLVED] since I managed to figure it out myself and think that others might benefit.

What I want is a reverse ssh tunnel that starts up when my computer boots and doggedly sticks around come hell or high water. This allows me to connect to my computer from anywhere, even if my computer happens to wind up behind some wonky router that's out of my control.
So I emerged net-misc/autossh and wrote this initscript:
Code:

#!/sbin/runscript
# Copyright 2011 Chad Joan
# Distributed under the terms of the GNU General Public License v2

depend() {
        use net dns logger
        after dns
}

start() {

        ebegin "Starting autossh"
        env \
            AUTOSSH_GATETIME=0 \
            AUTOSSH_FIRST_POLL=10 \
            AUTOSSH_POLL=60 \
            AUTOSSH_PIDFILE=/var/run/autossh.pid \
            AUTOSSH_LOGLEVEL=7 \
            AUTOSSH_DEBUG=1 \
        start-stop-daemon --start \
            --make-pidfile --pidfile /var/run/autossh.pid \
            --exec /usr/bin/autossh \
            -- -M29001 -f -N -R 1337:localhost:22 youruser@the_go_between.com
        eend $? "Failed to start autossh"
}

stop() {
        ebegin "Stopping autossh"

        # Grab the child PID so we can kill it once autossh is down.
        SSHPID=`ps -o pid= --ppid \`cat /var/run/autossh.pid\``

        start-stop-daemon --stop \
                --pidfile /var/run/autossh.pid \
                --signal 9 \
                --exec /usr/bin/autossh
        kill $SSHPID

        eend $? "Failed to stop autossh"
}

I called it /etc/init.d/autossh.init and went on my way.

There are certainly flaws, notably that I didn't bother moving any of it into /etc/conf.d/autossh.init

Usage (untested, sorry) :
- Make sure your root user is has ssh private/public key authentication for the computer used as a go-between. This is needed to prevent the tunnel script from being asked for a password by your go-between computer; the initscript can't deal with that. You can do this as root like so:
Code:

su
ssh-keygen
ssh-copy-id youruser@the_go_between.com
 (Enter your password and check up on things afterwards.)

- That means you need a go-between computer that will always be available and accessible from the internet. I used my webhost, which gives me an always-on linux box.
- Create the /etc/init.d/autossh.init initscript.
- `rc-update add autossh.init default`
- `sudo /etc/init.d/autossh.init start` or reboot your computer.
- `ssh youruser@the_go_between.com` (run this from any computer anywhere)
- `ssh -p 1337 someuser@your_home_computer.com` (run this while logged into the go-between computer)
Back to top
View user's profile Send private message
dobbs
Tux's lil' helper
Tux's lil' helper


Joined: 20 Aug 2005
Posts: 103
Location: Wenatchee, WA

PostPosted: Fri Jun 24, 2011 4:47 am    Post subject: Reply with quote

I have a similar setup:
Code:
#!/sbin/runscript
# Copyright 2011 Kristoffer Hepler
# Distributed under the terms of the GNU General Public License v2

opts="${opts} reload checkconfig"

depend() {
      use logger dns
      need net
}

AUTOSSH_BINARY=${AUTOSSH_BINARY:-/usr/bin/autossh}
AUTOSSH_PIDFILE=${AUTOSSH_PIDFILE:-/var/run/${SVCNAME}.pid}
CONFIGFILE="/etc/conf.d/${SVCNAME}"
INSTANCE=${RC_SVCNAME#*.}

checkconfig() {
   if [ ! -f $CONFIGFILE ]; then
      eerror "${CONFIGFILE} does not exist."
      return 1
   fi
   
   if [ "${SSH_HOST}" = "" ]; then
      eerror "No SSH server specified."
      return 1
   fi
}

start() {
   checkconfig || return 1
   
   local myopts="-f $SSH_OPTS"
   if [ "${SSH_USER}" != "" ]; then
      myopts="${myopts} ${SSH_USER}@${SSH_HOST}"
   else
      myopts="${myopts} ${SSH_HOST}"
   fi
   
   # collect environment variables   
   export AUTOSSH_DEBUG AUTOSSH_FIRST_POLL AUTOSSH_GATETIME AUTOSSH_LOGLEVEL \
      AUTOSSH_LOGFILE AUTOSSH_MAXLIFETIME AUTOSSH_MAXSTART AUTOSSH_MESSAGE \
      AUTOSSH_PATH AUTOSSH_PIDFILE AUTOSSH_POLL AUTOSSH_PORT
   
   ebegin "Starting ${SRVCNAME}"
   start-stop-daemon --start --exec "${AUTOSSH_BINARY}" \
      --pidfile "${AUTOSSH_PIDFILE}" \
      -- ${myopts}
   eend $?
}

stop() {
   ebegin "Stopping ${SRVCNAME}"
   start-stop-daemon --stop --exec "${AUTOSSH_BINARY}" \
      --pidfile "${AUTOSSH_PIDFILE}"
   eend $?
}

reload() {
   ebegin "Reloading ${SVCNAME}"
   start-stop-daemon --signal USR1 \
      --exec "${AUTOSSH_BINARY}" --pidfile "${AUTOSSH_PIDFILE}"
   eend $?
}


I pretty much ripped-off /etc/init.d/sshd and /etc/init.d/net.lo to make that. I can remember two advantages with this version. First, you can manually cycle the SSH connection with "/etc/init.d/autossh reload". Second, it allows for multiple autossh sessions by symlinking /etc/init.d/autossh to something like /etc/init.d/autossh.host and then creating a matching /etc/conf.d/autossh.host config file. Here's an example /etc/init.d/conf.d/autossh:
Code:
# /etc/conf.d/autossh: config file for /etc/init.d/autossh

# command line parameters to pass to ssh (optional)
SSH_OPTS="-No ServerAliveInterval=300,ServerAliveCountMax=3 -R 2200:localhost:22"

# the SSH server (required)
SSH_HOST="some.host.tld"

# the SSH username (optional)
#SSH_USER="username"

# autossh environment variables as described in the autossh man page (optional)
#AUTOSSH_DEBUG=1
#AUTOSSH_FIRST_POLL=60
AUTOSSH_GATETIME=0
#AUTOSSH_LOGLEVEL=7
AUTOSSH_LOGFILE="/var/log/autossh"
#AUTOSSH_MAXLIFETIME=3600
#AUTOSSH_MAXSTART=-1
#AUTOSSH_MESSAGE="PingPong"
#AUTOSSH_PATH="/usr/bin/ssh"
#AUTOSSH_PIDFILE="/var/run/autossh.pid"
#AUTOSSH_POLL=600
AUTOSSH_PORT=0


It should be noted that this example config relies on SSH's built-in connection monitoring (hence AUTOSSH_PORT=0), configured with ServerAliveInterval and ServerAliveCountMax SSH options. The server has to be configured with similar timeouts (via ClientAliveInterval and ClientAliveCountMax) or it'll block the remote forwarding ports when the connection dies.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum