Autossh is a mechanism to connect remotely located machine (protected and not publicly available) via ssh.
Sometimes you just need to get to things remotely done. Those things might be behind an unbudging firewall with no way to forward proper ports for remote access, or perhaps you just want it set up access to resources this way.
In this blog, I am going to cover how to use the autossh and password-less login to Ubuntu machine.
Below diagram explains about the beauty of using autossh.
Looking at above image, Machine B is remotely located and not publicly available, we have machine A which is publicly available to everyone.
We will first setup Machine B to connect (via autossh) machine A, and then by simply using ssh command, we will connect Machine B from Machine A at any time.
This is really easy and amazing, please follow below instructions.
1. Generate RSA public and private keys for Machine A.
To generate key-pairs please use PuTTY Key Generator (Download link).
Public key:
Private key:
Private key need to be converted into OpenSSH key format.
Go to “Conversion >> Export OpenSSH key format”
Note: Below is dummy sample of Private key and Public key
Dummy Private key format:
-----BEGIN RSA PRIVATE KEY----- MIIEoAIBAAKCAQEAkF8AyZq8Ph1+lN8FIvBnTpUHnB1M+8qYoY4IdQ5dXOXIPQan 9X07NsHxP60ThOghntx4PgGMV1UgK3AbBIjkQtwE1aWeUByvxD4SjNhwWjuCtM0h IkO8mbl2CVLbH/fXfoljTayBvkHvPSOTVCUVOMCpqdrP75zd5DkWAlOwuyE1kYky XqDy1BvkmtLxSx1LzHa0N7Wq/fCqZYR+vWzsrOWo2r+9mXNWaE1dLUGaAKvKrwpw 7NCZi7f+yUc3x0Zw98sl/PbJQOfKQwEuzj+p/TRCdiFN/xcURYKKmIORLYOT31vE B4Uxz6d7H+y8pBBfcxK7YqGFkDPbWnp8MoTchwIBJQKCAQBV15+ad64yxW3b+jpn zTaBwGVjvmUgF5kGHRnJD3XIiKCS/Qnr6ZjUc1Esx8Zqs4mcunECRhwYQHP+JvtO ze+Bs0ElFl4hy94hqF4Ojof+TOXu9oJnZovRBn2JANVRR0HciQqc4xy2ULfDfO/R Ks5ZGJw7ey+HjbReL8fltTimnTsyDnc+A2KZolQIBA5R9dVukePjJCt5D5iqSJVU Wujshv9oJAlYuiHlhJ4CkIk5VGEmQ+uleJPiCvvLBFOdmp2/gkomN3FjRBKJTd7H zM8rFt7+zI9gCXzhOLEowABARoTPzA1V/9zniloTCIQBNyzwFRX665sQ76foal4b 9QwdAoGBAMPExPUADtdangJsd1wIZPzivuqabZAowcbPETA8KCf0QVHYXluASjMc m1YkkngE6zYYhYzk3hPb63Ysxjv1lbJSD8chVo7WdBiR5az/BlR1nO6Dzd+sxLzO ZY4Ew/mxxuqYdnvJv32DSeAoN9wx2DIIQilNTp1g9UThAG+JhXgVAoGBALzKCQB2 RpiOYT2VPX0tPcUM2bMToovmq+54EIHnwyW2e3rqgd4D8BjVUv1KMGm+Pk5KhwZD HBicXPhp+bUCz54SMbObWkGJUqnKL9Dzj215TfQuhwjTtr+fPaQVCFE+LsnpazHQ C8DG9Ow0yXbNRBwFldXYDHqqCJ7+O4Wohi0rAoGAJQmNC8G9nl1AfP/DjfPAFCrl 2Vt8gw6hM3NIcOjJU6rAP+qqEU+fVcckTpF444sswwJ6IZMVQgcDCIUC6L/CYAGv 9T2ol5BbJz4yXv/Qw97mVqNQdmzLRlCPwOwlE5BWELUPfzQBoh/B3kzMTEDICXcv HJIVyr9Q/zF8n3rh5kkCgYBb1+i0Haq6h89mooydwvt0nne+5vUhdyM1vd6EYulQ nfbh2d5QVPFYMG2P+pQXxFWpjApWEs9l6zQl0rDUmZVvfnkLRKhy6NwbP8Q8I3Y1 Qe6Sd3/2dNVx+nEDtzR6jPQq4EH8jrmcDcNCeouF51GRF3lTRoKcihIIKKdVx5s4 kQKBgAXtXplN8ZbDxRY6z2usHa7+Sz1/xcwzUCgJwIc3A0K7kSIdudSf73J46CPT P2MDX7S6Z6I+YyP0Y6NwqVVulP6XjTnGo8k+Aka65Zc63Bp/j/REMt6T3+pg/+gy NREF5DHFYCNrhU6AS5NW0PWTMrCLhfOHg0/i2NxfMK09xs8r -----END RSA PRIVATE KEY-----
Dummy Public key format:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkF8AyZq8Ph1+lN8F55fdpUHnB1M+8qYoY 4IdQ5dXOXIPQan9X07NsHxP60ThOghntx4PgGMV1UgK3AbBIjkQtwEddrttyyvxD4SjNhw WjuCtM0hIkO8mbl2CVLbH/fXfoljTayBvkHvPSOTVCrgJJMCpqdrP75zd5DkWAlOwuyE1k YkyXqDy1BvkmtLxSx1LzHa0N7Wq/fCqZYR+vWzsrOWo2r+9mXNWaE1dLUGaAKvKrwpw7NC Zi7f+yUc3x0Zw98sl/PbJQOfKQwEuzj+p/TRCdiFN/xcURYKKmIORLYOT31vEB4Uxz6d7H +y8pBBfcxK7YqGFkDPbWnp8MoTchw==
