19 lines
1.3 KiB
Markdown
19 lines
1.3 KiB
Markdown
|
An ansible role to set up an ssh tunnel and port forwardings from the remote machine to local machines
|
||
|
|
|
||
|
|
# Caution
|
||
|
|
Since the current debian version of sshd does not yet support dynamic configuration files (as in `/etc/ssh/sshd_config.d/*`), this role will **overwrite** your current sshd configuration! Normal ssh access on port 22 is still possible, but custom modifications will be lost on the remote machine.
|
||
|
|
|
||
|
|
# Variables you need to set
|
||
|
|
... e.g. in `group_vars`
|
||
|
|
- `ssh_tunnel_pubkey`: The complete line to be used in `authorized_keys`, e.g. "ssh-ed25519 AAAA[...]aU root@mylocalmachine"
|
||
|
|
- `ssh_tunnel_privkey`: The content of the corresponding private key file, including the BEGIN and END tags. It is highly recommended to put this inside an encrypted ansible vault.
|
||
|
|
- `tunneled_ports`: A list of port forwardings. Example:
|
||
|
|
```
|
||
|
|
tunneled_ports:
|
||
|
|
- exposed_port: 80 # public port at the remote machine
|
||
|
|
ephemeral_port: 10080 # internal port at remote machine's localhost address. The ssh tunnel will fetch traffic from there
|
||
|
|
dest_host: my-internal-http-server.local.domain.tld # domain or IP address of the destination machine. Must be reachable form the local machine.
|
||
|
|
dest_port: 80 # open port at the destination machine
|
||
|
|
protocols: ["tcp"] # list of protocols for this forwarding. "tcp" and "udp" are supported.
|
||
|
|
```
|