Ansible role to set up an ssh tunnel for port forwardings

Find a file

Philip (a-0) c91f34e0b4 Added LocalForward		2023-01-09 13:32:32 +01:00
defaults	Initial commit	2022-07-13 12:52:07 +02:00
handlers	Initial commit	2022-07-13 12:52:07 +02:00
meta	Added default meta/main.yml	2022-07-13 13:02:49 +02:00
tasks	Added LocalForward	2023-01-09 13:32:32 +01:00
templates	Added LocalForward	2023-01-09 13:32:32 +01:00
vars	fixed sshd conf.d path	2022-07-13 13:04:03 +02:00
example_playbook.yml	Initial commit	2022-07-13 12:52:07 +02:00
README.md	Added LocalForward	2023-01-09 13:32:32 +01:00

README.md

An ansible role to set up an ssh tunnel and port forwardings from the remote machine to local machines

Required variables

... e.g. in group_vars

ssh_tunnel_pubkey: The complete line to be used in authorized_keys, e.g. "ssh-ed25519 AAAA[...]aU root@mylocalmachine"
ssh_tunnel_privkey: The content of the corresponding private key file, including the BEGIN and END tags. It is highly recommended to put this inside an encrypted ansible vault.

remote_forward: The list of port forwardings from the remote server to some local machine. Example:

remote_forward:
- exposed_port: 80 # public port at the remote machine
  ephemeral_port: 10080 # internal port at remote machine's localhost address. The ssh tunnel will fetch traffic from there
  dest_host: my-internal-http-server.local.domain.tld # domain or IP address of the destination machine. Must be reachable form the local machine.
  dest_port: 80 # open port at the destination machine
  protocols: ["tcp"] # list of protocols for this forwarding. "tcp" and "udp" are supported.

local_forward: The list of port forwardings from the local machine to the remote machine. Example:

local_forward:
- local_port: 1234 # port bound on local machine, IP is automatically queried as A-record of inventory_hostname
  remote_host: the-remote-server.domain.tld # remote server to forward to
  remote_port: the remote machine's port to forward the traffic to