ssh_tunnel: fix guide

ssh_tunnel.md

@@ -11,26 +11,51 @@
 * ssh access to the host computer (where the ports will be forwarded from)
 
 ## On the host computer 
+* login as root or run:  
+`$ sudo su -`
 
 * Check for an ssh public key:  
-`$ cat ./.ssh/*.pub`
+`# cat ./.ssh/*.pub`
 
 * if there is none generate one (keep pressing ENTER):  
-`$ ssh-keygen -t rsa -b 4096`
+`# ssh-keygen -t rsa -b 4096`
+    * keep pressing [ENTER] to use the default values:
+    ```
+    Generating public/private rsa key pair.
+    Enter file in which to save the key (/root/.ssh/id_rsa): 
+    Enter passphrase (empty for no passphrase): 
+    Enter same passphrase again: 
+    Your identification has been saved in /root/.ssh/id_rsa.
+    Your public key has been saved in /root/.ssh/id_rsa.pub.
+    The key fingerprint is:
+    SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@hostname
+    The key's randomart image is:
+    +---[RSA 4096]----+
+    |            xxxx |
+    |           xxxxx |
+    |           xxxxx |
+    |          xxxxxx |
+    |       xxxxxxxxx |
+    |      xxxxxxxx   |
+    |     xxxxxxxxxx  |
+    |     xxxxxxxxxxx |
+    |      xxxxxxxxxx |
+    +----[SHA256]-----+
+    ```
 
 * copy the ssh public key over to the VPS (fill in the VPS_IP_ADDRESS).  
 Will be prompted for the root password of the VPS.  
-`$ cat ~/.ssh/id_rsa.pub | ssh root@VPS_IP_ADDRESS 'cat >> ~/.ssh/authorized_keys && chmod -R 700 ~/.ssh/'`
+`# cat ~/.ssh/id_rsa.pub | ssh root@VPS_IP_ADDRESS 'cat >> ~/.ssh/authorized_keys && chmod -R 700 ~/.ssh/'`
 
 ## Working on the VPS
 
 * login as root or run:  
-`sudo su -`
+`$ sudo su -`
 
 * edit the sshd config:  
-`sudo nano /etc/ssh/sshd_config`
+`# nano /etc/ssh/sshd_config`
 
-* make sure these entries are active (uncommented, meaning there is no `#` at the beggining of the line).  
+    * make sure these entries are active (uncommented, meaning there is no `#` at the beggining of the line).  
 Can just paste these on the end of the file:
     ```
     RSAAuthentication yes
@@ -42,16 +67,16 @@ Can just paste these on the end of the file:
     CTRL+O, ENTER to save, CTRL+X to exit.
  
 * restart the sshd service (WARNING: you can lose access at this point if the config is wrong):  
-`sudo systemctl restart sshd`
+`# systemctl restart sshd`
 
 ## Back to the host computer
 
 ### Set up a systemd service
 
 * create the service file:   
-`sudo nano /etc/systemd/system/autossh-tunnel.service`
+`# nano /etc/systemd/system/autossh-tunnel.service`
 
-* Paste the following and fill in the VPS_IP_ADDRESS.  
+    * Paste the following and fill in the VPS_IP_ADDRESS.  
 Add or remove ports as required.
 
     ```
@@ -63,15 +88,15 @@ Add or remove ports as required.
     User=root
     Group=root
     Environment="AUTOSSH_GATETIME=0"
-    ExecStart=/usr/bin/autossh -C -M 0 -v -N -o "ServerAliveInterval=60" -R 9735:localhost:9735 -R 443:localhost:443 -R 80:localhost:80 -R root@VPS_IP_ADDRESS
+    ExecStart=/usr/bin/autossh -C -M 0 -v -N -o "ServerAliveInterval=60" -R 9735:localhost:9735 -R 443:localhost:443 -R 80:localhost:80 root@VPS_IP_ADDRESS
     StandardOutput=journal
 
     [Install]
     WantedBy=multi-user.target
     ```
 * Enable and start the service:  
-`$ sudo systemctl enable autossh-tunnel`  
-`$ sudo systemctl start autossh-tunnel`
+`# systemctl enable autossh-tunnel`  
+`# systemctl start autossh-tunnel`
 
 * The port forwarding with a reverse ssh-tunnel is now complete. 
 You should be able access the ports/services of the host computer through the IP of the VPS.
@@ -79,10 +104,33 @@ You should be able access the ports/services of the host computer through the IP
 ## Monitoring
 
 * Check if there are any errors on the host computer:  
-`$ sudo journalctl -f -n 20  -u autossh-tunnel`
+`# sudo journalctl -f -n 20  -u autossh-tunnel`
+    * Look for the lines:
+    ```
+    debug1: Authentication succeeded (publickey).
+    debug1: Remote connections from LOCALHOST:9735 forwarded to local address localhost:9735
+    debug1: Remote connections from LOCALHOST:443 forwarded to local address localhost:443
+    debug1: Remote connections from LOCALHOST:80 forwarded to local address localhost:80
+    debug1: remote forward success for: listen 9735, connect localhost:9735
+    debug1: remote forward success for: listen 443, connect localhost:443
+    debug1: remote forward success for: listen 80, connect localhost:80
+    debug1: All remote forwarding requests processed
+    ```
 
 * To check if tunnel is active on the VPS:  
-`$ netstat -tulpn`
+`# netstat -tulpn`
+
+    * Look for the lines:
+    ```
+    Active Internet connections (only servers)
+    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
+    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7694/sshd: root     
+    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      7694/sshd: root     
+    tcp        0      0 0.0.0.0:9735            0.0.0.0:*               LISTEN      7694/sshd: root     
+    tcp6       0      0 :::80                   :::*                    LISTEN      7694/sshd: root     
+    tcp6       0      0 :::443                  :::*                    LISTEN      7694/sshd: root     
+    tcp6       0      0 :::9735                 :::*                    LISTEN      7694/sshd: root     
+    ```
 
 ## Resources