- Linux OS
- OpenSSH
autossh
(optional)- Generated RHA Key (
id_rsa
,id_rsa.pub
in~/.ssh
): If you don't have these, simply runssh-keygen
without passphrase
For security reasons, this account should not be a sudo account.
- Amazon Linux 2 or Amazon Linux AMI EC2 Instance
[ec2-user ~]$ sudo adduser tunnel
- AWS Ubuntu EC2 Instance
[ubuntu ~]$ sudo adduser newuser --disabled-password
sudo su - tunnel
- make
authorized_keys
mkdir .ssh
chmod 700 .ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
- add public key of client to
authorized_keys
nano ~/.ssh/authorized_keys
This script should be provided with [REMOTE-IPADDRESS]
and [REMOTE_PORT]
.
curl --insecure -o- \
https://raw.githubusercontent.com/eunchurn/aws-secure-tunnel/scripts/[email protected] \
| bash -s [REMOTE_IPADDRESS] [REMOTE_PORT]
curl --insecure -o- \
https://raw.githubusercontent.com/eunchurn/aws-secure-tunnel/scripts/[email protected] \
| bash -s [REMOTE_IPADDRESS] [REMOTE_PORT]
TARGET
is your EC2 IP address.USERNAME
istunnel
user account.REMOTE_PORT
is the port number of EC2 that you need to connect to the client from the EC2 instance.
TARGET=$1
LOCAL_ADDR=0.0.0.0
LOCAL_PORT=22
REMOTE_PORT=$2
USERNAME=tunnel
SSH_TARGET_PORT=22
[email protected]
file in /dev/systemd/system/
[Unit]
Description=Setup a secure tunnel to %I
After=network.target
[Service]
Environment="LOCAL_ADDR=localhost"
EnvironmentFile=/etc/default/secure-tunnel-autossh@%i
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR ${REMOTE_PORT}:${LOCAL_ADDR}:${LOCAL_PORT} -p ${SSH_TARGET_PORT} ${USERNAME}@${TARGET}
# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
[Unit]
Description=Setup a secure tunnel to %I
After=network.target
[Service]
Environment="LOCAL_ADDR=localhost"
EnvironmentFile=/etc/default/secure-tunnel@%i
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L ${LOCAL_ADDR}:${LOCAL_PORT}:localhost:${REMOTE_PORT} ${TARGET}
# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
- DNS:
ec2-13-124-180-92.ap-northeast-2.compute.amazonaws.com
- IP Address:
13.124.180.92
- Port:
10022
- Client Username:
client-user
- In your client
curl --insecure -o- \
https://raw.githubusercontent.com/eunchurn/aws-secure-tunnel/scripts/[email protected] \
| bash -s 13.124.180.92 10022
- Make sure your tunnel daemon alive
systemctl status secure-tunnel@aws
- Or check log:
-r
is reverse,-f
is follow
journalctl -u secure-tunnel@aws -r
- Make sure PORT is open.
sudo lsof -i:10022 | grep IPv4
- Connect to SSH and log in through the tunnel.
ssh client-user@localhost -p 10022
- Enjoy