Bulletproof SSH Tunnel using Cygwin and AutoSSH

Ever try to get around those pesky firewalls at work? Well here is a way to setup permanent SSH tunnels that will self heal! The main reason I set this up was so that I wouldn’t have to keep setting up firewall holes in my remote routers. All of my systems now phone home and allow me to always have permanent connections.

You will need the following:

  • autossh
  • cygwin on Windows 7
  • cygrunsrv on cygwin
  • cron on cygwin
  • openssh on cygwin

Setup your shared keys between your servers. Make sure you are using the same user across both machines.

  • ssh-keygen.exe -t rsa
  • scp ~/.ssh/id_rsa.pub to your remote host and put in ~/.ssh/authorized_keys2 file
  • test “ssh [email protected]

Setup autossh on Cygwin

  • just install it from repository

Create a tunnel script on your originating server.
/home/user/tuncheck.sh

a=(ps -ef | grep autossh | grep -v grep)
if [ ! “$a” ]; thenĀ  /usr/bin/autossh.exe -M 10984 -N -f -R 6666:localhost:22 [email protected] -p 40022 &
fi

Install CRON for Cygwin and run cron-config to setup cron. Just take the defaults but add your username and password.

  • run cygwin setup.exe to install cron
  • run “cron-config” to setup cron
  • start up the cron service “net start cron”

Add the check script to the users’ crontab

  • crontab -e
  • * * * * /home/user/tuncheck.sh
  • run “crontab -l” to verify

Verify operation

  • on originating server run “ps -ef |grep auto”
  • You should see the process running “14:50:01 /usr/bin/autossh”
  • on remote server run “ssh -p 6666 [email protected]
  • You should get logged onto the originating server.

Dont forget to turn off your power management on the originating server. Needs to stay alive!

Enjoy!

 

5 Replies to “Bulletproof SSH Tunnel using Cygwin and AutoSSH”

  1. This is mine that seems to be working:

    a=(ps -ef | grep autossh | grep -v grep)
    if [ ! “$a” ]; then /usr/bin/autossh -M 20202:20101 -C2 -qnN -f [myuser]@[my dyn dns] -p 56839 -D 12345 &
    fi

    The -D is for SOCKS Proxy. I only expose port 56839 in my home router. And I use ~/.ssh/config for the verbose config. I also have a SQUID http proxy on my home server that I expose via port “localhost:8888”, tunneled through the socks proxy. This allows me to cover all my basis with various applications that only work with HTTP Proxies

    Host *
    # general
    ServerAliveInterval 60
    ServerAliveCountMax 3

    # esxi
    LocalForward localhost:443 192.168.1.25:443
    LocalForward localhost:902 192.168.1.25:902
    LocalForward localhost:903 192.168.1.25:903

    # vm-ubuntu-squid
    LocalForward localhost:9999 192.168.1.51:8888

    # vm-win8 RDP
    LocalForward localhost:2100 192.168.1.47:3389
    LocalForward localhost:4800 192.168.1.47:1433

Leave a Reply

Your email address will not be published. Required fields are marked *