Sudo update-rc.d /etc/init.d/autossh.sh enable|disableĤ.4. Sudo update-rc.d /etc/init.d/autossh.sh remove To disable it: #Remove the script's link under /etc/rc0.d To see if there is a link to the script: $ ls /etc/rc0.dĤ.3. To see if the script work: $ sudo /etc/init.d/autossh.sh startĤ.2. $ sudo update-rc.d autossh.sh enable #execute when startupĤ. $ sudo update-rc.d autossh.sh defaults #create a link under "rc0.d" to the script Enable the script $ sudo chmod a+x /etc/init.d/autossh.sh #make the script executable Just need to change the following parameters: pi3_checking_port, vps_ip, vps_port, pi3_port, and vps_user. Sudo /usr/bin/autossh -M pi3_checking_port -fN -o "PubkeyAuthentication=yes" -o "StrictHostKe圜hecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R vps_ip:vps_port:localhost:pi3_port -i /root/.ssh/id_rsa _port Sudo /usr/bin/autossh -M pi3_checking_port -fN -o "PubkeyAuthentication=yes" -o "StrictHostKe圜hecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R vps_ip:vps_port:localhost:pi_port -i /root/.ssh/id_rsa _port # Required-Stop: $local_fs $remote_fs $network $syslog # Required-Start: $local_fs $remote_fs $network $syslog $ sudo vim /etc/init.d/autossh.sh #Create the new file with a name you like Create the startup script $ sudo apt-get insall autossh So I am writing a startup script instead of using rc.local. I know there's something different from debian and Ubuntu, and I guess I am currently facing one of the differences. I tried adding sudo, or use the key from the root -i /root/.ssh/id_rsa, or disable the iptables, but none of these worked. I don't understand why it works perfectly on my Ubuntu server but doesn't work here. The signal (15) means terminate the process. Here is the log from /var/log/syslog: Aug 25 10:28:23 raspberrypi autossh: starting ssh (count 1)Īug 25 10:28:23 raspberrypi autossh: ssh child pid is 725Īug 25 10:28:28 raspberrypi autossh: received signal to exit (15) Notes: I tried to write the following command under /etc/rc.local, but it doesn't work after reboot: autossh -M pi3_checking_port -fN -o "PubkeyAuthentication=yes" -o "StrictHostKe圜hecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R vps_ip:vps_port:localhost:pi_port -i /home/pi/.ssh/id_rsa _port So it is necessary to use autossh to make sure that the reverse ssh tunnel is alive and to reconnect the vps if not alive. The above mentioned reverse ssh connection is not stable and cannot restart after disconnection or reboot. $ ssh -p vps_port _ipĬhange vps_ip, vps_user, vps_port. Pi $ ssh -fN -R vps_ip:vps_port:localhost:pi3_port _ip Pi $ ssh -fN -R vps_port:localhost:pi3_port _ip Option 2: the Pi3 can be connected from any other host from the Internet #option 1 Option 1: the Pi3 can only be connected locally from the vps There are two options as mentioned before: Operations on Pi3 - initiate reverse ssh tunnel $ usermod -s /bin/false vps_userĬhange, xxx, vps_user, vps_port. #Prevent the vps_user from using the bash on vps $ iptables -A INPUT -p tcp -m tcp -dport vps_port -j ACCEPT GatewayPorts clientspecified #add this line #(Optional) If you want to expose the port of Pi3 to the Internet, then do the following: Operations on Pi3 - Login to the vps as vps_user $ ssh -p xxx $ sudo cat id_rsa.pub > /home/vps_user/.ssh/authorized_keys Pi $ scp /home/pi/.ssh/id_rsa.pub :/home/vps_user/.ssh/id_rsa.pubĬhange, xxx, vps_user. Besides, there are two kinds of reverse ssh tunnel, one is that you need to login to the vps first then you can login to the Pi3, the other is that you can directly login to the Pi3 but you will expose the ssh port of Pi3 to the Internet pi $ sudo ssh-keygen To make sure the Pi3 can reverse ssh to the vps without password, a key should be generated. $ chown -R vps_user:vps_user /home/vps_user/.sshĬhange vps_user. If you have root access to the vps, the best practice is to add a new user for the Pi3 and prevent the new user from using the bash.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |