[systemd-devel] Setting Up SSH Tunnels
Reindl Harald
h.reindl at thelounge.net
Fri Jul 5 12:04:29 PDT 2013
Am 05.07.2013 19:16, schrieb CACook at Quantum-Sci.com:
>
> For some years I've set up reverse SSH tunnels with a script, but when the tunnels go down they do not recover.
> I'd like to start and stop the tunnels using systemd.
>
> A typical command looks like this:
> /usr/bin/ssh -f -l sleeper -i /home/sleeper/.ssh/id_ecdsa -2 -4 -c aes256-ctr,aes128-ctr -L 3128:localhost:3128
> droog sleep 365d
>
> I tried invoking my script with a .service file, but it doesn't keep the tunnels alive. (sometimes they die with
> "broken pipe") And it doesn't re-establish the tunnels on wake from sleep.
>
> This is my .service file:
> # sshdroog.service
>
> [Unit]
> Description= reverse SSH tunnels
> Before=rc.local.service
> After=network.target sockets.target syslog.target
>
> [Service]
> # Do a single job and then exit (Can have multiple ExecStarts):
> Type=oneshot
> # For oneshot, so that systemd still considers the service as active after the process has exited:
> RemainAfterExit=yes
> ExecStart=/usr/local/bin/sshcygnus
> ExecStop=/bin/kill -15 $MAINPID
> Restart=always
> RestartSec=2
> TimeoutSec=60
> # Errors in /var/log/messages
> systemd.log_level=debug
> #Type=notify
> #StandardError=syslog
> #NotifyAccess=main
>
> [Install]
> WantedBy=multi-user.target
"oneshot" is plain wrong if you have a long living prcoess
below a working unit to have a remote-server's ssh on localhost:10024
"RestartSec=60" because so it survives reboots of the forwarded machine with auto reconnect
[Unit]
Description=SSH-Forwarding
After=network.service openvpn.service
[Service]
Type=simple
ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_rsa gateway at target-host -N -C -L127.0.0.1:10024:127.0.0.1:22
Restart=always
RestartSec=60
TimeoutSec=30
[Install]
WantedBy=multi-user.target
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130705/c6236ef6/attachment.pgp>
More information about the systemd-devel
mailing list