autossh
Ansible Role: autossh
- Installs autossh and systemd services to run it and keep SSH tunnels open.
- Scans for host keys, to avoid host key checking prompts.
Forked from memiah/ansible-role-autossh to change targeted systems to Debian instead of RedHat.
We assume that the SSH user exists and has the correct permissions to access the remote server. A corresponding SSH key must also be present and available on the local server.
Role variables (default values)
autossh_connections:
- id: "example" # Simple unique connection identifier (characters: "a-z,0-9,-").
user: "" # Username used to connect to remote server.
server: "" # IP / hostname of remote server.
server_key_type: "" # Key type of the remote server, defaults to autossh_default_server_key_type. (Optional)
local_port: "" # Local port to forward.
dest_server: "" # IP / hostname to use on the remote server, defaults to autossh_default_dest_server. (Optional)
dest_port: "" # Port on the remote server to connect to.
identity_file: "" # Path to SSH private key, defaults to autossh_default_ssh_key_path. (Optional)
Add a set of SSH connection properties per connection. Multiple connections can be listed here.
autossh_path: "/usr/bin/autossh"
Path to autossh.
autossh_ssh_dir: "/root/.ssh"
Directory to store SSH configuration.
autossh_systemd_dir: "/etc/systemd/system/"
Path to systemd system dir.
autossh_known_hosts_file: "{{ autossh_ssh_dir }}/known_hosts"
Path to known hosts file.
autossh_default_server_key_type: "ecdsa"
Default key type of the remote server. Override this value for an single
connection using the server_key_type
option in the autossh_connections
list.
autossh_default_dest_server: "127.0.0.1"
Default IP / hostname to use on the remote server, this will most likely
be localhost / 127.0.0.1. Override this value for an single connection
using the dest_server
option in the autossh_connections
list.
autossh_default_identity_file: "/root/.ssh/id_rsa"
Path to file from which the identity (private key) for public key
authentication is read. The default is /root/.ssh/id_rsa
for
protocol version 2. Override this value for an single connection using
the identity_file
option in the autossh_connections
list.
Example
Forward local port 33061
to port 3306
on db.example.com
, connecting
via SSH as [email protected]
.
- hosts: backup
vars:
autossh_connections:
- id: mysql
user: backup
server: db.example.com
local_port: '33061'
dest_port: '3306'
roles:
- role: yurihs.autossh
become: true
This will create a new service named autossh-backup.service
, which can be
managed by systemctl:
systemctl status autossh-backup.service
systemctl restart autossh-backup.service
...
Authors
This role was created in 2016 by Memiah Limited.
Debian adaptation in 2019 by yurihs.