/RSTunnel-Reverse

A continuation of Reliable SSH Tunnel, to set up and maintain persistent SSH (reverse) tunnels

Primary LanguageShellMIT LicenseMIT

RSTunnel

A continuation of Reliable SSH Tunnel, without needing the autossh binary.

RSTunnel (Reliable SSH Tunnel) is a set of pure shell scripts (/bin/sh compatible) that maintain a secure tunnel from a client to a server.

Why would you need a reverse tunnel?

RSTunnel is useful for situations where you want to have SSH access to administer remote endpoints that are behind NAT. For example, if you deploy IP cameras or WiFi Access Points to customer premises and need the ability to connect back to them through an intermediate host without setting up port forwarding rules at your client site (or you do not have admin access to the firewall to do so).

Why a new project?

autossh will probably meet your needs just fine. However, it requires you to compile a binary for non-standard platforms (ARM, MIPS), on things like WiFi access points, IP cameras, etc. Getting a cross-compiling toolchain is non-trivial. Better to depend on built-in binaries.

The goal of this continuation of RSTunnel is to require nothing more than a shell, even a simplistic one like ash, and also, compatibility with the dropbear SSH client.

Usage

$ ./rstunnel --help
Usage: rstunnel [OPTION]
RSTunnel (Reliable SSH Tunnel) maintains a secure tunnel between two
hosts. By default, will start the tunnel and fork into the background.
can also start from cron, or in foreground daemon mode (and
also from cron)

  -e, --email     Turn on the e-mail feature. If the tunnel goes down, an e-mail
                  will be sent to the address figured. Be sure to add the template
                  file 'mail.message' exists in the directory where rstunnel resides
                  . This is the source of the mail message. Useful when rstunnel is
                  running from a cron job or in the background using '-d' option
  -v, -vv, --verbose
                  '-v' is VERBOSE output, ' is VERBOSE output, '-vv' is DEBUG
                  output. It is not reccomended that you run in DEBUG mode when
                  running in cron as there is quite a lot of output
  -s, --status    List active tunnels matching config
  -k, --kill      Kill an existing tunnel(s) matching config
  -d, --daemon    Daemonize, run in a constant watch loop in foreground
  -?, -h, --help  This help message

FAQ

Exited: String too long

>> Attempting to start tunnel

/usr/bin/ssh: Exited: String too long
running tunnel: 1, exiting!

This is because the provided private SSH key is likely in openssh format and needs to be converted to PEM, then dropbear format using dropbearconvert.

$ ssh-keygen -m PEM -p -f /root/.ssh/id_rsa > /root/.ssh/id_rsa_pem
$ dropbearconvert openssh dropbear /root/.ssh/id_rsa_pem /root/.ssh/id_rsa_dropbear
Key is a ssh-rsa key
Wrote key to '/root/.ssh/id_rsa_dropbear'