Now we need to copy this public key on Machine A, in .ssh folder with name as authorized_keys.
.ssh folder is hidden and can be found in /home/{user name}/.ssh,
if not found then create .ssh folder using make dir command and
change access permission.
mkdir ~/.ssh
chmod 700 .ssh/
Create new file authorized_keys, inside .ssh folder and
copy public key content.
vi authorized_keys
chmod 600 authorized_keys
2. Install autossh on Machine B
Install autossh program on Machine B.
sudo apt-get install autossh
3. Copy Private key of Machine A on Machine B
Now copy Private key (Generated in step 1) onto machine B in .ssh folder with name as id_rsa, make sure don’t forgot to provide access permission.
chmod 700 .ssh/ chmod 600 id_dsa
4. Generate RSA Public and Private key for Machine B
Please follow step 1 to generate another key pair using PuTTY Key Generator for Machine B.
5. Copy Public Key on Machine B.
Now copy newly generated Public key (step 4) into Machine B .ssh/authorized_keys file name, make sure don’t forget to provide access permission.
chmod 700 .ssh/ chmod 600 authorized_keys
6. Copy Private key of Machine B on Machine A.
Now copy Private key of Machine B (generated in step 4) onto machine A in .ssh folder with name as machineBpkey, make sure don’t forget to provide access permission.
chmod 600 machineBpkey
7. Run autossh command on Machine B
Now by running autossh command we are going to connect from Machine B to Machine A.
On Machine B run below command.
To see Console logs use autossh command with –vvv flag.
autossh -N -R 3333:localhost:22 usernameA@machineAIpAddress -i ~isosec/.ssh/id_rsa -vvv
To run autossh in background use &
autossh -N -f -R 3333:localhost:22 usernameA@machineAIpAddress -i ~/.ssh/id_rsa & Where: 3333 : is port listening on Machine A to connect via ssh. ~/.ssh/id_rsa : is privatekey of Machine A. & : is to run command in background process. If you want to see console log then instead "&" please use "-vvv" parameters.
Now machine B is listening on port no 3333 for Machine A.
8. Connect Machine A to Machine B.
On Machine A run below command.
ssh -i ~/.ssh/machineBpkey isosec@localhost -p 3333 where ~/.ssh/machineBpkey : is private key of Machine B 3333 : is port number where Machine B is listening for connection.
That’s it now we can run any command on Machine B from Machine A.
This mostly suitable for deployment process on a client side.
To summarize:
Machine A is having - Public key of Machine A - .ssh/authorized_keys Private key of Machine B - .ssh/machineBpkey Machine B is having - Public key of Machine B - .ssh/authorized_keys Private key of Machine A - .ssh/id_rsa Then 1. Machine B is connecting to Machine A using Private key (id_rsa) to listen connection on specific port number (3333). 2. Machine A connect to Machine B using ssh private key (machineBpkey) on same port number (3333).
Please let me know in case any questions/clarification.
Rohan Jayraj Mohite 