ssh -NT -o ServerAliveInterval=60 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -i /var/services/homes/foouser/.ssh/id_rsa -R 8080:localhost:80 -R 4443:localhost:443 foouser@<VPS>
And all I needTo explain this command:
-N
- Do not execute a remote command; this is useful for just forwarding ports.-T
- Disable pseudo-tty allocation.-R 8080:localhost:80
- Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. In this case, it means forward port 80 of the remote server to port 8080 of the client.-i /path/to/key
- Specify the path to ssh key used to establish the ssh session, without this you will have to enter username (if not supplied) and password to establish the ssh session.ServerAliveInterval
- the number of seconds that the client will wait before sending a "server alive" message to the server to keep the connection alive.ServerAliveCountMax
- the number of "server alive" messages which may be sent without reply from the server. If this threshold is reached ssh will disconnect from the server, terminating the session.ExitOnForwardFailure
- if set to "yes", the connection shall be terminated if ssh cannot set up all requested dynamic, tunnel, local, and remote port forwardings, (e.g. if either end is unable to bind and listen on a specified port).foouser@<VPS>
- Specifies the user accountfoouser
used to establish the remote port forwarding ssh session with the server<VPS>
.
It is also worth adding some ssh config options to do on the server (in my case, on my VPS is to configure ssh) as well; by simply adding the following file if it doesn't already exist:
Note: you could replace the *
for(which means apply this config to "all hosts") with a specific host, but as - In my case my NAS (i.e. the host that connects to my VPS) is behind my router, which can change itsrouter; the public IP address of my router frequently changes as it's DHCP assigned (from my ISP) so I stuck with "all hosts".
foouser@nas:~$ cat /etc/systemd/system/sshtunnel-web.service
[Unit]
Description=SSH Tunnel for WebStation
After=network.target
[Service]
Restart=always
RestartSec=1
User=foouser
ExecStart=/bin/ssh \
-NT \
-o ServerAliveInterval=60 \
-o ServerAliveCountMax=10 \
-o ExitOnForwardFailure=yes \
-i /var/services/homes/foouser/.ssh/id_rsa \
-R 8080:localhost:80 \
-R 4443:localhost:443 \
foouser@<VPS>
[Install]
WantedBy=multi-user.target