How can I autostart a SSH -D tunnel at login for a SOCKS proxy?

I know that if I want to start an SSH tunnel

ssh -d 9000 user@userserver

This is one solution for a dynamic tunnel to be opened on port 9000 for a user named "user" on the host "userserver"

However, how can I automate this process in Ubuntu so that I don't have to open up a terminal every time I log in and start the tunnel? I want to be SSH'd the moment I log in.

I know I could create a bash file but wouldn't I have to store my server user's password in plaintext as I would be prompted for it after the initial command?


Solution 1:

  1. Set up password-less SSH login according to this answer:

    • ssh-keygen (you will be prompted for a password, leave it blank)

    • ssh-copy-id user@userserver (enter your SSH login password for the last time)

  2. Add an startup entry for SSH:

enter image description here

enter image description here

Solution 2:

How about using an ssh-key setup, as Source Lab suggested, but setting up your key with a pass phrase and make sure ssh-agent is running on your machine so it only needs to be entered once per login session.

There's a few advantages doing it that way: - You can get automated password-less login (apart from first boot/login) whenever you issue your ssh command - Your key has a pass phrase so it's safer - Using pub/private keys is very standard and will be supported by most SSH Server installations

To set up SSH key authentication:

  • https://help.ubuntu.com/community/SSH/OpenSSH/Keys

To use ssh-agent/keychain (to cache the pass-phrase throughout the login session):

  • http://www.cyberciti.biz/faq/ssh-passwordless-login-with-keychain-for-scripts/

As far as automating the tunnel creation on startup, one idea might be to create a quick shell script which starts the tunnel:

~$ sudo cat <<EOF >> /usr/local/bin/start_tunnel.sh
ssh-add # ensure key is added to agent
ssh -D 9000 user@userserver # substitute real server in here (of course)
EOF
~$ chmod +x /usr/local/bin/start_tunnel.sh

Then add it as a startup program (System -> Preferences -> Startup Applications), should work, anyway!