Autossh
Autossh monitors a ssh connection and reconnects the ssh-session if the connection fails.
To automatically log in you need to use an authentication key.
The package, slightly outdated, can be found in the 'oldpackages' feed.
Alternative packages:
sshtunnel is a simpler, functionally-identical package.
Use Case
- You want to forward a local port (e.g. the webserver/ssh) to a remote server.
- If your client running OpenWrt is behind a NAT, this allows to connect to a server that is not behind a NAT and create a reverse tunnel to the local ssh server.
Installation
- Install autossh
opkg install autossh
- Create a key
dropbearkey -t rsa -f /etc/dropbear/id_rsa
- On LEDE 17.01.x use
dropbearkey -t rsa -f /root/.ssh/id_dropbear
dropbearkey
will print the public key, starting withssh-rsa
.- You can reprint the key using
dropbearkey -y -f /etc/dropbear/id_rsa
- or you can write it to a file (e.g.
/tmp/pubkey
)dropbearkey -y -f /etc/dropbear/id_rsa | grep ssh-rsa > /tmp/pubkey
- Add the key to the
authorized_keys
file on your server, e.g. copy pubkey file to the server and docat pubkey >> ~/.ssh/authorized_keys
Configuration
Autossh is configured using the Unified Configuration Interface (/etc/config/autossh
).
A typical configuration is as follows:
config autossh option ssh '-i /root/.ssh/dropbear -N -T -R 2222:192.168.1.1:22 remote_host_user_name@remote_host' option gatetime '0' option monitorport '20000' option poll '100' option enabled '1'
You need to replace /root/.ssh/dropbear
with your key generated by dropbear.
Run as Service
Autossh is often used as reverse proxy. It's probably because your ISP does not give you a public address or your router firewall policies. To make autossh run even when router restarts, your need to set up a service.
In /etc/init.d/autossh
, most content of the files has been generated when you first install autossh. But you need add a line procd_set_param env HOME=“/root”
in start_instance()
or the the service will NOT work when the router reboots. This is a known bug not fixed yet. https://github.com/openwrt/packages/issues/5559
start_instance() { local section="$1" config_get ssh "$section" 'ssh' config_get gatetime "$section" 'gatetime' config_get monitorport "$section" 'monitorport' config_get poll "$section" 'poll' config_get_bool enabled "$section" 'enabled' '1' [ "$enabled" = 1 ] || exit 0 procd_open_instance procd_set_param command /usr/sbin/autossh -M ${monitorport:-20000} ${ssh} procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} procd_set_param env AUTOSSH_GATETIME="${gatetime:-30}" procd_set_param env AUTOSSH_POLL="${poll:-600}" procd_set_param env HOME="/root" procd_close_instance
For the first time you connect, you need to make sure that the server is in the trusted-host list, otherwise autossh will restart in a loop.
user.info autossh[17709]: starting ssh (count 10) user.info autossh[17709]: ssh child pid is 17742 user.info autossh[17709]: ssh exited with error status 1; restarting ssh
Just run an ssh -p port user@host
and accept.
Now you can enable the service by /etc/init.d/autossh enable
and enjoy it.
Fixes
To get ssh working you need to replace localhost
in 2222:localhost:22
of the ssh
variable to the local ip.