(info) The tunnel can only be enabled if the remote server is onboarding the devices public key. This will only be made if the Backend knows that a tunnel should be established.

Configuration

/config/os/esec/RemoteManager.conf

/config/os/esec/RemoteManager.conf.sig

DeviceName=BHT-0002-02-0000030
ServerURL=my.server.url
PrivateKey=/config/os/root/.ssh/id_ecdsa
ServerReversePort=10203
ConnectionSleepTimeSec=300
IdleSleepTimeSec=60
ReverseConnectionActive=true
ServerSshPort=22
HostPort=22

Scheduling

systemd Example

/etc/systemd/system/remotemanager.service

[Unit]
Description=Remote SSH Manager
After=network.target
StartLimitIntervalSec=0
 
[Service]
Type=simple
Restart=always
RestartSec=5
User=root
ExecStart=/usr/local/bin/RemoteManager
WorkingDirectory=/config/os/esec/
 
[Install]
WantedBy=multi-user.target

Example Tunnel Script

#!/bin/sh
 
ConfigFile="./RemoteManager.conf"
 
while true
do
if . $ConfigFile
then
if [ -z $ServerSshPort ]
then
ServerSshPort=22
fi
 
if [ -z $HostPort ]
then
HostPort=22
fi
 
if $ReverseConnectionActive
then
echo "connecting to $ServerURL as $DeviceName via SSH"
echo "closing connection in $ConnectionSleepTimeSec seconds"
if ssh -i "$PrivateKey" -o "ConnectTimeout=5" -o "ServerAliveInterval=5" -o "StrictHostKeyChecking=no" -p $ServerSshPort -R $ServerReversePort:localhost:$HostPort $DeviceName@$ServerURL sleep $ConnectionSleepTimeSec
then
echo "ssh connection closed successfully"
else
echo "ssh connection failed, sleeping $IdleSleepTimeSec seconds" >&2
sleep $IdleSleepTimeSec
fi
else
echo "Reverse Connection inactive"
echo "sleeping for $IdleSleepTimeSec seconds"
sleep $IdleSleepTimeSec
fi
else
exit 1
fi
done