Line 234: |
Line 234: |
| {{go to top}} | | {{go to top}} |
| | | |
− | ==Persistent SSH Tunnels==
| + | =Persistent SSH Tunnels= |
− | {{go to top}}
| |
| The following is how to create a persistent SSH Tunnel between two systems. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration. | | The following is how to create a persistent SSH Tunnel between two systems. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration. |
| | | |
− | ===Create User/Generate SSH key===
| + | =Create User/Generate SSH key= |
| First you will create the user you will use for the tunnel. This will allow you to forward non-privileged ports over 1024. | | First you will create the user you will use for the tunnel. This will allow you to forward non-privileged ports over 1024. |
| | | |
Line 247: |
Line 246: |
| Now switch to the user and generate an SSH key: | | Now switch to the user and generate an SSH key: |
| <pre> | | <pre> |
− | su -s /bin/bash useradd | + | su -s /bin/bash autossh |
| cd ~ | | cd ~ |
| ssh-keygen -b 4096 | | ssh-keygen -b 4096 |
Line 258: |
Line 257: |
| </pre> | | </pre> |
| | | |
− | ===Copy public key to target system===
| + | =Copy public key to target system= |
− | You will need to copy '''''id_rsa.pub''''' file from '''''/home/useradd/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel. | + | You will need to copy '''''id_rsa.pub''''' file from '''''/home/autossh/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel. |
| | | |
| ''Note: It is recommended that you also create a normal user on the remote system and not use root.'' | | ''Note: It is recommended that you also create a normal user on the remote system and not use root.'' |
| | | |
− | ===Install autossh===
| + | =Install autossh= |
| You will need to install the autossh program on the system that will initiate the SSH tunnel. Autossh automatically restarts the SSH tunnel when it exits. | | You will need to install the autossh program on the system that will initiate the SSH tunnel. Autossh automatically restarts the SSH tunnel when it exits. |
| <pre> | | <pre> |
Line 269: |
Line 268: |
| </pre> | | </pre> |
| | | |
− | ===Setup script===
| + | =Setup script= |
− | Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (usually /opt): | + | Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (here we will save it as /opt/ssh-tunnel.sh): |
| <pre> | | <pre> |
| #!/bin/sh | | #!/bin/sh |
| # | | # |
− | # Uses autossh to establish a tunnel to allstarlink.org for the Graylog Collector Sidecar
| |
− | # on seal to pass data.
| |
| | | |
| su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>' | | su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>' |
| | | |
− | </pre> | + | </pre> |
| | | |
| {| class="wikitable" | | {| class="wikitable" |
Line 305: |
Line 302: |
| You can also use -L to change the direction of the port forwarding from Remote to Local and have the initiating system forward data over the tunnel the the remote. | | You can also use -L to change the direction of the port forwarding from Remote to Local and have the initiating system forward data over the tunnel the the remote. |
| | | |
− | ===Make script executable===
| + | =Make script executable= |
| Make sure you mark the script as executable with: | | Make sure you mark the script as executable with: |
| | | |
| <pre> | | <pre> |
− | chmod +x <name_of_script>.sh | + | chmod +x /opt/ssh-tunnel.sh |
| </pre> | | </pre> |
− | ===Tunnel at startup===
| + | =Tunnel at startup= |
− | To have this tunnel automatically start if the system is rebooted, add a call to the script to rc.local. | + | To have the tunnel up when the system restarts, choose one of the following methods |
| + | |
| + | ==rc.local== |
| + | Add a line to /etc/rc.local that calls the script. |
| + | |
| <pre> | | <pre> |
− | /opt/<name_of_script>.sh | + | # Start AutoSSH tunnel at boot |
| + | /opt/ssh-tunnel.sh |
| </pre> | | </pre> |
| | | |
| ''Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. Refer to your distributions documentation for information on how to enable it.'' | | ''Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. Refer to your distributions documentation for information on how to enable it.'' |
| + | ==systemd== |
| + | To have the script start at boot with systemd, create the following file and add it to /etc/systemd/system/ssh-tunnel.service |
| + | |
| + | ===ssh-tunnel.service=== |
| + | <pre> |
| + | [Unit] |
| + | Description=AutoSSH Tunnel at boot |
| + | |
| + | [Service] |
| + | Type=oneshot |
| + | ExecStart=/opt/ssh-tunnel.sh |
| + | |
| + | [Install] |
| + | WantedBy=multi-user.target |
| + | </pre> |
| + | |
| + | ===Enable service=== |
| + | To enable the service to run via systemd run: |
| + | <pre> |
| + | systemctl enable ssh-tunnel.service |
| + | </pre> |
| | | |
| == GRE Tunnel == | | == GRE Tunnel == |