User Tools

Site Tools


docs:guide-user:services:ssh:autossh

Autossh

Autossh monitors a ssh connection and reconnects the ssh-session if the connection fails.

To automatically log in you need to use an authentication key.

The package, slightly outdated, can be found in the 'oldpackages' feed.

Alternative packages:

sshtunnel is a simpler, functionally-identical package. (depends on OpenSSH so higher disk space requirements)

Use Case

  • You want to forward a local port (e.g. the webserver/ssh) to a remote server.
  • If your client running OpenWrt is behind a NAT, this allows to connect to a server that is not behind a NAT and create a reverse tunnel to the local ssh server.

Installation

  1. Install autossh
    opkg install autossh
  2. Create a key
    dropbearkey -t rsa -f /etc/dropbear/id_rsa
    • On LEDE 17.01.x use
      dropbearkey -t rsa -f /root/.ssh/id_dropbear
  3. dropbearkey will print the public key, starting with ssh-rsa.
    • You can reprint the key using
      dropbearkey -y -f /etc/dropbear/id_rsa
    • or you can write it to a file (e.g. /tmp/pubkey)
      dropbearkey -y -f /etc/dropbear/id_rsa | grep ssh-rsa > /tmp/pubkey
  4. Add the key to the authorized_keys file on your server, e.g. copy pubkey file to the server and do
    cat pubkey >> ~/.ssh/authorized_keys

Configuration

Autossh is configured using the Unified Configuration Interface (/etc/config/autossh).

A typical confiugration is as follows:

config autossh
        option ssh      '-i /root/.ssh/dropbear -N -T -R remote_port:localhost:22 your_romote_host_user_name@your_remote_host'
        option gatetime '0'
        option monitorport      '20000'
        option poll     '100'
        option enabled  '1'

You need to eplace /root/.ssh/dropbear with your key generated by dropbear.

Run as Service

Autossh is ofen used as reverse proxy. It's probably because your ISP does not give you a publlic address or your router firewall policies. To make autossh run even when router restats, your need to set up a service.

In /etc/init.d/autossh, most content of the files has been generated when you first install autossh. But you need add a line export HOME=/root in start_instance() or the the service will NOT work when the router reboots. This is a known bug not fixed yet. https://github.com/openwrt/packages/issues/5559

      local section="$1"
      config_get ssh "$section" 'ssh'
      config_get gatetime "$section" 'gatetime'
      config_get monitorport "$section" 'monitorport'
      config_get poll "$section" 'poll'
      config_get_bool enabled "$section" 'enabled' '1'
      [ "$enabled" = 1 ] || exit 0
      export HOME=/root
      export AUTOSSH_GATETIME="${gatetime:-30}"
      export AUTOSSH_POLL="${poll:-600}"
      export AUTOSSH_DEBUG=1
      service_start /usr/sbin/autossh -M ${monitorport:-20000} -f ${ssh}

Now you can enable the service by /etc/init,d/autossh enable and enjoy it.

Fixes

To get ssh working you need to replace localhost in 2222:localhost:22 of the ssh variable to the local ip.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/ssh/autossh.txt · Last modified: 2018/08/18 04:19 by antiver