Saturday, October 10, 2015

AutoSSH

At times VPN can be such a monstrosity its not worth the overhead it ensues.   I just need the comforting beacon of a command prompt and always there when you need it; SSH.  The following are the steps I've taken to create a tranquil state of pragmatism.

Step 1: Create an account on the remote-host to be used to SSH with instead of root

# adduser [username]
Adding user `[username]' ...
Adding new group `[username]' (1000) ...
Adding new user `[username]' (1000) with group `[username]' ...
Creating home directory `/home/[username]' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: [Enter a password]
Retype new UNIX password: [Re-enter the same password]
passwd: password updated successfully
Changing the user information for [username]
Enter the new value, or press ENTER for the default
 Full Name []: [Press enter key]
 Room Number []: [Press enter key]
 Work Phone []: [Press enter key]
 Home Phone []: [Press enter key]
 Other []: [Press enter key]
Is the information correct? [Y/n]:[Press enter key]

Step 2: Add the user into the sudo group on the remote-host

# usermod -aG sudo [username]

Step 3: If applicable, create public and private keys using ssh-keygen on the local-host

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/to/[username]/.ssh/id_rsa):[Press enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /to/[username]/.ssh/id_rsa.
Your public key has been saved in /to/[username]/.ssh/id_rsa.pub.
The key fingerprint is:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff root@local-host

Step 4: If applicable, install openssh-server, openssh-client and autossh on the local-host and remote-host

# apt-get install openssh-client openssh-server autossh

Step 5: Copy the public key to remote-host using ssh-copy-id

# ssh-copy-id [username]@[remote-host]

Step 6: Setup (test) reverse listener on the local-host

# ssh -R 4444:localhost:22 [username]@[remote-host] -i /to/[username]/.ssh/id_rsa

Step 7: Verify local-host is listening

# lsof -i -n -P | grep -i "listen"
sshd    19780        [username]    8u  IPv6  43920      0t0  TCP [::1]:4444 (LISTEN)
sshd    19780        [username]    9u  IPv4  43921      0t0  TCP 127.0.0.1:4444 (LISTEN)

Step 8: From the remote-host ssh into the localhost

# ssh [username]@127.0.0.1 -p 4444
The authenticity of host '[127.0.0.1]:4444 ([127.0.0.1]:4444)' can't be established.
ECDSA key fingerprint is SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:4444' (ECDSA) to the list of known hosts.
Password: [local-host's Password]
Last login: Mon Jan 1 00:00:01 1979
local-host:~ [username]$

NOTE: You might need to either repeat step 5 OR simply reboot

Step 9: Setup autossh

# autossh -f -M 4444 -N -R [remote-host]:4444:localhost:22 [remote-host]







Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)