Autossh

Autossh monitors a ssh connection and reconnects the ssh-session if the connection fails.

To automatically log in you need to use an authentication key.

The package, slightly outdated, can be found in the 'oldpackages' feed.

Alternative packages:

sshtunnel is a simpler, functionally-identical package.

Use Case

  • You want to forward a local port (e.g. the webserver/ssh) to a remote server.
  • If your client running OpenWrt is behind a NAT, this allows to connect to a server that is not behind a NAT and create a reverse tunnel to the local ssh server.

Installation

  1. Install autossh 
    opkg install autossh
  2. Create a key 
    dropbearkey -t rsa -f /etc/dropbear/id_rsa
    • On LEDE 17.01.x use 
      dropbearkey -t rsa -f /root/.ssh/id_dropbear
  3. dropbearkey will print the public key, starting with ssh-rsa.
    • You can reprint the key using 
      dropbearkey -y -f /etc/dropbear/id_rsa
    • or you can write it to a file (e.g. /tmp/pubkey) 
      dropbearkey -y -f /etc/dropbear/id_rsa | grep ssh-rsa > /tmp/pubkey
  4. Add the key to the authorized_keys file on your server, e.g. copy pubkey file to the server and do 
    cat pubkey >> ~/.ssh/authorized_keys

Configuration

Autossh is configured using the Unified Configuration Interface (/etc/config/autossh).

A typical configuration is as follows: 

config autossh
        option ssh      '-i /root/.ssh/dropbear -N -T -R 2222:192.168.1.1:22 remote_host_user_name@remote_host'
        option gatetime '0'
        option monitorport      '20000'
        option poll     '100'
        option enabled  '1'

You need to replace /root/.ssh/dropbear with your key generated by dropbear.

Run as Service

Autossh is often used as reverse proxy. It's probably because your ISP does not give you a public address or your router firewall policies. To make autossh run even when router restarts, your need to set up a service.

In /etc/init.d/autossh, most content of the files has been generated when you first install autossh. But you need add a line procd_set_param env HOME=“/root” in start_instance() or the the service will NOT work when the router reboots. This is a known bug not fixed yet. https://github.com/openwrt/packages/issues/5559 

      start_instance() {
              local section="$1"
      
              config_get ssh "$section" 'ssh'
              config_get gatetime "$section" 'gatetime'
              config_get monitorport "$section" 'monitorport'
              config_get poll "$section" 'poll'
              config_get_bool enabled "$section" 'enabled' '1'
              
              [ "$enabled" = 1 ] || exit 0
              
              procd_open_instance
              procd_set_param command /usr/sbin/autossh -M ${monitorport:-20000} ${ssh}
              procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
              procd_set_param env AUTOSSH_GATETIME="${gatetime:-30}" 
              procd_set_param env AUTOSSH_POLL="${poll:-600}"
              procd_set_param env HOME="/root"
              procd_close_instance

For the first time you connect, you need to make sure that the server is in the trusted-host list, otherwise autossh will restart in a loop. 

user.info autossh[17709]: starting ssh (count 10)
user.info autossh[17709]: ssh child pid is 17742
user.info autossh[17709]: ssh exited with error status 1; restarting ssh

Just run an ssh -p port user@host and accept. Now you can enable the service by /etc/init.d/autossh enable and enjoy it.

Fixes

To get ssh working you need to replace localhost in 2222:localhost:22 of the ssh variable to the local ip.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/11/30 22:27
  • by stokito