Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
deb10:raspi [2021/04/27 18:22] – [Install AutoSSH] Bernard Condraudeb10:raspi [2026/03/02 14:44] (current) – [Raspian 10] Bernard Condrau
Line 1: Line 1:
-====== Raspian 10 ======+====== Raspian 10 (buster) ======
  
 ===== Prepare SD card ===== ===== Prepare SD card =====
-  * Download and install the [[https://www.raspberrypi.org/software/|RaspBerry Pi Imager]]+  * Download and install the [[https://www.raspberrypi.org/software/|Raspberry Pi Imager]]
   * Copy "RaspBerryPi OS Lite" to the SD card   * Copy "RaspBerryPi OS Lite" to the SD card
  
Line 15: Line 15:
  
 ===== Install AutoSSH ===== ===== Install AutoSSH =====
-Install AutoSSH on a **remote_host** to connect to my main server (**local_host**to allow connections from **any_host** (either at the local location, or at any other remote location) back to the remote host.+Install AutoSSH on a **remote_host** to connect to **local_host** to allow connections from this **local_host** or **any_host** from any (otherlocation.
  
-==== Remote location ==== +==== Setup remote_host ==== 
-  - Verify: SSH from **remote_host** to **local_host**:<ssh_port_local_host> with key pair authentication and establish tunnel, requires <ssh_port_local_host> to be open on local location:<code>remote_host$ ssh -R <port_to_access_remote_from_local>:localhost:22 user@<domain_name_of_local_host> -p <ssh_port_local_host></code>+  - Verify access from local_host and any_host: SSH from **remote_host** to **local_host**:<ssh_port_local_host> with key pair authentication and establish tunnel, requires <ssh_port_local_host> to be open on local location:<code>remote_host$ ssh -R <port_to_access_remote_from_local>:localhost:22 user@<domain_name_of_local_host> -p <ssh_port_local_host></code> 
 +  - Once confirmed, create file //autossh-tunnel.service// in /etc/systemd/system/:<code>[Unit] 
 +Description=AutoSSH tunnel service Remote port <port_to_access_remote_from_local> to local 22 
 +After=network.target
  
-==== Local location ==== +[Service] 
-  Verify: SSH from **local_host** to **remote_host** through tunnel at <port_to_access_remote_from_local><code>local_host$ ssh pi@localhost -p <port_to_access_remote_from_local></code>+Environment="AUTOSSH_GATETIME=0" 
 +ExecStart=/usr/bin/autossh -o "ServerAliveInterval 10" -o "ServerAliveCountMax 3" -N -R <port_to_access_remote_from_local>:localhost:22 user@<domain_name_of_local_host> -p <ssh_port_local_host-i /home/pi/.ssh/id_ecdsa
  
-==== Any location ==== +[Install] 
-  - Verify: SSH to **local_host** and establish tunnel from (any_host) <port_to_access_remote_from_local> to (local_host) <port_to_access_remote_from_local> +WantedBy=multi-user.target</code>We need to tell SSH the identity file as systemd will run as root. The environment variable is added so the autossh service can run in the background. 
-  - Verify: SSH to (any_host) localhost <port_to_access_remote_from_local>+  - Once we have the service file created start the service and enable it to run at boot:<code>remote_host$ sudo systemctl daemon-reload 
 +remote_host$ sudo systemctl start autossh-tunnel.service 
 +remote_host$ sudo systemctl enable autossh-tunnel.service</code> 
 +  - Trouble shoot:<code>sudo journalctl -u autossh-tunnel.service [-b]</code> 
 +==== Connect from local_host ==== 
 +  - SSH from **local_host** to **remote_host** through tunnel at <port_to_access_remote_from_local><code>local_host$ ssh pi@localhost -p <port_to_access_remote_from_local></code>
  
 +==== Connect from any_host ====
 +  - SSH to **local_host** and establish tunnel from (any_host) <port_to_access_remote_from_local> to localhost:<port_to_access_remote_from_local>
 +  - SSH from any_host to localhost:<port_to_access_remote_from_local>
 +
 +==== Connect to other services at remote location ====
 +Connections from any location cannot tunnel to other services on the remote network directly. Instead, we can open a (temporary) tunnel to any host on the remote network and add a tunnel to the same port to the connection from any_host to local_host.
 +  - Login to remote_host, then establish an additional tunnel:<code>remote_host$ ssh -R <port_to_access_additional_service>:host_on_remote_network:<port_to_additional_service> user@<domain_name_of_local_host> -p <ssh_port_local_host></code>
 +  - SSH to **local_host** and establish tunnel from (any_host) <port_to_access_additional_service> to localhost:<port_to_access_additional_service>
 +  - Connect from any_host to localhost:<port_to_access_additional_service>
 +  - Example: to access a https website on remote host 192.168.1.1, host_on_remote_network=192.168.1.1, <port_to_access_additional_service>=50443, <port_to_additional_service>=443
 ==== Links ==== ==== Links ====
   * [[https://handyman.dulare.com/ssh-tunneling-with-autossh/|SSH tunneling with Autossh]]   * [[https://handyman.dulare.com/ssh-tunneling-with-autossh/|SSH tunneling with Autossh]]

Know How

© 2007-2026 Bernard Condrau - Powered by DokuWiki