systemd服务配置ssh反向端口转发

# sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl enable --now ssh-reverse-tunnel.service
sudo systemctl start ssh-reverse-tunnel.service
sudo useradd -M -s /bin/bash ssh-tunnel
sudo mkdir -p /home/ssh-tunnel/.ssh
sudo chmod -R 700 /home/ssh-tunnel/
sudo cp /home/peter/.ssh/id_rsa /home/ssh-tunnel/.ssh/id_rsa
sudo chmod 600 /home/ssh-tunnel/.ssh/id_rsa
sudo chown -R ssh-tunnel:ssh-tunnel /home/ssh-tunnel

ssh-keyscan aliyun.mydomain.com | sort -u - ~/.ssh/known_hosts > ~/.ssh/known_hosts.new
# mv ~/.ssh/known_hosts.new ~/.ssh/known_hosts
sudo chsh -s /sbin/nologin ssh-tunnel

cat <<EOF | sudo tee /etc/systemd/system/ssh-reverse-tunnel.service
[Unit]
Description=SSH Reverse Tunnel to Aliyun
After=network.target

[Service]
# User 变量影响id_rsa密钥的选择：~/.ssh/id_rsa 和用户有关
User=ssh-tunnel
ExecStart=/usr/bin/autossh -M 0 -N -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -R 6022:localhost:22 -i /home/ssh-tunnel/.ssh/id_rsa [email protected]
Restart=always
RestartSec=10
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=autossh-tunnel

[Install]
WantedBy=multi-user.target
EOF