Test · Evan

Test.

Installation

These commands are all run on the Raspberry Pi. This assumes its already set up for DHCP.


apt-get install autossh


ssh-keygen


ssh-copy-id user@myremotebox

Bash script

I use autossh to keep the tunnel up. Once it’s established I can ssh into myremotebox and run ssh -p 9091 pi@localhost in order to access my Pi via the reverse tunnel.


$ cat tun.sh
#!/bin/bash
sleep 30
/usr/bin/autossh -M 9090 -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -N -R 9091:localhost:22 user@myremotebox

Rc.local

I want to execute the script as my pi user. So I will add the following to the /etc/rc.local file. I added a sleep timer so Networking is available before this attempts to execute.


/bin/su - pi bash -c ‘/home/pi/tun.sh’

SSH

Before I attempt to access it. I generally make sure the port is open first. These commands are executed on myremotebox.


$ netstat -ano | grep 9091
tcp        0      0 0.0.0.0:9091            0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp6       0      0 :::9091                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 ::1:57892               ::1:9091                TIME_WAIT   timewait (53.28/0/0)


$ ssh -p 9091 pi@localhost
pi@localhost's password:
Linux raspberrypi 4.14.50+ #1122 Tue Jun 19 12:21:21 BST 2018 armv6l

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 25 16:22:33 2018 from ::1
pi@raspberrypi:~ $

FIN

My tunnle is up and will re-launch on a reboot or power blip. I can test to my hearts content.

FIN retry 2

So I realized after testing this that the rc.local method will not work. If there is no firewall rule on the server end the pi will time-out and never retry :(. So I opted to stick this in the crontab and it works now after a power outage or network loss as it will constantly retry the connection.


* * * * * su pi -c “/usr/bin/autossh -M 9090 -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -N -R 9091:localhost:22 user@myremotebox

PUBLISHED

I was also lucky enough to have this published in 2600’s Volume Thirty-Five Number Four (Winter 2018-2019) on page 12. Printed under my alias of course. Check it out.