Mastering Autossh: Secure Automatic SSH Tunnels and Port Forwarding
This guide explains how autossh automates SSH connections, provides reliable reverse and dynamic port forwarding, details installation steps, command‑line options, practical examples, and system‑level startup configuration for robust network tunneling.
Tool Overview
Autossh is a command‑line utility that starts an SSH session and monitors it, automatically reconnecting if the connection drops. It builds on the standard SSH port‑forwarding mechanisms and adds a lightweight watchdog to ensure continuous tunnels.
Installation
# Install autossh
$ yum install autossh
$ apt install autosshBasic Usage
The general syntax is:
# autossh usage
autossh [-V] [-M port[:echo_port]] [-f] [SSH_OPTIONS]Key Command‑Line Options
-M: Enables monitoring; specifies a port for the echo service used to detect failures. -D: Sets up dynamic application‑level port forwarding (SOCKS proxy). -R: Forwards a remote host port to a local destination. -L: Forwards a local port to a remote destination. -f: Runs autossh in the background. -T: Disables pseudo‑terminal allocation. -n: Used with -f to prevent reading from stdin. -N: Do not execute remote commands; useful for pure forwarding. -q: Quiet mode, suppresses most output.
Example Scenarios
1. Local Port Binding and Forwarding (-L)
# Bind local port 5900 and forward to host2:8000
$ autossh -M 5678 -fCN -L 5900:localhost:8000 user@host2
# Alternative syntax with explicit remote host
$ autossh -M 5678 -fCN -L 5900:user@host2:8000 user@host22. Remote Port Forwarding (-R)
# Expose host2:8080 on host1's port 5900
$ autossh -M 5678 -fCN -R 5900:localhost:8000 user@host2
$ autossh -M 5678 -fCN -R 5900:user@host2:8000 user@host23. Dynamic Port Forwarding (-D)
# Create a SOCKS proxy on local port 1080
$ autossh -M 5678 -vv -D 1080 user@host2Automatic Startup
On Ubuntu or CentOS you can use systemd to ensure autossh starts at boot. Create a service file such as /etc/systemd/system/remote-autossh.service:
[Unit]
Description=AutoSSH service for remote tunnel
After=network-online.target
[Service]
User=root
ExecStart=/usr/bin/autossh -M 5678 -fCNR 18081:host2:8080 user@host2
[Install]
WantedBy=multi-user.targetEnable and start the service with:
# systemctl enable remote-autossh.service
# systemctl start remote-autossh.serviceOn older systems you can add the autossh command to rc.local or use an init.d script.
Control Scripts
Example expect scripts can start and stop the tunnel programmatically, handling password prompts automatically.
PASS="escapelife"
doexit(){
expect -c "
set timeout -1
spawn $1 -t ps aux |grep escape |grep sshd |awk '{print $2}' |xargs kill -9
expect {*?assword:*} {send \"$PASS\r"}
expect eof
"
}
dossh(){
nohup expect -c "
set timeout -1
spawn $1
expect {*?assword:*} {send \"$PASS\r"; exp_continue}
" &
}
doexit "ssh -o -p 6622 user@host1"
dossh "autossh -o -M 5678 -N -L 5900:127.0.0.1:8000 user@host1 -p 6622"When to Use Autossh
Autossh is ideal for a small number of persistent tunnels because it adds negligible overhead. For large‑scale port mapping, dedicated services like Ngrok may offer richer management features.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.