Persistent SSH Tunnels in Kubuntu

(updated )

% Remco Bloemen % 2014-02-27, last updated 2014-05-07

Install OpenSSH

Kubuntu doesn’t come with SSH pre-installed. This is odd for a Linux distribution, since even some of the more minimalist ones come with SSH out of the box. In fact, Ubuntu is the first one I’ve seen that doesn’t.

I can understand it though, Ubuntu is aimed at novices, and SSH is somewhat advanced usage of Linux. It can also leave your system vulnerable if you pick weak passphrases.

The procedure of installing OpenSSH is as simple as

	apt-get install openssh-server openssh-client

but see the next section.

Install SSH with HPN patches

(From http://spoutcraft.org/threads/blazing-fast-sftp-ssh-transfer.7682/)

(See http://www.psc.edu/index.php/hpn-ssh)

By default Ubuntu does not use the HPN patches in its distribution. The fault is really with the OpenSSH developers, who should "merge the patches already"!

	sudo apt-get install python-software-properties
	sudo add-apt-repository ppa:w-rouesnel/openssh-hpn
	sudo apt-get update -y
	sudo apt-get install openssh-server openssh-client

/etc/ssh/sshd_config

	HPNDisabled no
	TcpRcvBufPoll yes
	HPNBufferSize 8192
	NoneEnabled no

Disallowing password based logins

(From: https://help.ubuntu.com/community/SSH/OpenSSH/Configuring)

/etc/ssh/sshd_config

	PasswordAuthentication no

	sudo restart ssh

NATs and SSH tunnels

/etc/ssh/sshd_config

	GatewayPorts yes

Configuring the remote machine

	sudo useradd -r autossh -m -N
	sudo mkdir /home/autossh/.ssh
	sudo nano /home/autossh/.ssh/authorized_keys
	sudo chown autossh:users -R /home/autossh

Configuring the local machine

	sudo useradd -r autossh -m -N
	sudo mkdir /home/autossh/.ssh
	sudo ssh-keygen -b 384 -t ecdsa -f /home/autossh/.ssh/id_ecdsa -N ""
	sudo chown autossh:users -R /home/autossh

test:

	sudo su autossh
	ssh -NnT -R *:2201:localhost:22 $REMOTE

	netstat -lan | grep 2201

	tcp        0      0 0.0.0.0:2201            0.0.0.0:*               LISTEN
	tcp6       0      0 :::2201                 :::*                    LISTEN

Now from any machine

	ssh -p 2201 $REMOTE

AutoSSH

(See http://www.harding.motd.ca/autossh/)

	sudo apt-get install autossh

AutoSSH daemon

description "autossh tunnel"

start on runlevel [2345]
stop on runlevel [!2345]

respawn
respawn limit 5 60

exec autossh -M 0 -N -R *:2201:127.0.0.1:22 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "BatchMode=yes" -i /home/autossh/.ssh/id_ecdsa autossh@149.210.213.161

[Unit]
Description=Autossh tunnel

[Service]
Type=simple
ExecStart=/usr/bin/autossh -M 0 -N -R *:2201:127.0.0.1:22 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "BatchMode=yes" -i /home/autossh/.ssh/id_ecdsa autossh@149.210.213.161

[Install]
WantedBy=multi-user.target

Remco Bloemen
Math & Engineering
https://2π.com