21

Is there any way to start autossh on startup, so that it starts and sets up the ssh tunnel before a user has even logged in? I boot Ubuntu to terminal, and I'd like that the autossh process starts automatically on startup so I can ssh in.

I've tried adding the command to /etc/rc.local, as well as to create a /etc/init/*.conf script. None of these seems to work.

George Udosen
  • 36,677
ptf
  • 333

2 Answers2

31

Using systemd this can be done (sample autossh created for mysql access):

  1. Create a systemd file using nano or vim or appropriate editor of choice:

    sudo vim /etc/systemd/system/autossh-mysql-tunnel.service

  2. Add the following contents:

    [Unit]
Description=AutoSSH tunnel service everythingcli MySQL on local port 5000
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NL 5000:localhost:3306 cytopia@everythingcli.org -p 1022

[Install]
WantedBy=multi-user.target

  3. Reload systemd:

    sudo systemctl daemon-reload

  4. Start the Autossh service:

    sudo systemctl start autossh-mysql-tunnel.service

  5. Enable at boot:

    sudo systemctl enable autossh-mysql-tunnel.service

  6. Check status with:

    sudo systemctl status autossh-mysql-tunnel

Note

There is however an important thing to note about systemd and AutoSSH: -f (background usage) already implies AUTOSSH_GATETIME=0, however -f is not supported by systemd.

So in the case of systemd you need to make use of AUTOSSH_GATETIME

Source

Pablo Bianchi
  • 15,657
George Udosen
  • 36,677
  • Thanks! I'm trying this, but when I run sudo service reverse-ssh-tunnel.service status, I get Loaded: not-found (Reason: No such file or directory). Researching this now :) – ptf Aug 19 '17 at 19:12
  • please do sudo systemctl status reverse-ssh-tunnel not sudo service reverse-ssh-tunnel.service status – George Udosen Aug 19 '17 at 19:16
  • Can I specify the SSL private key needed to authenticate with the other machine? – ptf Aug 19 '17 at 19:32
  • 3
    I believe you mean autossh -i /home/<user>/.ssh/id_rsa -R 22222:localhost:22 <user>@<remote_host> – George Udosen Aug 19 '17 at 20:01
  • 4
    I needed to add -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no as well. Maybe I just need one of them, haven't tested them individually. Found this here: https://stackoverflow.com/a/24689061/1211119. However, when I'm looking at the tty1 login screen (I boot to the terminal), the service hasn't yet created the tunnel. If I log in, the service starts. – ptf Aug 19 '17 at 20:25
  • Great answer. @ptf, thanks for commenting with the additional flags. Without those I was getting a 255 return value from ssh. Did you resolve the issue that the tunnel only initiates when you log in? – Gabriel Nov 20 '17 at 10:55
  • @Gabriel Hmm, I don't think so. I think I haven't look to much more at it. – ptf Nov 20 '17 at 15:53
  • 2
    Sometimes you want to run under a different user context. To do this: Add User=username to the [Service] section in the systemd file. – friederbluemle Aug 23 '18 at 14:24
  • Why the "-M 0" is needed? – gl00ten Feb 05 '19 at 15:48
  • This is the only one which is working for my raspberry pi project among all samples I read. However, after 2 days no activity, the connection is closed. When I view it with teamviewer the pi device is still online actually. Can you figure out why and what need to be fiixed here? – Al Kasih May 31 '19 at 04:32
  • @ptf don't add both -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no, add only -o StrictHostKeyChecking=accept-new. Not redundant and more secure. – haelix May 13 '21 at 18:28
0

I added a -N to the command to get this to work. -N tells autossh to connect and do nothing. Without it my ssh session was logging in then immediately exiting. I also set it up to use a local user along with a .ssh/config file (/home/myuser/.ssh/config) which contains my tunnel rules.

# cat /etc/systemd/system/autossh.service

[Unit]
Description=AutoSSH service
After=network.target

[Service]
Environment=&quot;AUTOSSH_GATETIME=0&quot;
User=myuser
Group=myuser
ExecStart=/usr/bin/autossh -N -M 0 -o &quot;ServerAliveInterval 30&quot; -o &quot;ServerAliveCountMax 3&quot; -i /home/myuser/.ssh/id_ecdsa_np remoteid@remote
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
Greenonline
  • 2,081
bonzo
  • 1