1. ssh relay
you want to access your home server behind a firewall or nat from outside. you must have a public server(relay server) 122.235.139.194(sh_cvmx shanghaicavm!), which both home server and outside PC can access.
1.1. on home server
homeserver~$ ssh -fN -R 10022:localhost:22 sh_cvmx@122.235.139.194
10022 is an unused port on relay server
1.2. login to relay server
ssh sh_cvmx@122.235.139.194
shanghaicavm!
check 10022 port, shoud be like this:
relayserver~$ sudo netstat -nap | grep 10022
tcp 0 0 127.0.0.1:10022 0.0.0.0:* LISTEN 8493/sshd
1.3. from any PC
login to relay server
ssh sh_cvmx@122.235.139.194
shanghaicavm!
Then on relay server, login to home server:
relayserver~$ ssh -p 10022 cvm@localhost
cvmx@sh
1.4. ssh keep alive
# vim /etc/ssh/ssh_config
Host *
ServerAliveInterval 60
ServerAliveCountMax 2
sudo service ssh restart
1.5. make it persistent
passwordless ssh login, on home server
ssh-keygen -t rsa -P '' cat ~/.ssh/id_rsa.pub | ssh root@112.74.210.173 "cat >> ~/.ssh/authorized_keys"注: 有的时候还是不能免密登录, 此时要该服务端的权限 chmod 600 authorized_keys
yum install autosshhomeserver~$ autossh -M 10985 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 112.74.210.173:11985:localhost:22 root@112.74.210.173ssh root@112.74.210.173 Cavium@shssh -p 11985 cvm@localhost cvmx@sh