if you want to use ssh port forwarding as systemd service, keep in mind that the default user for execution is root, and you need to use the public key of root to login.

or you can change the user executing the task in service config:

1
2
3

[System]
User=xxx

chisel can be used for port forwarding by http compared with wstunnel, able to survive nginx (still need to configure websocket upgrades).

1
2
3
4
5

# server, allowing reverse port forwarding
chisel server -p <port> --auth <user>:<pass> --reverse
# client
chisel client --auth <user>:<pass> <protocol>://<url> <local_addr>:<remote_addr> R:<remote_addr>:<local_addr>

if you want to have multiple host sharing same ip because of proxy forwarding or different network locations, then you need to change the system host mapping file.

in linux and macos it is at /etc/hosts

in windows, C:\Windows\System32\drivers\etc\hosts

you need to configure the host file on the proxy machine if you want to avoid name clashes with proxies. these host names can be less informative to hide the intent.

on latest ubuntu 24.04 the sshd config includes files under /etc/ssh/sshd_config.d which has a file named 50-cloud-init.conf has the line overriding any other setting afterwords.

1
2

PasswordAuthentication yes

you need to change both /etc/ssh/sshd_config and this file to disable password authentication.

-R will not allow you to open 0.0.0.0 port on remote machine unless you configure something in /etc/ssh/sshd_config like below.

1
2
3

AllowTcpForwarding yes
GatewayPorts clientspecified

if not, use socat to finally deliver the forwarded remote local port to remote public port.

1
2

socat TCP-LISTEN:<lport>,reuseaddr,fork TCP:<rhost>:<rport>

port forwarding failure can be corrected.

1
2
3
4
5
6
7

# get the process pid of the port
sudo lsof -i :<port>
lsof -i :<port>
# kill the process
kill <port>
# rerun lsof to check if the port is freed

n2n can be in handy if you do not have too many ports on internet and still want to access all ports in between your local machines.

if connection is unstable, use -o ServerAliveInterval=60 -o ServerAliveCountMax=3 to extend the timeout period.

execute script before & after system events like startup, suspend & shutdown

for startup use @reboot with crontab -e

for others, write scripts under /lib/systemd/system-*

view full logs

1
2

journalctl -u <serviceName>.service

create, install, restart, reload

1
2
3
4
5
6

cd /etc/systemd/system
create <serviceName>.service
systemctl enable <serviceName>.service
systemctl daemon-reload
systemctl start <serviceName>.service

sample systemd service config files

maybe we should add some autorestart configs at it?

frpc_service.service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

[Unit]
Description=frpc service, expose ssh, webdav and code-server ports
Wants=network.target
After=syslog.target network-online.target
[Service]
Type=simple
User=root
ExecStart=/root/frp_client_linux/frp_0.36.2_linux_amd64/frpc -c frpc.ini
WorkingDirectory=/root/frp_client_linux/frp_0.36.2_linux_amd64
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target

pyjom_webdav_rclone_service.service

1
2
3
4
5
6
7
8
9

[Unit]
Description=rclone webdav served on pyjom, after the disk is mounted
[Service]
User=root
ExecStart=/usr/bin/python3 mount_help_and_serve_pyjom.py
WorkingDirectory=/root/Desktop/works/restore_sessions
[Install]
WantedBy=multi-user.target

tempthrottle.service

1
2
3
4
5
6
7
8
9

[Unit]
Description=temperature control, cpu temperature under 60 celsius
[Service]
User=root
ExecStart=/usr/bin/python3 tempthrottle_daemon.py
WorkingDirectory=/root/Desktop/works/restore_sessions
[Install]
WantedBy=multi-user.target

clash_fastgithub.service

1
2
3
4
5
6
7
8
9
10

[Unit]
Description=Clash Fastgithub Proxy
After=network.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/bin/clash -d /etc/clash
[Install]
WantedBy=multi-user.target

tujia_scraper_qq_bot.service

1
2
3
4
5
6
7
8
9
10
11
12
13

[Unit]
Description=two crucial services: tujia scraper, qq bot
Wants=network.target
After=syslog.target network-online.target
[Service]
Environment="DISPLAY=:1"
Environment="XAUTHORITY=/root/.Xauthority"
User=root
ExecStart=/usr/bin/python3 main_daemon.py
WorkingDirectory=/root/Desktop/works/restore_sessions
[Install]
WantedBy=graphical.target

sync_git_repos_syncdog.service

1
2
3
4
5
6
7
8
9
10
11

[Unit]
Description=syncdog (server), to sync things to the cloud (github)
Wants=sshd.service
Wants=network.target
[Service]
User=root
ExecStart=/usr/bin/python3 syncdog_test.py
WorkingDirectory=/root/Desktop/works/sync_git_repos
[Install]
WantedBy=multi-user.target