Autossh

Autossh monitors a ssh connection and reconnects the ssh-session if the connection fails.

To automatically log in you need to use an authentication key.

The package, slightly outdated, can be found in the 'oldpackages' feed.

Alternative packages:

• https://github.com/hewenhao2008/autossh-openwrt
• https://github.com/aa65535/openwrt-autossh

sshtunnel is a simpler, functionally-identical package. (depends on OpenSSH so higher disk space requirements)

• You want to forward a local port (e.g. the webserver/ssh) to a remote server.
• If your client running OpenWrt is behind a NAT, this allows to connect to a server that is not behind a NAT and create a reverse tunnel to the local ssh server.

1. Install autossh

   opkg install autossh

2. Create a key

   dropbearkey -t rsa -f /etc/dropbear/id_rsa

   • On LEDE 17.01.x use

     dropbearkey -t rsa -f /root/.ssh/id_dropbear

3. dropbearkey will print the public key, starting with ssh-rsa.
   • You can reprint the key using

     dropbearkey -y -f /etc/dropbear/id_rsa

   • or you can write it to a file (e.g. /tmp/pubkey)

     dropbearkey -y -f /etc/dropbear/id_rsa | grep ssh-rsa > /tmp/pubkey

4. Add the key to the authorized_keys file on your server, e.g. copy pubkey file to the server and do

   cat pubkey >> ~/.ssh/authorized_keys

Autossh is configured using the Unified Configuration Interface (/etc/config/autossh).

A typical configuration is as follows:

config autossh
        option ssh      '-i /root/.ssh/dropbear -N -T -R 2222:192.168.1.1:22 remote_host_user_name@remote_host'
        option gatetime '0'
        option monitorport      '20000'
        option poll     '100'
        option enabled  '1'

You need to replace /root/.ssh/dropbear with your key generated by dropbear.

Autossh is often used as reverse proxy. It's probably because your ISP does not give you a public address or your router firewall policies. To make autossh run even when router restarts, your need to set up a service.

In /etc/init.d/autossh, most content of the files has been generated when you first install autossh. But you need add a line procd_set_param env HOME=“/root” in start_instance() or the the service will NOT work when the router reboots. This is a known bug not fixed yet. https://github.com/openwrt/packages/issues/5559

      start_instance() {
              local section="$1"
      
              config_get ssh "$section" 'ssh'
              config_get gatetime "$section" 'gatetime'
              config_get monitorport "$section" 'monitorport'
              config_get poll "$section" 'poll'
              config_get_bool enabled "$section" 'enabled' '1'
              
              [ "$enabled" = 1 ] || exit 0
              
              procd_open_instance
              procd_set_param command /usr/sbin/autossh -M ${monitorport:-20000} ${ssh}
              procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
              procd_set_param env AUTOSSH_GATETIME="${gatetime:-30}" 
              procd_set_param env AUTOSSH_POLL="${poll:-600}"
              procd_set_param env HOME="/root"
              procd_close_instance

For the first time you connect, you need to make sure that the server is in the trusted-host list, otherwise autossh will restart in a loop.

user.info autossh[17709]: starting ssh (count 10)
user.info autossh[17709]: ssh child pid is 17742
user.info autossh[17709]: ssh exited with error status 1; restarting ssh

Just run an ssh -p port user@host and accept. Now you can enable the service by /etc/init.d/autossh enable and enjoy it.

To get ssh working you need to replace localhost in 2222:localhost:22 of the ssh variable to the local ip.