import

bin/safe-harbor.py

@@ -0,0 +1,27 @@
+#! /usr/bin/env python3
+# encoding: utf-8
+
+import jsmin
+import json
+import os
+import sys
+
+if __name__ == "__main__":
+	if len(sys.argv) == 2:
+		cfg_path = sys.argv[1]
+	else:
+		cfg_path = "/etc/safe-harbor/config.json"
+	
+	with open(cfg_path) as f:
+		cfg = json.loads(jsmin.jsmin(f.read()))
+	
+	command = ["/usr/bin/ssh", "ssh", "-o", "ServerAliveInterval 45", "-o", "ServerAliveCountMax 2", "-o", "ExitOnForwardFailure yes", "-N"]
+	
+	for m in cfg["mapping"]:
+		command.append("-R")
+		command.append("%d:localhost:%d" %(m["remote"], m["local"]))
+	
+	command.append("%s@%s" %(cfg["user"], cfg["host"]))
+	
+	# replace this process, systemd will restart us if needed
+	os.execl(*command)

config.json.example

@@ -0,0 +1,14 @@
+{
+	"host": "decade.cz",
+	"user": "tunnel",
+	"mapping": [
+		{
+			"remote": 50022,
+			"local": 22
+		},
+		{
+			"remote": 8000,
+			"local": 80
+		}
+	]
+}

systemd/safe-harbor@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Safe Harbor SSH tunnel
+After=network.target
+
+[Service]
+User=$i
+ExecStart=/usr/bin/python3 /usr/lib/safe-harbor/safe-harbor.py
+Restart=always
+RestartSec=90
+
+[Install]
+WantedBy=multi-user.target