# Generate key ssh-keygen -t rsa -N "" -b 2048 -C "a description of the new key" -f ~/.ssh/my_key # Create PEM openssl rsa -in ~/.ssh/my_key -pubout > ~/.ssh/my_key_pem.pub # Get fingerprint openssl rsa -pubin -outform DER -in ~/.ssh/my_key_pem.pub | openssl md5 -c
sshd_config file and adjust the
Port as desired. You'll need to restart sshd after the edit.
sudo vim /etc/ssh/sshd_config sudo systemctl restart ssh
# Format ssh -L <local port>:<local host>:<remote port> <remote host> # Example ssh -L 80:localhost:9999 host.example.com
If you want to SSH to your home computer that's behind a NAT and also have an internet facing server, you can proxy through your public server with a reverse tunnel from your home computer. Make sure to install
autossh on your home computer before starting this.
autossh will restart the ssh tunnel if it fails.
I'll use these as examples:
On your public server (the example.com one), make sure you have the line
GatewayPorts clientspecified in your
/etc/ssh/sshd_config. If you don't, add it and restart/reload
From your home computer (the 192.168.1.100 one) issue the following command:
autossh -M 10239 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" \ -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" \ -o "ServerAliveCountMax 3" -R \*:12345:localhost:22 firstname.lastname@example.org
-M 10239is used for by autossh for test data to monitor the connection
\*binds the port to all interfaces (not just the loopback 127.0.0.1
12345is the port you'll used when connecting to your home computer. Change this to whatever you like.
Now from a remote computer, say your laptop or mobile phone, ssh to your home computer through your server.
ssh email@example.com -p 12345
You'll have to remove the
-f option above as it doesn't work with SystemD.
Create the startup script
cat > autossh.service << EOF [Unit] Description=AutoSSH Daemon After=network-online.target [Service] Type=simple User=r Group=r ExecStart=/usr/bin/autossh -M 10239 -N -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" \ -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" \ -o "ServerAliveCountMax 3" -R \*:12345:localhost:22 firstname.lastname@example.org Restart=on-failure [Install] WantedBy=multi-user.target EOF
Now, enable and start it
sudo mv autossh.service /lib/systemd/system/autossh.service sudo systemctl enable autossh sudo systemctl start autossh sudo systemctl status autossh