zhongzichang/00-Systemd_service_for_autossh.md

## 00-Systemd_service_for_autossh.md

      
    Raw
  

              00-Systemd_service_for_autossh.md
            
          
    Usage

# Setup the service
curl -sSL https://gist.githubusercontent.com/zhongzichang/e340bf66a7c65c2defabdf92193b7743/raw/autossh@.service | \
  sudo tee /etc/systemd/system/autossh@.service

sudo useradd -g nogroup -s /bin/false -m autossh
sudo -u autossh mkdir -p /home/autossh/.ssh  # and copy your private key here
sudo -u autossh ssh-keygen -t ed25519  # Generate a new private key

# For each host
curl -sSL https://gist.githubusercontent.com/zhongzichang/e340bf66a7c65c2defabdf92193b7743/raw/autossh@example | \
  sudo tee /etc/default/autossh@example
# Add the hostname and forwards to /etc/default/autossh@example
sudo vi /etc/default/autossh@example

sudo -u autossh ssh example.com  # just make sure to add your host to `known_hosts`
sudo -u autossh ssh-copy-id example.com # copy the autossh key to the remote host


# ready to go!
systemctl start autossh@example.service

systemctl status autossh@example.service
journalctl -fu autossh@example


## autossh@.service
[Unit]
Description=Keeps an ssh tunnel to %I open
After=network-online.target ssh.service

[Service]
User=autossh
# no monitoring
Environment="AUTOSSH_PORT=0"
# Disable gatetime behaviour
Environment="AUTOSSH_GATETIME=0"
Environment="SSH_IDENTITY_FILE=/home/autossh/.ssh/id_rsa"
Environment="SSH_USER=autossh"
EnvironmentFile=/etc/default/autossh@%i
RestartSec=3
Restart=always

# -NT Just open the connection and do nothing (not interactive, no tty alloc)
# use /usr/bin/ssh instead of autossh is good as well
ExecStart=/usr/bin/autossh -NT -o "ExitOnForwardFailure=yes" $SSH_OPTIONS -l ${SSH_USER} ${TARGET_HOST} $FORWARDS -i ${SSH_IDENTITY_FILE}
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

## autossh@example
# Options for autossh@example.service
# Place it at /etc/default

# Save all your credential/user/port related config in ~/.ssh/config is strongly recommanded
# Leave hostname here only
TARGET_HOST=exmaple.com

# -L LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
# can set multiple forwardings here
FORWARDS=-R 2223:127.0.0.1:22

# === Settings below for ADVANCED users only ===

SSH_OPTIONS=-o "ServerAliveInterval=10" -o "ServerAliveCountMax=3"
SSH_USER=autossh
AUTOSSH_PORT=0
AUTOSSH_GATETIME=0
SSH_IDENTITY_FILE=/home/autossh/.ssh/id_ed25519
	[Unit]
	Description=Keeps an ssh tunnel to %I open
	After=network-online.target ssh.service

	[Service]
	User=autossh
	# no monitoring
	Environment="AUTOSSH_PORT=0"
	# Disable gatetime behaviour
	Environment="AUTOSSH_GATETIME=0"
	Environment="SSH_IDENTITY_FILE=/home/autossh/.ssh/id_rsa"
	Environment="SSH_USER=autossh"
	EnvironmentFile=/etc/default/autossh@%i
	RestartSec=3
	Restart=always

	# -NT Just open the connection and do nothing (not interactive, no tty alloc)
	# use /usr/bin/ssh instead of autossh is good as well
	ExecStart=/usr/bin/autossh -NT -o "ExitOnForwardFailure=yes" $SSH_OPTIONS -l ${SSH_USER} ${TARGET_HOST} $FORWARDS -i ${SSH_IDENTITY_FILE}
	TimeoutStopSec=10

	[Install]
	WantedBy=multi-user.target
	# Options for autossh@example.service
	# Place it at /etc/default

	# Save all your credential/user/port related config in ~/.ssh/config is strongly recommanded
	# Leave hostname here only
	TARGET_HOST=exmaple.com

	# -L LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM
	# can set multiple forwardings here
	FORWARDS=-R 2223:127.0.0.1:22

	# === Settings below for ADVANCED users only ===

	SSH_OPTIONS=-o "ServerAliveInterval=10" -o "ServerAliveCountMax=3"
	SSH_USER=autossh
	AUTOSSH_PORT=0
	AUTOSSH_GATETIME=0
	SSH_IDENTITY_FILE=/home/autossh/.ssh/id_ed25519