logo
Back to home

Mastering SSH Tunneling with AutoSSH

O

Ohidur Rahman Bappy

MAR 22, 2025

Mastering SSH Tunneling with AutoSSH

Introduction

SSH tunneling is a powerful technique for secure network communication. When combined with AutoSSH, an auto-restarting SSH tool, it provides reliable, persistent tunnels. This guide will explore how to use AutoSSH effectively.

What is AutoSSH?

AutoSSH is a tool designed to maintain an SSH session by automatically restarting it if the connection fails, ensuring continuous data flow.

Installing AutoSSH

Here's how you can install AutoSSH on various systems using their respective package managers:

  • Debian/Ubuntu 
    $ sudo apt-get install autossh
  • CentOS/Fedora/RHEL 
    $ sudo yum install autossh
  • ArchLinux 
    $ sudo pacman -S autossh
  • FreeBSD 
    # pkg install autossh
    Alternatively, using ports: 
    # cd /usr/ports/security/autossh/ && make install clean
  • OSX 
    $ brew install autossh

Basic Usage of AutoSSH

AutoSSH usage is straightforward:

usage: autossh [-V] [-M monitor_port[:echo_port]] [-f] [SSH_OPTIONS]

Example Command

For forwarding a remote MySQL port to your local machine:

ssh -L 5000:localhost:3306 cytopia@everythingcli.org

Convert it for AutoSSH:

autossh -L 5000:localhost:3306 cytopia@everythingcli.org

Important: Ensure the connection works with ssh before using autossh and employ public/private key authentication for the background mode.

Monitoring with -M

AutoSSH can monitor the connection using a set of ports:

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3"

Option Descriptions

  • ServerAliveInterval: Time in seconds for the SSH client to send a null packet (default: 30).
  • ServerAliveCountMax: Number of server alive messages sent without response before disconnecting (default: 3).

Using ~/.ssh/config

Customize SSH settings in ~/.ssh/config for simplified commands:

$ vim ~/.ssh/config
 Host cli-mysql-tunnel
    HostName      everythingcli.org
    User          cytopia
    Port          1022
    IdentityFile  ~/.ssh/id_rsa-cytopia@everythingcli
    LocalForward  5000 localhost:3306
    ServerAliveInterval 30
    ServerAliveCountMax 3

Initiate the tunnel with:

autossh -M 0 -f -T -N cli-mysql-tunnel

AutoSSH Environment Variables

Control AutoSSH using environment variables like AUTOSSH_GATETIME:

AUTOSSH_GATETIME

Settings and other options are detailed in the AutoSSH Readme.

AutoSSH with Systemd

Create a systemd service for boot-time SSH tunnels:

$ vim /etc/systemd/system/autossh-mysql-tunnel.service
[Unit]
Description=AutoSSH tunnel service for MySQL
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NL 5000:localhost:3306 cytopia@everythingcli.org -p 1022

[Install]
WantedBy=multi-user.target

Reload the systemd daemon and start the service:

systemctl daemon-reload
systemctl start autossh-mysql-tunnel.service
systemctl enable autossh-mysql-tunnel.service

Starting AutoSSH on Startup

Ensure a persistent SSH tunnel survives system reboots by adding:

 $ sudo su
 ssh <user>@<remote_host>

Edit /etc/rc.local:

autossh -N -f -i /home/<user>/.ssh/id_rsa -R 22222:localhost:22 <user>@<remote_host>

Command Options

  • -N: No remote commands executed, used for tunneling.
  • -f: AutoSSH runs in the background.
  • -i: Specifies the SSH identity.
  • -R 22222:localhost:22: Sets up a reverse tunnel.

Conclusion

AutoSSH is an invaluable tool for maintaining persistent SSH tunnels. If you have insights or additional tips, reach out, and we'll enhance the guide accordingly.

Source: Everything CLI

Tags:

linuxsystemdtunnelingnetworkingautosshssh