Ansible role to set up an ssh tunnel for port forwardings

Find a file

Philip (a-0) 0c5ee3d3d1 Initial commit		2022-07-13 12:52:07 +02:00
defaults	Initial commit	2022-07-13 12:52:07 +02:00
handlers	Initial commit	2022-07-13 12:52:07 +02:00
tasks	Initial commit	2022-07-13 12:52:07 +02:00
templates	Initial commit	2022-07-13 12:52:07 +02:00
vars	Initial commit	2022-07-13 12:52:07 +02:00
example_playbook.yml	Initial commit	2022-07-13 12:52:07 +02:00
README.md	Initial commit	2022-07-13 12:52:07 +02:00

README.md

An ansible role to set up an ssh tunnel and port forwardings from the remote machine to local machines

Caution

Since the current debian version of sshd does not yet support dynamic configuration files (as in /etc/ssh/sshd_config.d/*), this role will overwrite your current sshd configuration! Normal ssh access on port 22 is still possible, but custom modifications will be lost on the remote machine.

Variables you need to set

... e.g. in group_vars

ssh_tunnel_pubkey: The complete line to be used in authorized_keys, e.g. "ssh-ed25519 AAAA[...]aU root@mylocalmachine"
ssh_tunnel_privkey: The content of the corresponding private key file, including the BEGIN and END tags. It is highly recommended to put this inside an encrypted ansible vault.

tunneled_ports: A list of port forwardings. Example:

tunneled_ports:
- exposed_port: 80 # public port at the remote machine
  ephemeral_port: 10080 # internal port at remote machine's localhost address. The ssh tunnel will fetch traffic from there
  dest_host: my-internal-http-server.local.domain.tld # domain or IP address of the destination machine. Must be reachable form the local machine.
  dest_port: 80 # open port at the destination machine
  protocols: ["tcp"] # list of protocols for this forwarding. "tcp" and "udp" are supported.