Ever try to get around those pesky firewalls at work? Well here is a way to setup permanent SSH tunnels that will self heal! The main reason I set this up was so that I wouldn’t have to keep setting up firewall holes in my remote routers. All of my systems now phone home and allow me to always have permanent connections.
You will need the following:
- autossh
- cygwin on Windows 7
- cygrunsrv on cygwin
- cron on cygwin
- openssh on cygwin
Setup your shared keys between your servers. Make sure you are using the same user across both machines.
- ssh-keygen.exe -t rsa
- scp ~/.ssh/id_rsa.pub to your remote host and put in ~/.ssh/authorized_keys2 file
- test “ssh user@remotehost”
Setup autossh on Cygwin
- just install it from repository
Create a tunnel script on your originating server.
/home/user/tuncheck.sh
a=(`ps -ef | grep autossh | grep -v grep`)
if [ ! “$a” ]; thenĀ /usr/bin/autossh.exe -M 10984 -N -f -R 6666:localhost:22 user@remotehost -p 40022 &
fi
Install CRON for Cygwin and run cron-config to setup cron. Just take the defaults but add your username and password.
- run cygwin setup.exe to install cron
- run “cron-config” to setup cron
- start up the cron service “net start cron”
Add the check script to the users’ crontab
- crontab -e
- * * * * /home/user/tuncheck.sh
- run “crontab -l” to verify
Verify operation
- on originating server run “ps -ef |grep auto”
- You should see the process running “14:50:01 /usr/bin/autossh”
- on remote server run “ssh -p 6666 user@localhost”
- You should get logged onto the originating server.
Dont forget to turn off your power management on the originating server. Needs to stay alive!
Enjoy!
4 comments
Skip to comment form
I think this rocks!
Great!
Tks.
Your missing a ” * ” on your crontab, should be 5 yea?
This is mine that seems to be working:
a=(`ps -ef | grep autossh | grep -v grep`)
if [ ! “$a” ]; then /usr/bin/autossh -M 20202:20101 -C2 -qnN -f [myuser]@[my dyn dns] -p 56839 -D 12345 &
fi
The -D is for SOCKS Proxy. I only expose port 56839 in my home router. And I use ~/.ssh/config for the verbose config. I also have a SQUID http proxy on my home server that I expose via port “localhost:8888”, tunneled through the socks proxy. This allows me to cover all my basis with various applications that only work with HTTP Proxies
Host *
# general
ServerAliveInterval 60
ServerAliveCountMax 3
# esxi
LocalForward localhost:443 192.168.1.25:443
LocalForward localhost:902 192.168.1.25:902
LocalForward localhost:903 192.168.1.25:903
# vm-ubuntu-squid
LocalForward localhost:9999 192.168.1.51:8888
# vm-win8 RDP
LocalForward localhost:2100 192.168.1.47:3389
LocalForward localhost:4800 192.168.1.47:1433