autossh initscript for always-up reverse tunneling. [SOLVED]

[ChadJoan]

I'm just going to start off marking this as [SOLVED] since I managed to figure it out myself and think that others might benefit.

What I want is a reverse ssh tunnel that starts up when my computer boots and doggedly sticks around come hell or high water. This allows me to connect to my computer from anywhere, even if my computer happens to wind up behind some wonky router that's out of my control.
So I emerged net-misc/autossh and wrote this initscript:

Code: Select all

#!/sbin/runscript
# Copyright 2011 Chad Joan
# Distributed under the terms of the GNU General Public License v2

depend() {
        use net dns logger
        after dns
}

start() {

        ebegin "Starting autossh"
        env \
            AUTOSSH_GATETIME=0 \
            AUTOSSH_FIRST_POLL=10 \
            AUTOSSH_POLL=60 \
            AUTOSSH_PIDFILE=/var/run/autossh.pid \
            AUTOSSH_LOGLEVEL=7 \
            AUTOSSH_DEBUG=1 \
        start-stop-daemon --start \
            --make-pidfile --pidfile /var/run/autossh.pid \
            --exec /usr/bin/autossh \
            -- -M29001 -f -N -R 1337:localhost:22 youruser@the_go_between.com
        eend $? "Failed to start autossh"
}

stop() {
        ebegin "Stopping autossh"

        # Grab the child PID so we can kill it once autossh is down.
        SSHPID=`ps -o pid= --ppid \`cat /var/run/autossh.pid\``

        start-stop-daemon --stop \
                --pidfile /var/run/autossh.pid \
                --signal 9 \
                --exec /usr/bin/autossh
        kill $SSHPID

        eend $? "Failed to stop autossh"
}

I called it /etc/init.d/autossh.init and went on my way.

There are certainly flaws, notably that I didn't bother moving any of it into /etc/conf.d/autossh.init

Usage (untested, sorry) :
- Make sure your root user is has ssh private/public key authentication for the computer used as a go-between. This is needed to prevent the tunnel script from being asked for a password by your go-between computer; the initscript can't deal with that. You can do this as root like so:

Code: Select all

su
ssh-keygen
ssh-copy-id youruser@the_go_between.com
 (Enter your password and check up on things afterwards.)

- That means you need a go-between computer that will always be available and accessible from the internet. I used my webhost, which gives me an always-on linux box.
- Create the /etc/init.d/autossh.init initscript.
- `rc-update add autossh.init default`
- `sudo /etc/init.d/autossh.init start` or reboot your computer.
- `ssh youruser@the_go_between.com` (run this from any computer anywhere)
- `ssh -p 1337 someuser@your_home_computer.com` (run this while logged into the go-between computer)

[dobbs]

I have a similar setup:

Code: Select all

#!/sbin/runscript
# Copyright 2011 Kristoffer Hepler
# Distributed under the terms of the GNU General Public License v2

opts="${opts} reload checkconfig"

depend() {
		use logger dns
		need net
}

AUTOSSH_BINARY=${AUTOSSH_BINARY:-/usr/bin/autossh}
AUTOSSH_PIDFILE=${AUTOSSH_PIDFILE:-/var/run/${SVCNAME}.pid}
CONFIGFILE="/etc/conf.d/${SVCNAME}"
INSTANCE=${RC_SVCNAME#*.}

checkconfig() {
	if [ ! -f $CONFIGFILE ]; then
		eerror "${CONFIGFILE} does not exist."
		return 1
	fi
	
	if [ "${SSH_HOST}" = "" ]; then
		eerror "No SSH server specified."
		return 1
	fi
}

start() {
	checkconfig || return 1
	
	local myopts="-f $SSH_OPTS"
	if [ "${SSH_USER}" != "" ]; then
		myopts="${myopts} ${SSH_USER}@${SSH_HOST}"
	else
		myopts="${myopts} ${SSH_HOST}"
	fi
	
	# collect environment variables	
	export AUTOSSH_DEBUG AUTOSSH_FIRST_POLL AUTOSSH_GATETIME AUTOSSH_LOGLEVEL \
		AUTOSSH_LOGFILE AUTOSSH_MAXLIFETIME AUTOSSH_MAXSTART AUTOSSH_MESSAGE \
		AUTOSSH_PATH AUTOSSH_PIDFILE AUTOSSH_POLL AUTOSSH_PORT
	
	ebegin "Starting ${SRVCNAME}"
	start-stop-daemon --start --exec "${AUTOSSH_BINARY}" \
		--pidfile "${AUTOSSH_PIDFILE}" \
		-- ${myopts}
	eend $?
}

stop() {
	ebegin "Stopping ${SRVCNAME}"
	start-stop-daemon --stop --exec "${AUTOSSH_BINARY}" \
		--pidfile "${AUTOSSH_PIDFILE}"
	eend $?
}

reload() {
	ebegin "Reloading ${SVCNAME}"
	start-stop-daemon --signal USR1 \
		--exec "${AUTOSSH_BINARY}" --pidfile "${AUTOSSH_PIDFILE}"
	eend $?
}

I pretty much ripped-off /etc/init.d/sshd and /etc/init.d/net.lo to make that. I can remember two advantages with this version. First, you can manually cycle the SSH connection with "/etc/init.d/autossh reload". Second, it allows for multiple autossh sessions by symlinking /etc/init.d/autossh to something like /etc/init.d/autossh.host and then creating a matching /etc/conf.d/autossh.host config file. Here's an example /etc/init.d/conf.d/autossh:

Code: Select all

# /etc/conf.d/autossh: config file for /etc/init.d/autossh

# command line parameters to pass to ssh (optional)
SSH_OPTS="-No ServerAliveInterval=300,ServerAliveCountMax=3 -R 2200:localhost:22"

# the SSH server (required)
SSH_HOST="some.host.tld"

# the SSH username (optional)
#SSH_USER="username"

# autossh environment variables as described in the autossh man page (optional)
#AUTOSSH_DEBUG=1
#AUTOSSH_FIRST_POLL=60
AUTOSSH_GATETIME=0
#AUTOSSH_LOGLEVEL=7
AUTOSSH_LOGFILE="/var/log/autossh"
#AUTOSSH_MAXLIFETIME=3600
#AUTOSSH_MAXSTART=-1
#AUTOSSH_MESSAGE="PingPong"
#AUTOSSH_PATH="/usr/bin/ssh"
#AUTOSSH_PIDFILE="/var/run/autossh.pid"
#AUTOSSH_POLL=600
AUTOSSH_PORT=0

It should be noted that this example config relies on SSH's built-in connection monitoring (hence AUTOSSH_PORT=0), configured with ServerAliveInterval and ServerAliveCountMax SSH options. The server has to be configured with similar timeouts (via ClientAliveInterval and ClientAliveCountMax) or it'll block the remote forwarding ports when the connection dies.