IRC proxy tunnel with systemd socket activation
It has been discussed how to tunnel IRC using SSH. Here is another way to do it on Linux. This method takes advantage of systemd socket activation. It means that when you connect to your local IRC proxy port, systemd will spawn the IRC proxy service which will connect to tilde.town and then to the IRC server. The advantage is that you don’t have to issue a command to start the connection, even when the connection breaks or you restart your computer. Here is how to do it.
Set up a new passwordless SSH keypair. I recommend using a keypair just for this proxy, as an extra precaution.
$ ssh-keygen -f townirc.pem
Add the public key to your ~/.ssh/authorized_keys on tilde.town. As a security precaution and for convenience later, you can make the ssh key only be able to be used for connecting to IRC by prepending the line with
command="/bin/nc 127.0.0.1 6667".
On the machine where you will use the IRC client, create a systemd socket and service file as below. Replace HOME_USER with your local username, TILDE_USER with your tilde.town username, and PATH_TO_PRIVATEKEY with the path to where you put the private key that you generated in step 1.
[Socket] ListenStream=127.0.0.1:6667 Accept=true [Install] WantedBy=sockets.target
[Unit] Description=Proxy to tilde.town IRC After=sockets.target [Service] User=HOME_USER ExecStart=/usr/bin/ssh -T -i PATH_TO_PRIVATEKEY/townirc.pem TILDE_USER@tilde.town StandardInput=socket
Note that the ssh invokation above does not specify a command. This is because the command=“…” in the authorized_keys file for the key overrides any command given as a command-line argument to ssh.
Enable the socket and service
$ systemctl enable irc-proxy-town.socket
That should do it. Try connecting now to 127.0.0.1:6667 from your local IRC client. If it doesn’t work, check
systemctl status irc-proxy-town.socket.
See also: a similar approach using netcat instead of systemd: Simulating ssh tunnel using netcat