[title]: # (IRC proxy with systemd)
## IRC proxy tunnel with systemd socket activation
It has been [discussed](/~nick/sshtunnel.html) how to tunnel
[IRC](/~shanx/other.html#irc) using SSH. Here is another way to do it on Linux.
This method takes advantage of systemd socket activation. It means that when
you connect to your local IRC proxy port, systemd will spawn the IRC proxy
service which will connect to tilde.town and then to the IRC server. The
advantage is that you don't have to issue a command to start the connection,
even when the connection breaks or you restart your computer. Here is how to
do it.
1. Set up a new passwordless SSH keypair. I recommend using a keypair just for
this proxy, as an extra precaution.
$ ssh-keygen -f townirc.pem
2. Add the public key to your ~/.ssh/authorized_keys on tilde.town. As a
security precaution and for convenience later, you can make the ssh key
only be able to be used for connecting to IRC by prepending the line with
`command="/bin/nc 127.0.0.1 6667" `.
3. On the machine where you will use the IRC client, create a systemd socket
and service file as below. Replace HOME_USER with your local username,
TILDE_USER with your tilde.town username, and PATH_TO_PRIVATEKEY with the
path to where you put the private key that you generated in step 1.
`/etc/systemd/system/irc-proxy-town.socket`:
[Socket]
ListenStream=127.0.0.1:6667
Accept=true
[Install]
WantedBy=sockets.target
`/etc/systemd/system/irc-proxy-town@.service`:
[Unit]
Description=Proxy to tilde.town IRC
After=sockets.target
[Service]
User=HOME_USER
ExecStart=/usr/bin/ssh -T -i PATH_TO_PRIVATEKEY/townirc.pem TILDE_USER@tilde.town
StandardInput=socket
Note that the ssh invokation above does not specify a command. This is because
the command="..." in the authorized_keys file for the key overrides any command
given as a command-line argument to ssh.
4. Enable the socket and service
$ systemctl enable irc-proxy-town.socket
5. That should do it. Try connecting now to 127.0.0.1:6667 from your local IRC
client. If it doesn't work, check `systemctl status irc-proxy-town.socket`.
*See also*:
a similar approach using netcat instead of systemd:
[Simulating ssh tunnel using netcat](http://jvdm.sdf.org/blog/2011-09-ssh-tunneling-to-bypass-smtp-firewall/)