Instructions to establish a reverse SSH proxy on server startup.
Useful for setting up a server behind gateways/firewalls.
Install SSH keys on the remote and local server.
Note the command should work independently before setting up as a service.
/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com
On the remote server you can login via the tunnel
ssh user@localhost -p 2220
Create a service file /etc/systemd/system/sshtunnel.service
containing:
[Unit]
Description=SSH Tunnel
After=network-online.target ssh.service
[Service]
User=sshtunnel
ExecStart=/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
Enable SSH Tunnel Service
systemctl enable sshtunnel
Start SSH Tunnel
systemctl start sshtunnel
Get SSH Tunnel Status
systemctl status sshtunnel