Starting and keep running reboot persistent autossh on unix-like systems without root rights

Basic scenario

There are systems:

  • – which can’t be accessed from the public internet. E.g. behind ipv4 NAT and DMZ isn’t an option.
  • – which shouldn’t be access directly from the public internet. So firewal or other access control not suitable.

Solution

I wrote a simple shell script securing continuous running of autossh on unix-like systems.
The script is started by cron in every minutes, so no root rights is required. Allowed cron is necessary for your local user. I didn’t used @reboot because this crontab directive isn’t implemented on many Unix systems.
Autossh secures monitored ssh connection which opens a reversed ssh tunnel. If the connection losts it will be restarted by autossh.

The sshd is listening on the 22022 local port ot the host “sage”. So the my systems can be accessed only via local account of server “sage” which can be accessed from everywhere on the net.

The script

#!/bin/bash
#set -x

HOST=”sage”

AUTOSSH_PATH=”/usr/bin/ssh”
export AUTOSSH_PATH

AUTOSSH_PIDFILE=”/home/miam/bin/autossh.pid”
export AUTOSSH_PIDFILE

PIDFILE=”$AUTOSSH_PIDFILE”
AUTOSSH_CMD=”/usr/bin/autossh”

call_autossh ()
{
“$AUTOSSH_CMD” -M 22023 -N -R 22022:localhost:22 -f “$HOST”
}

self_check ()
{
if [ -f “$PIDFILE” ]; then
PID=`cat “$PIDFILE”`
kill -0 $PID
if [ $? -eq 1 ]; then
return 1
else
return 0
fi
else
return 1
fi
}

self_check
if [ $? -eq 1 ]; then
call_autossh
fi

The crontab entry

* * * * * /home/miam/bin/autossh.sh >> /home/miam/bin/autossh.log 2>&1

The repo

The code can be cloned from github:
https://github.com/miam/keeprun/tree/v0.1

1 thought on “Starting and keep running reboot persistent autossh on unix-like systems without root rights”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s