Operations 9 min read

Using autossh for Secure SSH Tunneling, Automatic Reconnection, and Port Forwarding

This article explains how autossh automates SSH connections, provides reliable automatic reconnection, and supports local, remote, and dynamic port forwarding on Linux systems, including installation methods, key command‑line options, example usages, service configuration for auto‑start, and scripting tips.

Top Architect

May 5, 2021

Using autossh for Secure SSH Tunneling, Automatic Reconnection, and Port Forwarding

autossh is a command‑line utility that automates SSH logins, monitors the connection, and automatically reconnects when the SSH process is terminated or the network becomes unstable.

It leverages the native SSH port‑forwarding features, offering three main forwarding modes:

Local port forwarding (-L) : forwards a port on the local machine to a remote host.

Remote port forwarding (-R) : forwards a port on the remote host back to the local machine.

Dynamic port forwarding (-D) : creates a SOCKS proxy for flexible traffic routing.

The tool originated from rstunnel and has evolved to include a monitoring echo service and improved loop‑of‑forwardings handling.

Installation (Linux):

# yum install autossh
# apt install autossh

Typical usage :

# autossh usage
autossh [-V] [-M port[:echo_port]] [-f] [SSH_OPTIONS]

Important command‑line options :

编号

参数

含义说明

-M

监控端口，用于自动重连和 echo 机制

-D

本地机器的动态端口转发

-R

将远程主机端口转发到本地指定机器

-L

将本地端口转发到远端指定机器

-f

后台运行

-T

不占用 shell

-n

配合 -f 使用

-N

不执行远程命令

-q

安静模式，忽略提示和错误

Example: local port binding (-L)

# 将本地 5900 端口转发到 host2 的 8000 端口
autossh -M 5678 -fCN -L 5900:localhost:8000 user@host2
# 或者使用目标机器的 IP
autossh -M 5678 -fCN -L 5900:[email protected]:8000 user@host2

Example: remote port forwarding (-R)

# 将本地 5900 端口转发到 host2 的 8000 端口（在 host3 上执行）
autossh -M 5678 -fCN -R 5900:localhost:8000 user@host2

Example: dynamic port forwarding (-D)

# 创建本地 SOCKS 代理
autosssh -M 5678 -vv -D 1080 user@host2

Auto‑start configuration using systemd (Ubuntu example):

[Unit]
Description=AutoSSH service for remote tunnel
After=network-online.target

[Service]
User=root
ExecStart=/usr/bin/autossh -M 5678 -fCNR 18081:host2:8080 user@host2

[Install]
WantedBy=multi-user.target

On older systems you can add the same command to rc.local or use an init.d script.

Additional helper scripts can be written to start or stop the tunnel, for example using expect to handle password prompts.

Overall, autossh provides a lightweight, low‑overhead solution for reliable SSH tunneling; for large‑scale port mapping, tools like Ngrok may be more appropriate.

Linux System Administration network operations Port Forwarding autossh ssh tunneling

Written by

Top Architect

Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.