[systemd-devel] Setting Up SSH Tunnels

Reindl Harald h.reindl at thelounge.net
Fri Jul 5 12:45:19 PDT 2013

Am 05.07.2013 21:20, schrieb CACook at Quantum-Sci.com:
> Reindl Harald:
>> "oneshot" is plain wrong if you have a long living prcoess
>> below a working unit to have a remote-server's ssh on localhost:10024
>> "RestartSec=60" because so it survives reboots of the forwarded machine with auto reconnect
>> [Unit]
>> Description=SSH-Forwarding
>> After=network.service openvpn.service
>> [Service]
>> Type=simple
>> ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_rsa gateway at target-host -N -C -L127.0.0.1:10024:
>> Restart=always
>> RestartSec=60
>> TimeoutSec=30
>> [Install]
>> WantedBy=multi-user.target
> Thank you. But this is good for only one port, and I have over 20.

i have 6

> This is the reason I used oneshot, as you can have multiple ExecStarts. Of course it doesn't work.

i know, been there, done that

> But does this mean I have to have over 20 .services for my reverse tunnels?  
> They could all start in parallel, but is there no better way?

this is a *perfect* way and the only one "Restart=always" can work relieable
no matter how many of them, build one, test it carefully and copy it as often
as need with the minimal change of port/host, that's hardly more work than
a unrelieable wrapper script

with the small script below i see the status of all forwarding-services
including all ssh processes with their params and the last restart-time

what more does someone need to manage this out-of-the-box?

cat /usr/local/bin/forwardings.sh
if [ "$1" == "" ]; then


/usr/bin/systemctl $ACTION forward-host1.service forward-host2.service...................

> Would they wake from sleep? Would they auto-restart if a broken pipe?

anything which let die the "ssh" process results in restart

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130705/f1cd7bc5/attachment.pgp>

More information about the systemd-devel mailing list