reply
Run it via systemd, create and enable a unit file and it will automate a restart on failure or on boot
[Unit] Description=Establish SSH Reverse Tunnel to VPS After=network.target [Service] ExecStart=/usr/bin/ssh -N -R 8080:localhost:8080 root@vps Restart=always RestartSec=30 User=justin StandardOutput=syslog StandardError=syslog SyslogIdentifier=vpstun [Install] WantedBy=multi-user.target
reply
ssh -N -R 8080:localhost:8080 root@vps
Valid points, however everyone needs to make their own choice of convenience vs speed & security. As I'm putting my own sats on the line, I err on latter.
Summary
For maximum security and speed: As said wg would be my recommended choice, and we have it in productions with many VPNs and clients across the globe. And following that guide isn't that much PITA, but actually a great linux learning experience. I'd say this is a good asset if you're into running a node in any case.
For simplicity and quick setup: SSH tunneling can be a decent option, especially for temporary or less sensitive use cases.
reply
ehh.. those are very unsubstantial claims... Are you suggesting SSH is cryptographically broken and ignoring that it has far more production use in the wild than anything else?
Speed I'd give you sure, but the kind of things one would use it for is not going to be noticeable
It's probably a better Linux 101 to understand the vast capabilities inherent to SSH and get the user terminal maxxing
reply
I'm not suggesting the cryptography is broken, but having an ongoing SSH root tunnel exposes unnecessary attack vectors. Terrapin was just the recent one, and I'm in favor to not have my ssh in the open at all.
Yes you can FW restrict the access to specific ip ranges, but then you're back into the configuration and security overhead you intended to avoid in the first place.
Read my summary, I think it's a valid option, but I wouldn't want this for my production routing node running for 4 years 24/7
reply
ssh -N -R 8080:localhost:8080 root@vps