Skip to content

Latest commit

 

History

History

reverse_ssh_tunnel

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
firstboot
firstboot
 
 
README.md
README.md
 
 
firstboot.sh
firstboot.sh
 
 

README.md

raspberian-firstboot

Setup an automatic reverse SSH tunnel for remote management

  1. Edit firstboot/sshtun.service:
    1. Confirm/update port for management server local port (example uses port 2223).
    2. Update USER@MANAGEMENTHOST for your internet-accessible management server.
  2. Copy USER's private key to firstboot directory.
  3. Mount your image (works in Windows, MacOS, and Linux).
  4. Copy firstboot.sh and firstboot directory to /boot partition (/mnt/boot, /Volumes/boot, etc.).
  5. Unmount your image, burn it to SD, and test:
    1. On your management server, run netstat -nl | grep 2223
    2. It may take a few minutes for your tunnel to come up the first time.
    3. Once the tunnel is listening, connect to your Pi: ssh pi@localhost -p2223

Troubleshoot

  1. Connect a display & keyboard to your Pi.
  2. Confirm/debug wifi connectivity.
  3. Ensure it's possible to SSH to your mangement host using the same user/key set in sshtun.service
  4. Confirm firstboot.service was successful:
    1. /boot/firstboot.sh was renamed to /boot/firstboot.sh.done
    2. Look for issues in /var/log/
  5. Confirm sshtun.service was setup successfully:
    1. Confirm sshtun.service was installed in /etc/systemd/system/sshtun.service
    2. Confirm sshtun.service is running.
    3. Look for an ssh process that matches your sshtun.service config with ps -elf | grep ssh
    4. Look for issues in /var/log/