client side
apt install autossh
vim /etc/systemd/system/autossh-tunnel.service
[Unit]
Description=AutoSSH tunnel service
After=network.target
[Service]
Restart=always
RuntimeMaxSec=86400
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR 2221:localhost:22 sshtunnel@sub.domain.tld -p 222
[Install]
WantedBy=multi-user.target
server side
2nd ssh server instance config
vim /etc/ssh/sshd222_config
Port 222
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PrintMotd no
Banner none
PidFile /var/run/sshd222.pid
create user
useradd -d /home/sshtunnel -s /bin/false -m -u sshtunnel
ssh keys limit tunneling only
mkdir /home/sshtunnel/.ssh
vim /home/sshtunnel/.ssh/authorized_keys
no-pty,no-X11-forwarding,permitopen="localhost:2221",command="/bin/echo do-not-send-commands" ssh-rsa VeryLongsShkeyBlaBlaBlaBla root@hostname
systemd
vim /etc/systemd/system/ssh222.service
[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd222_config
ExecReload=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
Alias=sshd.service
systemctl enable ssh222
systemctl start ssh222