Start autossh on system startup

Question

Is there any way to start autossh on startup, so that it starts and sets up the ssh tunnel before a user has even logged in? I boot Ubuntu to terminal, and I'd like that the autossh process starts automatically on startup so I can ssh in.

I've tried adding the command to /etc/rc.local, as well as to create a /etc/init/*.conf script. None of these seems to work.

Something like [`@reboot autossh -D 9050 user@sshserver -fTNC` on crontab](https://askubuntu.com/a/1113951/349837)? — Pablo Bianchi, Jul 29 '19 at 00:15

score 30 · Answer 1 · edited Jul 29 '19 at 00:11

30

Using systemd this can be done (sample autossh created for mysql access):

Create a systemd file using nano or vim or appropriate editor of choice:
```
sudo vim /etc/systemd/system/autossh-mysql-tunnel.service 
```

Add the following contents:

[Unit]
Description=AutoSSH tunnel service everythingcli MySQL on local port 5000
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NL 5000:localhost:3306 [email protected] -p 1022

[Install]
WantedBy=multi-user.target

Reload systemd:
```
sudo systemctl daemon-reload
```

Start the Autossh service:

sudo systemctl start autossh-mysql-tunnel.service

Enable at boot:

sudo systemctl enable autossh-mysql-tunnel.service

Check status with:

sudo systemctl status autossh-mysql-tunnel

Note

There is however an important thing to note about systemd and AutoSSH: -f (background usage) already implies AUTOSSH_GATETIME=0, however -f is not supported by systemd.

So in the case of systemd you need to make use of AUTOSSH_GATETIME

Source

edited Jul 29 '19 at 00:11

Pablo Bianchi

14,308
4
74
117

answered Aug 19 '17 at 18:33

George Udosen

35,970
13
99
121

Thanks! I'm trying this, but when I run `sudo service reverse-ssh-tunnel.service status`, I get `Loaded: not-found (Reason: No such file or directory)`. Researching this now :) – ptf Aug 19 '17 at 19:12
please do `sudo systemctl status reverse-ssh-tunnel` not `sudo service reverse-ssh-tunnel.service status` – George Udosen Aug 19 '17 at 19:16
Can I specify the SSL private key needed to authenticate with the other machine? – ptf Aug 19 '17 at 19:32
3

I believe you mean `autossh -i /home//.ssh/id_rsa -R 22222:localhost:22 @` – George Udosen Aug 19 '17 at 20:01
3

I needed to add `-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no` as well. Maybe I just need one of them, haven't tested them individually. Found this here: https://stackoverflow.com/a/24689061/1211119. However, when I'm looking at the tty1 login screen (I boot to the terminal), the service hasn't yet created the tunnel. If I log in, the service starts. – ptf Aug 19 '17 at 20:25
Great answer. @ptf, thanks for commenting with the additional flags. Without those I was getting a 255 return value from ssh. Did you resolve the issue that the tunnel only initiates when you log in? – Gabriel Nov 20 '17 at 10:55
@Gabriel Hmm, I don't think so. I think I haven't look to much more at it. – ptf Nov 20 '17 at 15:53
2

Sometimes you want to run under a different user context. To do this: Add `User=username` to the `[Service]` section in the systemd file. – friederbluemle Aug 23 '18 at 14:24
Why the "-M 0" is needed? – fullmooninu Feb 05 '19 at 15:48
This is the only one which is working for my raspberry pi project among all samples I read. However, after 2 days no activity, the connection is closed. When I view it with teamviewer the pi device is still online actually. Can you figure out why and what need to be fiixed here? – Al Kasih May 31 '19 at 04:32
@ptf don't add both `-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no`, add only `-o StrictHostKeyChecking=accept-new`. Not redundant and more secure. – haelix May 13 '21 at 18:28

score 0 · Answer 2 · edited Sep 28 '21 at 08:04

I added a -N to the command to get this to work. -N tells autossh to connect and do nothing. Without it my ssh session was logging in then immediately exiting. I also set it up to use a local user along with a .ssh/config file (/home/myuser/.ssh/config) which contains my tunnel rules.

# cat /etc/systemd/system/autossh.service

    [Unit]
    Description=AutoSSH service
    After=network.target
    
    [Service]
    Environment="AUTOSSH_GATETIME=0"
    User=myuser
    Group=myuser
    ExecStart=/usr/bin/autossh -N -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -i /home/myuser/.ssh/id_ecdsa_np remoteid@remote
    RemainAfterExit=yes
    
    [Install]
    WantedBy=multi-user.target

Start autossh on system startup

2 Answers2

Note

Source

Linked