Whether your servers are connected to the internet or not, it’s always a good maintenance practice to bind the SSH ports to a different server. This guide will walk you through the steps to bind your servers’ SSH ports to another server.

Create user folder with ssh

mkdir -p /home/user/.ssh

Add user

useradd user -m -d /home/user -s /bin/true

Add your key to authorized keys

echo 'client-key' > /home/user/.ssh/authorized_keys

Change directory ownership

chown -R user:user /home/user

Client (Linux)

Create Systemd service

Replace x with your wanted remote port on the remote server. Add to /etc/systemd/system/autossh-tunnel.service:

[Unit]
Description=AutoSSH tunnel service to server on local port 22
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
User=spmzt
Group=spmzt
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR x:localhost:22 [email protected] -p 22

[Install]
WantedBy=multi-user.target

Client (FreeBSD)

Create RC Script

Replace x with your wanted remote port on the remote server. Add to /usr/local/etc/rc.d/autossh_tunnel:

#!/bin/sh
#
# PROVIDE: autossh_tunnel
# REQUIRE: sshd
# KEYWORD: shutdown

. /etc/rc.subr

name=autossh_tunnel
desc="AutoSSH tunnel service to server on port 22"
rcvar=autossh_tunnel_enable

command="/usr/local/bin/sudo"
command_args='-u user /usr/local/bin/autossh -f -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR x:localhost:22 [email protected] -p 22'

load_rc_config $name

#
# DO NOT CHANGE THESE DEFAULT VALUES HERE
# SET THEM IN THE /etc/rc.conf FILE
#
autossh_tunnel_enable=${autossh_tunnel_enable-"NO"}
pidfile=${autossh_tunnel_pidfile-"/var/run/autossh_tunnel.pid"}

run_rc_command "$1"