I recently had a need to create a permanent SSH tunnel between Linux servers. My need was to allow MYSQL replication .
Create a ‘tunnel’ user on SERVER 1:
[root@server1 ~]# useradd -d /home/tunnel tunnel
[root@server1 ~]# passwd tunnel ## Set a strong password
[root@server1 ~]# su - tunnel ## Become the user 'tunnel'
Now create a public/private key pair:
[tunnel@server1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tunnel/.ssh/id_rsa): ## hit enter to accept the default
Enter passphrase (empty for no passphrase): ## don't use a passphrase
Enter same passphrase again:
Your identification has been saved in /home/tunnel/.ssh/id_rsa.
Your public key has been saved in /home/tunnel/.ssh/id_rsa.pub.
The key fingerprint is:
6f:30:b8:e1:36:49:74:b9:32:68:6e:bf:3e:62:d3:c2 tunnel@server1
Now cat out the id_rsa.pub file which contains the public key that we will need to put on host b:
[tunnel@server1 ~]# cat /.ssh/id_rsa.pub
ssh-rsa blahAAAAB3NzaC1yc2EAAAABIwAAAQEA......6BEKKCxTIxgBqjLP tunnel@server1
Now create a ‘tunnel’ user on Host B and save the public key for tunnel@server1 in the authorized_keys file
[root@server2 ~]# useradd -d /home/tunnel tunnel
[root@server2 ~]# passwd tunnel ## Set a strong password
[root@server2 ~]# su - tunnel
[tunnel@server2 ~]# mkdir .ssh
[tunnel@server2 ~]# vi .ssh/authorized_keys ## Now paste in the public key for tunnel@server1
At this point you should be able to ssh from tunnel@server1 to tunnel@server2 without using a password. Depending on your configuration, you might need to allow the user ‘tunnel’ in /etc/ssh/sshd_config. You might also set some SSH options like the destination port in ~/.ssh/config.
Now, create this script as server1:/home/tunnel/check_ssh_tunnel.sh
createTunnel() {
/usr/bin/ssh -f -N -L13306:server2:3306 -L19922:server2:22 tunnel@server2
if [[ $? -eq 0 ]]; then
echo Tunnel to server2 created successfully
else
echo An error occurred creating a tunnel to server2 RC was $?
fi
}
## Run the 'ls' command remotely. If it returns non-zero, then create a new connection
/usr/bin/ssh -p 19922 tunnel@localhost ls
if [[ $? -ne 0 ]]; then
echo Creating new tunnel connection
createTunnel
fi
Save that file and make it executable:
chmod 700 ~/check_ssh_tunnel.sh
Create a ‘tunnel’ user on SERVER 1:
[root@server1 ~]# useradd -d /home/tunnel tunnel
[root@server1 ~]# passwd tunnel ## Set a strong password
[root@server1 ~]# su - tunnel ## Become the user 'tunnel'
Now create a public/private key pair:
[tunnel@server1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tunnel/.ssh/id_rsa): ## hit enter to accept the default
Enter passphrase (empty for no passphrase): ## don't use a passphrase
Enter same passphrase again:
Your identification has been saved in /home/tunnel/.ssh/id_rsa.
Your public key has been saved in /home/tunnel/.ssh/id_rsa.pub.
The key fingerprint is:
6f:30:b8:e1:36:49:74:b9:32:68:6e:bf:3e:62:d3:c2 tunnel@server1
Now cat out the id_rsa.pub file which contains the public key that we will need to put on host b:
[tunnel@server1 ~]# cat /.ssh/id_rsa.pub
ssh-rsa blahAAAAB3NzaC1yc2EAAAABIwAAAQEA......6BEKKCxTIxgBqjLP tunnel@server1
Now create a ‘tunnel’ user on Host B and save the public key for tunnel@server1 in the authorized_keys file
[root@server2 ~]# useradd -d /home/tunnel tunnel
[root@server2 ~]# passwd tunnel ## Set a strong password
[root@server2 ~]# su - tunnel
[tunnel@server2 ~]# mkdir .ssh
[tunnel@server2 ~]# vi .ssh/authorized_keys ## Now paste in the public key for tunnel@server1
At this point you should be able to ssh from tunnel@server1 to tunnel@server2 without using a password. Depending on your configuration, you might need to allow the user ‘tunnel’ in /etc/ssh/sshd_config. You might also set some SSH options like the destination port in ~/.ssh/config.
Now, create this script as server1:/home/tunnel/check_ssh_tunnel.sh
createTunnel() {
/usr/bin/ssh -f -N -L13306:server2:3306 -L19922:server2:22 tunnel@server2
if [[ $? -eq 0 ]]; then
echo Tunnel to server2 created successfully
else
echo An error occurred creating a tunnel to server2 RC was $?
fi
}
## Run the 'ls' command remotely. If it returns non-zero, then create a new connection
/usr/bin/ssh -p 19922 tunnel@localhost ls
if [[ $? -ne 0 ]]; then
echo Creating new tunnel connection
createTunnel
fi
Save that file and make it executable:
chmod 700 ~/check_ssh_tunnel.sh
1 comment:
SSH tunnels offer a method to bypass firewalls that command sure web services – farewell as a website permits outgoing connections. As an example, at workplace users is also blocked by some firewalls to access to social websites like facebook and youtube directly through eighty ports. However users might not would like to possess their internet traffic blocked by the firewalls and filters and want to be ready to unblock facebook and youtube. If users will hook up with AN external SSH server, they will produce AN SSH tunnel to forward a given port on their native machine to port eighty on an overseas internet server to bypass those firewalls and filters to unblock facebook and youtube.
View SSH VPN Details
Post a Comment