RemoteManager - Managed SSH Port forwarding
The tunnel can only be enabled if the remote server is onboarding the devices public key. This will only be made if the Backend knows that a tunnel should be established.
Configuration
/config/os/esec/RemoteManager.conf
/config/os/esec/RemoteManager.conf.sig
DeviceName=BHT-0002-02-0000030
ServerURL=my.server.url
PrivateKey=
/config/os/root/
.
ssh
/id_ecdsa
ServerReversePort=10203
ConnectionSleepTimeSec=300
IdleSleepTimeSec=60
ReverseConnectionActive=
true
ServerSshPort=22
HostPort=22
Scheduling
systemd Example
/etc/systemd/system/remotemanager.service
[Unit]
Description=Remote SSH Manager
After=network.target
StartLimitIntervalSec=0
[Service]
Type
=simple
Restart=always
RestartSec=5
User=root
ExecStart=/usr/local/bin/RemoteManager
WorkingDirectory=/config/os/esec/
[Install]
WantedBy=multi
-user
.target
Example Tunnel Script
#!/bin/sh
ConfigFile=
"./RemoteManager.conf"
while
true
do
if
. $ConfigFile
then
if
[ -z $ServerSshPort ]
then
ServerSshPort=22
fi
if
[ -z $HostPort ]
then
HostPort=22
fi
if
$ReverseConnectionActive
then
echo
"connecting to $ServerURL as $DeviceName via SSH"
echo
"closing connection in $ConnectionSleepTimeSec seconds"
if
ssh
-i
"$PrivateKey"
-o
"ConnectTimeout=5"
-o
"ServerAliveInterval=5"
-o
"StrictHostKeyChecking=no"
-p $ServerSshPort -R $ServerReversePort:localhost:$HostPort $DeviceName@$ServerURL
sleep
$ConnectionSleepTimeSec
then
echo
"ssh connection closed successfully"
else
echo
"ssh connection failed, sleeping $IdleSleepTimeSec seconds"
>&2
sleep
$IdleSleepTimeSec
fi
else
echo
"Reverse Connection inactive"
echo
"sleeping for $IdleSleepTimeSec seconds"
sleep
$IdleSleepTimeSec
fi
else
exit
1
fi
done