Table of Contents

Homeassistant via SSH-Remote-Portforwarding extern nutzen

Arbeiten auf minad.de

minad brot # useradd -s /sbin/nologin -m -U brot_homeassistant_portfw 
minad brot # passwd -l brot_homeassistant_portfw
passwd: Passwortablauf-Informationen geändert.
minad brot # su brot_homeassistant_portfw -s /bin/bash
brot_homeassistant_portfw@minad ~ $ echo "SSH KEY HIER EINFÜGEN" > ~/.ssh/authorized_keys
/etc/ssh/sshd_config
(...)
Match User brot_homeassistant_portfw
   AllowTcpForwarding remote
   X11Forwarding no
   PermitTunnel no
   GatewayPorts no
   AllowAgentForwarding no
   ForceCommand echo 'This account can only be used for portforwarding'
(...)

Arbeiten auf pi-homeassistant

root@pi-homeassistant:/home# useradd -m -s /bin/false brot_homeassistant_portfw   
root@pi-homeassistant:/home# su brot_homeassistant_portfw -s /bin/bash
brot_homeassistant_portfw@pi-homeassistant:/home$ cd 
brot_homeassistant_portfw@pi-homeassistant:~$ ssh-keygen -t ed25519
/etc/systemd/system/homeassistant-ssh-portfw.service
[Unit]
Description=Portfw homeassistant to minad.de
After=network.target
 
[Service]
User=brot_homeassistant_portfw
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -R 47443:localhost:80 brot_homeassistant_portfw@minad.de -p 55555
 
# Immer restarten, aber nicht hektisch loopen
RestartSec=15
Restart=always
 
[Install]
WantedBy=multi-user.target