Ssh – Monitoring an SSH tunnel

sshssh-tunnel

I have a requirement to have a users home workstation (mac) connect via ssh tunnel to a corporate bastion host (bastion.corpnetexternal.com) and through to a mac workstation (host.corpnetinternal.com) in the corporate network. Here is the connection string:

ssh -N -f -L 2345:host.corpnetinternal.com:22 user@bastion.corpnetexternal.com

This is known to work, so no worries there.

The ssh tunnel needs to be automatically created and there must be monitoring ensure that it is functional end to end, and if not to be restarted.

Additionally, this functionality may not be dependent on or interrupted by a VPN tunnel that may or may not be present from the user remote workstation into the corporate network.

I would appreciate any suggestions. Please, no comments on the why of using ssh tunneling if a VPN is available. I have listed the requirements levied upon me.

Best Answer

AutoSSH does exactly what you need.

On MacOS, it can be installed through Homebrew with brew install autossh.

See the README for usage instructions, or here and here for some examples.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic