Install autossh in debian
aptitude install autossh
This will complete the installation. Usage:
autossh -M [port][:echo_port] [-f] [SSH OPTIONS]
-M [:echo_port], to specify the base monitoring port to use, or alternatively, to specify the monitoring port and echo service port to use.When no echo service port is specified, this port and the port
immediately above it (port# + 1) should be something nothing else is using. autossh will send test data on the base monitoring port, and receive it back on the port above. For example, if you
specify "-M 20000″, autossh will set up forwards so that it can send data on port 20000 and receive it back on 20001.
Alternatively a port for a remote echo service may be specified. This should be port 7 if you wish to use the standard inetd echo service. When an echo port is specified, only the specified monitor port is used, and it carries the monitor message in both directions.
Many people disable the echo service, or even disable inetd, so check that this service is available on the remote machine. Some operating systems allow one to specify that the
service only listen on the localhost (loopback interface), which would suffice for this use.
The echo service may also be something more complicated: perhaps a daemon that monitors a group of ssh tunnels.
-M 0 will turn the monitoring off, and autossh will only restart ssh on ssh exit.
For example, if you are using a recent version of OpenSSH, you may wish to explore using the ServerAliveInterval and ServerAliveCountMax options to have the SSH client exit if it finds itself no longer connected to the server. In many way sthis may be a better solution than the monitoring port.
-f Causes autossh to drop to the background before running ssh. The -f flag is stripped from arguments passed to ssh. Note that there is a crucial a difference between the -f with autossh, and -f with ssh: when used with autossh, ssh will be *unable* to ask for passwords or passphrases.
-V to have autossh display its version and exit.
Autossh example:
autossh -M 3122 -N -R 4022:localhost:22 remote_host
Explanation:
Forward port 4022 on remote_host (the remote machine) to port 22 on localhost (the local machine).
Use port 3122 and 3123 will be used for connection monitoring. Things to remember:
- If you need to create a tunnel on a local port with numbered lower than 1000, you’ll need to run the autossh command as root.
- SSH port forwarding only forwards traffic from a local port to a remote port, through an SSH connection. All traffic is transmitted over the wire on port 22. Unless you establish multiple tunnels, only traffic sent to the specific local port will be forwarded.
- Perhaps it’s obvious, but there has to be some service listening on the specified remote end of the tunnel, or else the tunnel won’t do anything.
- In a lot of ways, depending on your use case autossh, can obviate the need for much more complex VPN setups for a lot of deployments. Put an autossh command in an @reboot cronjob, with an account that has ssh keys generated, and just forget about it for encrypting things like database traffic and the like.
