~.town / ~cel


irc-socket-activation.md: irc-socket-activation.html

[title]: # (IRC proxy with systemd)

## IRC proxy tunnel with systemd socket activation

It has been [discussed](/~nick/sshtunnel.html) how to tunnel
[IRC](/~shanx/other.html#irc) using SSH. Here is another way to do it on Linux.
This method takes advantage of systemd socket activation. It means that when
you connect to your local IRC proxy port, systemd will spawn the IRC proxy
service which will connect to tilde.town and then to the IRC server. The
advantage is that you don't have to issue a command to start the connection,
even when the connection breaks or you restart your computer. Here is how to
do it.

1. Set up a new passwordless SSH keypair. I recommend using a keypair just for
   this proxy, as an extra precaution.

       $ ssh-keygen -f townirc.pem

2. Add the public key to your ~/.ssh/authorized_keys on tilde.town. As a
   security precaution and for convenience later, you can make the ssh key
   only be able to be used for connecting to IRC by prepending the line with
   `command="/bin/nc 6667" `.

3. On the machine where you will use the IRC client, create a systemd socket
   and service file as below. Replace HOME_USER with your local username,
   TILDE_USER with your tilde.town username, and PATH_TO_PRIVATEKEY with the
   path to where you put the private key that you generated in step 1.





       Description=Proxy to tilde.town IRC

       ExecStart=/usr/bin/ssh -T -i PATH_TO_PRIVATEKEY/townirc.pem TILDE_USER@tilde.town
Note that the ssh invokation above does not specify a command. This is because
the command="..." in the authorized_keys file for the key overrides any command
given as a command-line argument to ssh.

4. Enable the socket and service

       $ systemctl enable irc-proxy-town.socket

5. That should do it. Try connecting now to from your local IRC
   client. If it doesn't work, check `systemctl status irc-proxy-town.socket`.

*See also*:
a similar approach using netcat instead of systemd:
[Simulating ssh tunnel using netcat](http://jvdm.sdf.org/blog/2011-09-ssh-tunneling-to-bypass-smtp-firewall/)