Server:
Setup user with key based authentication:
useradd -s /bin/false myuser mkdir /home/myuser/.ssh touch /home/myuser/.ssh/authorized_keys chown -R myuser:myuser /home/myuser/.ssh chmod 755 /home/myuser/.ssh chmod 600 /home/myuser/.ssh/authorized_keys
Client side:
Install rpmforge repo and autossh.
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm or wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm sed -i "s/enabled = 1/enabled = 0/" /etc/yum.repos.d/rpmforge.repo yum -y install --enablerepo=rpmforge autossh ssh-keygen -t rsa
Set up an RSA key pair as root on each client, leaving all questions blank:
ssh-keygen -t rsa root@local# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/root/.ssh/id_rsa. Your public key has been saved in /var/root/.ssh/id_rsa.pub. The key fingerprint is: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX root@myhost.local
Now scp this to your server:
scp -P 22 /root/.ssh/id_rsa.pub root@myserver.com:/tmp/myuser.local_rsa.pub
On Server: Add to your authorized_keys.
cat /tmp/myuser.local_rsa.pub >> /home/myuser/.ssh/authorized_keys
Client side:
create /etc/init.d/startautossh on client with contents below. //This example nables connection to server MySQL port 3306 on localhost port 3307.
# pidfile: /var/run/autossh.pid
# @since 2012-02-22 15:31:47
# @author Roderick Derks
# Source function library
. /etc/init.d/functions
prog="autossh"
autossh="/usr/bin/autossh"
RETVAL=0
AUTOSSH_PIDFILE=/var/run/autossh.pid
# Tunnel configuration
LOCAL_PORT_LISTEN=3307
REMOTE_DESTINATION_PORT=3306
USER=myuser
REMOTE_DESTINATION_IP=yourserver.com
REMOTE_SSH_SERVER_PORT=22
start() {
echo -n $"Starting $prog: "
if [ ! -e $AUTOSSH_PIDFILE ]; then
AUTOSSH_PIDFILE=$AUTOSSH_PIDFILE;export AUTOSSH_PIDFILE
autossh -M 0 -q -f -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L $LOCAL_PORT_LISTEN:localhost:$REMOTE_DESTINATION_PORT -p $REMOTE_SSH_SERVER_PORT $USER@$REMOTE_DESTINATION_IP
RETVAL=$?
else
RETVAL=1
echo_failure
echo pid file still exists $AUTOSSH_PIDFILE
fi
echo
[ $RETVAL -eq 0 ] touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $autossh
RETVAL=$?
echo
[ $RETVAL -eq 0 ] rm -f /var/lock/subsys/$prog rm -f $AUTOSSH_PIDFILE
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status $autossh
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
esac
RETVAL=1
Client side: (make script executeable):
chmod +x /etc/init.d/startautossh
References:
http://www.r71.nl/kb/technical/348-autossh-init-script
http://tychoish.com/rhizome/persistent-ssh-tunels-with-autossh/
http://chxo.com/be2/20040511_5667.html