-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathssh-public-ip.service
40 lines (35 loc) · 1.12 KB
/
ssh-public-ip.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[Unit]
Requires=network.target
After=network.target
Description=SSH port forwarding to server with public IP
[Service]
ExecStart=ssh -o ExitOnForwardFailure=yes -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=/home/pi/.ssh/known_hosts -i /home/pi/.ssh/id_rsa -N -R 5565:localhost:22 [email protected]
RestartSec=10
Restart=always
[Install]
WantedBy=network.target
# ## best practice
# * remote ssh server could enable GatewayPorts yes
# ```
# Match Group port-forward
# GatewayPorts yes
# ```
#
# * remote host need to be in `.ssh/known_hosts` or use option specify,
# or ssh will prompt confirm because of **man in the middle**.
#
# * service should use its own key, and specify `command="nologin"`
# in `.ssh/authorized_keys` for security reason.
# :.,$!sed 's/^\#//' | sh
#
# port_local=22
# port_remote=5565
#
# echo ssh -o ExitOnForwardFailure=yes \
# -o ServerAliveInterval=10 \
# -o ServerAliveCountMax=1 \
# -o UserKnownHostsFile=/home/pi/.ssh/known_hosts \
# -i /home/pi/.ssh/id_rsa \
# -N -R $port_remote:localhost:$port_local $remote
#