SSH Tunnels on startup

[wbrady4927]

I have multiple ssh tunnels that I need to run on startup. Does anyone know a working way to do that? I have tried creating a script and putting it in all sorts of directories (/etc/init.d/, /etc/, /etc/network/if-up.d/). I have also tried appending the commands to /etc/rc.local but nothing works. The script is actually executed in all these places because I tried putting a simple mv command in there and that was executed but these ssh tunnels won't be constructed. My script looks something like this:

#! /bin/sh
xterm -e ssh ....... &
xterm -e ssh ....... &
xterm -e ssh ....... &

I also have another program that I would like to run along with the ssh tunnels. The program needs to be run as root, but that won't work either. Can anyone help with any of this?

[puppywhacker]

The xserver isn't started yet in the scripts you have tried. Besides you do not need to spawn a (graphical) terminal. Also you can setup multiple tunnels through the ssh-server. I assume you tested the ssh connection in a terminal? you don't need to sudo if the tunnel-port is higher than 1024. (the unprivileged range starts from 1024)

I like the use of /etc/rc.local The use of an script like /etc/rc2.d/S80mytunnels is fine too. I'm not sure if /etc/network/if-up.d/ is read in all circumstances. I don't think network manager reads it???

[wbrady4927]

Thank you for your fast reply! What would you use to execute the commands without using the graphical terminal? I also don't know how to configure the ssh-server?

[puppywhacker]

Remove the xterm -e. Ssh will run just fine without it provided that it doesnt ask for a password and you use private&public with rsa or dse keys. google for authorized ssh keys

[wbrady4927]

The 3 ssh commands I need to have running are:
ssh -b net1 -L net1:rt1:net2:rt2 user@net2
ssh -b net3 -L net3:rt3:net4:rt4 user@net4
ssh -D net1:rt2 user@net

What's the best way do you think to do that?

[wbrady4927]

Just removing xterm -e did not work. Are you still supposed to leave the & at the end of each line? Or do you have any other thoughts? Any ideas are welcomed!

[puppywhacker]

removing the "xterm -e" is only a starting point, you still need to get autorized keys to work. This will allow ssh connections with trusted keys to be established, so that it doesn't ask for a password. Try these connecting on the commandline before trying it in a script. You can see where it fails on the commandline, but not in the script.

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

If you get this to run on the commandline, you can think of putting the rules in the rc.local

I don't know what you try to achieve with the third ssh rule with -D, but I think you misunderstand it's function? Only TCP tunnels can be used easily.

As for the first rules, they could look like this

Code:

ssh -L 8000:localhost:8000 user@net2
ssh -L 8001:localhost:8000 user@net4

Where the localhost part is seen from the remote server, so the first rule will tunnel everything from net2:8000 to the client's local port 8000 and the second rule will forward net4:8000 to the local port 8001 (Since 8000 is already in use.) Now clients can use the ports 8000 and 8001 to initiate connections. The server in net2 and net4 can not initiate connections (since we did not set up a reverse tunnel with -R)

[wbrady4927]

I already have the keys set up and when I run the script on its own after I have started the system everything works. But when the script is executed on startup it doesn't work. Is there a way to run those ssh commands in the background? I'm not sure if that would help or not. I cannot even get the startup script to run one other root command without these ssh commands. But it will run simple mv or cp commands.

[wbrady4927]

If I just do :
ssh ...
ssh ...
ssh ...
I think it will do them nested. That is why I was trying to execute each in their own terminal.

[Lars Noodén]

If I just do :
ssh ...
ssh ...
ssh ...
I think it will do them nested. That is why I was trying to execute each in their own terminal.

If these tunnels are to be started automatically it will be easier to do so with help of keys. Here is one possible syntax for /etc/rc.local:

Code:

ssh -i /home/tunneluser/.ssh/key_net2 -L 8000:localhost:8000 tunneluser@net2
ssh -i /home/tunneluser/.ssh/key_net4 -L 8001:localhost:8000 tunneluser@net4