By merize147 at 2006-06-29 16:10
Ok so the other day someone asked me to figure something out and here was my reply in case you happen to be interested.
The following was based on a Ubuntu 6.06 system but any distro will do as long as you can install the programs. (apt-get install is a wonderful thing)
Needed programs: ssh, autossh, and all of their dependencies.
Object will be to forward port 6667 to your LUG's group server through a ssh tunnel that will reconnect if severed.
ok this is the ideal time to install any missing programs
we will be using a key pair to authenticate the ssh session.
(a)type 'ssh-keygen -t rsa'
(b)make sure it defaults to: '/<user's home dir>/.ssh/id_rsa'
(c)no passphrase (not that secure, but easy to setup)
(d)you should now have the key pair in the .ssh directory (id_rsa & id_rsa.pub)
(e)make a copy of your public key with the name 'authorized_key'
(f)'cp /<user's home dir>/.ssh/id_rsa.pub /<user's home dir>/.ssh/authorized_key'
(g)copy authorized_key to the .ssh directory of the remote system. (use 'scp' for secure comms)
(h)'scp /<user's home dir>/.ssh/authorized_key <remote user>@<ip address>:'/<user's home dir>/.ssh/'
(i)you may have to create the .ssh folder on the remote system if it is not there. this happen to me on my OpenBSD test box.
verify that ssh work with the new keys.
(a)ssh -i /<user's home dir>/.ssh/id_rsa <remote user>@<ip address>
(b)when you connect you should have direct access to the system and not be prompted for a passphrase.
Time to forward a port
(a)add the port forward feature to the ssh command: '-L <local port>:system:<remote port>'
(b)'-L 1234:localhost:6667' would be my local system listening on port 1234 and sending requests to port 6667 of the remote's local loopback address (127.0.0.1)
(c)if forwarding is enabled on the remote system the you could use the remote system as a stepping stone to another.
(d)the new command would be:
(e)ssh -i /<user's home dir>/.ssh/id_rsa -L <local port>:system:<remote port> <remote user>@<ip address>
(f)ie: 'ssh -i /root/.ssh/id_rsa -L 1234:localhost:6667 firstname.lastname@example.org
(g)verify it works
(g)1.connect to the remote system
(g)2.set your irc client to connect locally on port 1234 which should forward the request to the remote system.
Keeping the connection alive
(a)Dear fellow admins, <screaming> stop reconfiguring the firewall and killing my open connection </screaming>. Thank you.
(b)use the autossh command to monitor the connection and reconnect when needed. (make sure you replace the ssh with autossh)
(c)'autossh -i /root/.ssh/id_rsa -L 1234:localhost:6667 email@example.com'
(a)typing this out all the time sucks, so write a script and make it executable.
This of course is very basic instruction set. Both ssh and autossh have many options to suit your needs, but that is for you to figure out.