0

Setting up AutoSSH for Reverse SSH Forwarding

Posted by simon on 2015-07-20 in Guides |

Autossh is a brilliant little application I discovered and it has helped me access servers that are behind NAT firewalls

Basically, Server A connects to a Server B in the cloud using SSH public keys, and asks Server B to forwards a port to the local SSH port on Server A

SETUP SSH KEYS TO BE USED:

  1. Connect to Server A
  2. Run ssh-keygen -t rsa
  3. When asked Enter file in which to save the key Just Simple Click Enter and enter nothing
  4. When asked Enter passphrase (empty for no passphrase)
    and Enter same passphrase again Just again Simply Click Enter and enter nothing
  5. These Steps will have generated a public and private SSH key to use for your sign in
  6. Run ssh-copy-id (USER)@(SERVER B) and when asked about RSA key fingerprint, Just Simply enter YES and enter the user’s password, and the keys will be copied to Server B

SETUP AUTOSSH:

  1. Run yum install openssh-clients autossh
  2. make the autossh folder mkdir /etc/autossh
  3. make your config file nano /etc/autossh/syslog
  4. when nano is open you need to paste in this config and change it to your requirements
    # Check connection every 10 seconds, and after 3 tries (30 seconds), drop and
    # let autossh re-connect.
    ServerAliveInterval="10"
    ServerAliveCountMax="3"
    StrictHostKeyChecking="no"
     
    LocalUser="root"
    IdentityFile="~/.ssh/id_rsa"
     
    RemoteUser="(USER)"
    RemoteHost="(SERVER)"
    RemotePort="22"
     
    # Array of ports to be forwarded:
    # 
    # Example: Forward port 3307, listening on 127.0.0.1 on the remote side, to
    # 127.0.0.1 port 3306 on the local side. Forward port 8081, listening on
    # 127.0.0.1 on the local side, to 10.100.1.60 port 80 on the remote side.
    #
    ForwardPort=(
        "R 127.0.0.1:(PICK PORT NUMBER):127.0.0.1:22"
    )
  5. when finished with nano, exit using CTRL+X and then Press Y to save and enter to save as the file you created
  6. now you need to create the autossh config file nano /etc/init.d/autossh
  7. paste in this config file, and when finished, exit using CTRL+X and then Press Y to save and enter to save as the file you created
    #!/bin/bash
    #
    # autossh . Startup script for autossh
    
    # chkconfig: 2345 25 40
    # description: Maintain persistent SSH tunnels
    # processname: autossh
    # pidfile: /var/run/autossh.pid
    
    # Copyright 2012 - Jean-Sebastien Morisset - http://surniaulula.com/
    #
    # http://surniaulula.com/2012/12/10/autossh-startup-script-for-multiple-tunnels/
    #
    # This script is free software; you can redistribute it and/or modify it under
    # the terms of the GNU General Public License as published by the Free Software
    # Foundation; either version 3 of the License, or (at your option) any later
    # version.
    #
    # This script is distributed in the hope that it will be useful, but WITHOUT
    # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
    # details at http://www.gnu.org/licenses/.
    
    # Changelog:
    #
    # 2013/06/21 - Reset the $forward_list variable at the start() to prevent the
    # accumulation of ports for each config loop. Also added support for socks
    # proxies. Thanks to Chris for pointing out the issue in the comments.
    
    # Source function library
    . /etc/init.d/functions
    
    RETVAL=0
    prog="autossh"
    autossh="/usr/bin/autossh"
    
    [ ! -d /var/run/$prog ] && mkdir -p /var/run/$prog
    
    start() {
    	config="$1"
    	cfname=`basename $config`
    	forward_list=""
    
    	# make sure we have a config file
    	if [ ! -f "$config" ]
    	then
    		failure
    		echo "$prog $cfname: $config missing"
    		return 1
    	fi
    
    	. $config
    
    	# make sure all variables have been defined in config
    	for var in \
    		ServerAliveInterval ServerAliveCountMax StrictHostKeyChecking \
    		LocalUser IdentityFile RemoteUser RemoteHost RemotePort
    	do eval "
    		if [ -z \$$var ]
    		then
    			failure
    			echo \"$prog $cfname: $var variable empty\"
    			return 1
    		fi
    		"
    	done
    
    	if [ ${#ForwardPort[*]} -eq 0 ]
    	then
    		failure
    		echo "$prog $cfname: ForwardPort array empty"
    		return 1
    	fi
    
    	for fwd in "${ForwardPort[@]}"
    	do
    		case "$fwd" in
    		D\ *:*|R\ *:*:*:*|L\ *:*:*:*) forward_list+="-$fwd " ;;
    		*)	failure
    			echo "$prog $cfname: $fwd format unknown"
    			return 1
    			;;
    		esac
    	done
    
