Creating persistent SSH tunnels in Windows using autossh

por | 22 noviembre, 2012

Enable remote desktop

ssh -L 15000:REMOTESRV:3389 USER@localhost -p 20000

Remove the service:
cygrunsrv –remove AutoSSH

Check the configuration & status of the service:
cygrunsrv –query AutoSSH

Este es el bueno …..

cygrunsrv -I AutoSSH -f "Autossh tunnel" -t auto -y tcpip -O -u $USER -w $PASS -p /usr/bin/autossh -a "-M 20507 -R 51353:127.0.0.1:3389 $USER@$SERVER -p 15266 -g2CN" -e AUTOSSH_NTSERVICE=yes
  1. Download Cygwin (http://www.cygwin.com/)
  2. Install Cygwin, selecting the autossh package.
  3. Start the Cygwin shell (Start -> Programs -> Cygwin).
  4. Generate a public/private key pair.
    1. At the command line, run: ssh-keygen
    2. Accept the default file locations
    3. Use an empty passphrase
  5. Copy your newly-created public key to the SSH server.
    1. scp .ssh/id_rsa.pub user@ssh.host.name:id_rsa.pub
  6. Add your public key to your list of authorized keys on the server.
    1. Login to your SSH server.
    2. mkdir .ssh
    3. cat id_rsa.pub >> .ssh/authorized_keys
  7. Test your key.
    1. Logout of your SSH sever.
    2. Login to your SSH server again. This time, your key will be used for authentication and you won’t be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
    3. Logout of your SSH server.
    4. Exit of the Cygwin shell.
  8. Install autossh as a Windows service.
    1. Now back in Windows, open a new command Window (Start -> Run -> cmd).
    2. cd C:\cygwin\bin
    3. cygrunsrv -I AutoSSH -p /usr/bin/autossh -a “-M 20000 -L localaddress:port:serveraddress:port user@ssh.host.name” -e AUTOSSH_NTSERVICE=yes
  9. Tweak Windows service settings.
    1. Open the Services management console (Administrative Tools -> Services).
    2. Edit the properties of the AutoSSH service.
    3. In the “Log On” tab, select the “This account” radio button and set the service to run as your current user.
    4. Start the service.
  10. Test your tunnels.

 

Setup a Unbreakable SSH Tunnel

My company doesn’t have VPN setup. To be able to work from home, usually I have to setup a reversed ssh tunnel from office to my home server (my home router forwards port 12345 to my home server port 22) by running this command from my office machine:

ssh -R 10000:localhost:22 my.homeserver.com -p 12345

In this way, when I get to home, I can connect to my office by command:

ssh -p 10000 localhost

But the ssh session sometimes got timed-out and then I couldn’t connect back. It happened several time and I eventually got annoyed. To keep my connection always alive, I created a file ~/.ssh/config:

Host *
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 60

This helped a lot. But later, my company had some network issues and sometimes the network was down for hours. This broke my tunnel again. So I went even further and tried to find a solution to always keep my tunnel up — as soon as the network is available. Finally I found a program called “autossh“, which solved my problem perfectly.

First I made ssh passwordless from my office machine to my home server:

On my office machine, run following commands:

ssh-keygen -t dsa
scp ~/.ssh/id_dsa.pub my.homeserver.com:/tmp -p 12345

Then login my home server, run these commands:

cat ~/id_dsa.pub >> ~/.ssh/authorized_keys

After this, I tried to login my home server from office again, and yes! it didn’t ask me password anymore. Finally I installed autossh with apt-get, and changed my reverse tunnel command to:

autossh -M 29001 -f -N -R 10000:localhost:22 www.coffeestone.com -p 12345

You can find more information about autossh at this page: http://gentoo-wiki.com/HOWTO_autossh.

After re-setup the reverse tunnel with command autossh, I intentionally killed the ssh session from my home server; on my office machine side, the process autossh detected it and immediately restarted a new ssh session to my home server.

Now I have a perfect unbreakable ssh tunnel!