There are many tutorials out there that already explain this. This is just a quick rundown of how I set up my Raspberry Pi B+ as a SSH server so I could tunnel into if it was behind a firewall.
Installation
These commands are all run on the Raspberry Pi. This assumes its already set up for DHCP.
apt-get install autossh
ssh-keygen
ssh-copy-id user@myremotebox
Bash script
I use autossh to keep the tunnel up. Once it’s established I can ssh into myremotebox and run ssh -p 9091 pi@localhost in order to access my Pi via the reverse tunnel.
$ cat tun.sh
#!/bin/bash
sleep 30
/usr/bin/autossh -M 9090 -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -N -R 9091:localhost:22 user@myremotebox
Rc.local
I want to execute the script as my pi user. So I will add the following to the /etc/rc.local file. I added a sleep timer so Networking is available before this attempts to execute.
/bin/su - pi bash -c ‘/home/pi/tun.sh’
SSH
Before I attempt to access it. I generally make sure the port is open first. These commands are executed on myremotebox.
$ netstat -ano | grep 9091
tcp 0 0 0.0.0.0:9091 0.0.0.0:* LISTEN off (0.00/0/0)
tcp6 0 0 :::9091 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:57892 ::1:9091 TIME_WAIT timewait (53.28/0/0)
$ ssh -p 9091 pi@localhost
pi@localhost's password:
Linux raspberrypi 4.14.50+ #1122 Tue Jun 19 12:21:21 BST 2018 armv6l
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 25 16:22:33 2018 from ::1
pi@raspberrypi:~ $
FIN
My tunnle is up and will re-launch on a reboot or power blip. I can test to my hearts content.
FIN retry 2
So I realized after testing this that the rc.local method will not work. If there is no firewall rule on the server end the pi will time-out and never retry :(. So I opted to stick this in the crontab and it works now after a power outage or network loss as it will constantly retry the connection.
* * * * * su pi -c “/usr/bin/autossh -M 9090 -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -N -R 9091:localhost:22 user@myremotebox
PUBLISHED
I was also lucky enough to have this published in 2600’s Volume Thirty-Five Number Four (Winter 2018-2019) on page 12. Printed under my alias of course. Check it out.