We wanted to protect one of our database servers by closing its open ports and only allowing tunneling via ssh or a vpn. Since this post indicates that ssh is less cpu intensive than openvpn, wanted to keep an ssh tunnel open across reboots. Autossh seems to be a ready-made solution for this -
autossh(1): monitor/restart ssh sessions
So, in our case, via
Create an ssh tunnel background service with autossh and systemd (systemctl)
and
16.04 - Start autossh on system startup - Ask Ubuntu
sudo apt install autossh
sudo nano /etc/systemd/system/ourtunnel.service
[Unit]
Description=our tunnel service
After=network.target network-online.target sshd.service
[Service]
ExecStart=/usr/bin/autossh -i /home/ouruser/.ssh/id_rsa_ourkey -L 9999:localhost:9999 -NT ourserveruser@our.remoteserver.tld
[Install]
WantedBy=multi-user.target
The -NT switch is important - otherwise, the sshd on the remote server complains, "Pseudo-terminal will not be allocated because stdin is not a terminal." And the service status will show that it failed -
service ourtunnel status
autossh[494191]: ssh exited prematurely with status 0; autossh exiting
linux - Pseudo-terminal will not be allocated because stdin is not a terminal - Stack Overflow
After a few days of use, top shows the CPU usage - around 6.6% for autossh on the tunnel client which runs a web server, and the tunnel server which runs a db shows 8 to 12% CPU usage for sshd.
No comments:
Post a Comment