~.town / ~cel

IRC proxy with systemd

IRC proxy tunnel with systemd socket activation

It has been discussed how to tunnel IRC using SSH. Here is another way to do it on Linux. This method takes advantage of systemd socket activation. It means that when you connect to your local IRC proxy port, systemd will spawn the IRC proxy service which will connect to tilde.town and then to the IRC server. The advantage is that you don’t have to issue a command to start the connection, even when the connection breaks or you restart your computer. Here is how to do it.

  1. Set up a new passwordless SSH keypair. I recommend using a keypair just for this proxy, as an extra precaution.

    $ ssh-keygen -f townirc.pem
    
  2. Add the public key to your ~/.ssh/authorized_keys on tilde.town. As a security precaution and for convenience later, you can make the ssh key only be able to be used for connecting to IRC by prepending the line with command="/bin/nc 127.0.0.1 6667".

  3. On the machine where you will use the IRC client, create a systemd socket and service file as below. Replace HOME_USER with your local username, TILDE_USER with your tilde.town username, and PATH_TO_PRIVATEKEY with the path to where you put the private key that you generated in step 1.

    /etc/systemd/system/irc-proxy-town.socket:

    [Socket]
    ListenStream=127.0.0.1:6667
    Accept=true
    
    [Install]
    WantedBy=sockets.target
    

    /etc/systemd/system/irc-proxy-town@.service:

    [Unit]
    Description=Proxy to tilde.town IRC
    After=sockets.target
    
    [Service]
    User=HOME_USER
    ExecStart=/usr/bin/ssh -T -i PATH_TO_PRIVATEKEY/townirc.pem TILDE_USER@tilde.town
    StandardInput=socket
    

    Note that the ssh invokation above does not specify a command. This is because the command=“…” in the authorized_keys file for the key overrides any command given as a command-line argument to ssh.

  4. Enable the socket and service

    $ systemctl enable irc-proxy-town.socket
    
  5. That should do it. Try connecting now to 127.0.0.1:6667 from your local IRC client. If it doesn’t work, check systemctl status irc-proxy-town.socket.

See also: a similar approach using netcat instead of systemd: Simulating ssh tunnel using netcat

Comments

There are no comments yet.

To post a comment, run mail cel+comment -s irc-socket-activation on tilde.town.