User Tools

Site Tools


docs:guide-user:services:ssh:autossh

Autossh

Autossh monitors a ssh connection and reconnects the ssh-session if the connection fails.

To automatically log in you need to use an authentication key.

The package, slightly outdated, can be found in the 'oldpackages' feed.

Alternative packages:

sshtunnel is a simpler, functionally-identical package. (depends on OpenSSH so higher disk space requirements)

Use Case

  • You want to forward a local port (e.g. the webserver/ssh) to a remote server.
  • If your client running OpenWrt is behind a NAT, this allows to connect to a server that is not behind a NAT and create a reverse tunnel to the local ssh server.

Installation

  1. Install autossh
    opkg install autossh
  2. Create a key
    dropbearkey -t rsa -f /etc/dropbear/id_rsa
    • On LEDE 17.01.x use
      dropbearkey -t rsa -f /root/.ssh/id_dropbear
  3. dropbearkey will print the public key, starting with ssh-rsa.
    • You can reprint the key using
      dropbearkey -y -f /etc/dropbear/id_rsa
    • or you can write it to a file (e.g. /tmp/pubkey)
      dropbearkey -y -f /etc/dropbear/id_rsa | grep ssh-rsa > /tmp/pubkey
  4. Add the key to the authorized_keys file on your server, e.g. copy pubkey file to the server and do
    cat pubkey >> ~/.ssh/authorized_keys

Configuration

Autossh is configured using the Unified Configuration Interface (/etc/config/autossh).

A typical confiugration is as follows:

config autossh
        option ssh      '-i /root/.ssh/dropbear -N -T -R remote_port:localhost:22 your_romote_host_user_name@your_remote_host'
        option gatetime '0'
        option monitorport      '20000'
        option poll     '100'
        option enabled  '1'

You need to eplace /root/.ssh/dropbear with your key generated by dropbear.

Run as Service

Autossh is ofen used as reverse proxy. It's probably because your ISP does not give you a publlic address or your router firewall policies. To make autossh run even when router restats, your need to set up a service.

In /etc/init.d/autossh, most content of the files has been generated when you first install autossh. But you need add a line export HOME=/root in start_instance() or the the service will NOT work when the router reboots. This is a known bug not fixed yet. https://github.com/openwrt/packages/issues/5559

      local section="$1"
      config_get ssh "$section" 'ssh'
      config_get gatetime "$section" 'gatetime'
      config_get monitorport "$section" 'monitorport'
      config_get poll "$section" 'poll'
      config_get_bool enabled "$section" 'enabled' '1'
      [ "$enabled" = 1 ] || exit 0
      export HOME=/root
      export AUTOSSH_GATETIME="${gatetime:-30}"
      export AUTOSSH_POLL="${poll:-600}"
      export AUTOSSH_DEBUG=1
      service_start /usr/sbin/autossh -M ${monitorport:-20000} -f ${ssh}

Now you can enable the service by /etc/init,d/autossh enable and enjoy it.

Fixes

To get ssh working you need to replace localhost in 2222:localhost:22 of the ssh variable to the local ip.

docs/guide-user/services/ssh/autossh.txt · Last modified: 2018/08/18 04:19 by antiver