autossh systemd service

client side

apt install autossh

vim /etc/systemd/system/autossh-tunnel.service

[Unit]
Description=AutoSSH tunnel service
After=network.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR 2221:localhost:22 sshtunnel@sub.domain.tld -p 222

[Install]
WantedBy=multi-user.target

server side

2nd ssh server instance config

vim /etc/ssh/sshd222_config

Port 222
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PrintMotd no
Banner none
PidFile /var/run/sshd222.pid

create user

useradd -d /home/sshtunnel -s /bin/false -m -u sshtunnel

ssh keys limit tunneling only

mkdir /home/sshtunnel/.ssh

vim /home/sshtunnel/.ssh/authorized_keys

no-pty,no-X11-forwarding,permitopen="localhost:2221",command="/bin/echo do-not-send-commands" ssh-rsa VeryLongsShkeyBlaBlaBlaBla root@hostname

systemd

vim /etc/systemd/system/ssh222.service

[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd222_config
ExecReload=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target
Alias=sshd.service
systemctl enable ssh222
systemctl start ssh222