    	# define the pidfile variable for autossh (created by autossh)
    	# check if pidfile already exists -- don't start another instance if pidfile exists
    	AUTOSSH_PIDFILE="/var/run/$prog/$cfname.pid"
    	if [ -e $AUTOSSH_PIDFILE ]
    	then
    		failure
    		echo "$prog $cfname: $AUTOSSH_PIDFILE already exists"
    		return 1
    	fi
    
    	echo -n "Starting $prog $cfname: "
    
    	# before switching-users, make sure pidfile is created and user has write permission
    	touch $AUTOSSH_PIDFILE
    	chown $LocalUser $AUTOSSH_PIDFILE
    
    	# start autossh as the user defined in the config file
    	# the pidfile must be re-defined in the new environment
    	su - $LocalUser -c "
    		AUTOSSH_PIDFILE=$AUTOSSH_PIDFILE;
    		AUTOSSH_PORT=0;
    		export AUTOSSH_PIDFILE AUTOSSH_PORT;
    		$autossh -q -N -p $RemotePort \
    		-i $IdentityFile \
    		-o ServerAliveInterval=$ServerAliveInterval \
    		-o ServerAliveCountMax=$ServerAliveCountMax \
    		-o StrictHostKeyChecking=$StrictHostKeyChecking \
    		$forward_list $RemoteUser@$RemoteHost -f;"
    
    	# check to make sure pidfile was created
    	if [ ! -f $AUTOSSH_PIDFILE ]
    	then
    		failure
    		echo "`basename $AUTOSSH_PIDFILE` not created"
    		return 1
    	fi
    
    	success
    	echo
    	touch /var/lock/subsys/$prog
    }
    
    stop() {
    	config="$1"
    	# if no config names (on the command-line), stop all autossh processes
    	if [ -z "$config" ]
    	then
    		echo -n "Stopping all $prog: "
    		killproc $autossh
    		RETVAL=$?
    		echo
    		if [ $RETVAL -eq 0 ]
    		then
    			rm -f /var/lock/subsys/$prog
    			rm -f /var/run/$prog/*.pid
    		fi
    	else
    		cfname="`basename $config`"
    		pidfile="/var/run/$prog/$cfname.pid"
    		if [ ! -f $pidfile ]
    		then
    			failure
    			echo "$prog $cfname: $pidfile missing"
    			return 1
    		else
    			echo -n $"Stopping $prog $cfname: "
    			killproc -p "/var/run/$prog/$cfname.pid" "$prog $cfname"
    			RETVAL=$?
    			echo
    			[ $RETVAL -eq 0 ] && rm -f /var/run/$prog/$cfname.pid
    		fi
    	fi
    	return $RETVAL
    }
    
    # save the action name, and shift the command-line array
    # all remaining command-line arguments could be config names
    action="$1"
    shift
    
    case "$action" in
    start)
    	if [ -z "$1" ]
    	then
    		# if no config names on the command-line, start all /etc/autossh/ configs found
    		for config in `echo /etc/$prog/${cfname:='*'}`
    		do $action $config; done
    	else
    		# start only the config files specified on the command-line
    		for cfname in "$@"
    		do $action /etc/$prog/$cfname; done
    	fi
    	;;
    stop)
    	if [ -z "$1" ]
    	then
    		# if no config names on the command-line, stop all autossh processes
    		$action
    	else
    		# stop only the config files specified on the command-line
    		for cfname in "$@"
    		do $action /etc/$prog/$cfname; done
    	fi
    	;;
    restart)
    	# re-execute this script, with the stop and start action names instead
    	$0 stop "$@"
    	$0 start "$@"
    	;;
    status)
    	if [ -z "$1" ]
    	then
    		# if no config names on the command-line, show all autossh pids
    		status $autossh
    		RETVAL=$?
    	else
    		# only show the status of config files specified on the command-line
    		for cfname in "$@"
    		do
    			config="/etc/$prog/$cfname"
    			# if the config file is missing, echo an error message
    			if [ -f $config ]
    			then
    				cfname="`basename $config`"
    				pidfile="/var/run/$prog/$cfname.pid"
    				# if the pidfile is missing, echo an error message
    				if [ -f $pidfile ]
    				then
    					status -p "$pidfile" "$prog $cfname"
    					RETVAL=$?
    				else
    					echo "$pidfile missing"
    					RETVAL=1
    				fi
    			else
    				echo "$config missing"
    				RETVAL=1
    			fi
    		done
    	fi
    	;;
    *)
    	echo "Usage: $0 {start|stop|restart|status} {config names...}"
    	RETVAL=1
    	;;
    esac
    exit $RETVAL
    
  8. you need to make the new file executable
    chmod a+x /etc/init.d/autossh
  9. you also need to make sure the script runs at start-up
    chkconfig –add autossh
  10. now you have finished setting it up, simply start the service /etc/init.d/autossh start
  11. Now to connect to the computer you simply run
    ssh (SERVER B user)@(SERVER B):(PORT)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2014-2024 Simon Smith All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.