*Checks calendar*

Ah well. My last post on this blog was well over a year a go. Not much to share when you’re dealing with proprietary stuff, and I’m trying to limit my gadget review as minimum as possible


A couple years back, I posted an article on how to access nfs share through ssh tunnel. Fast forward today, the guy maintaining the system is asking whether this particular setup can be made to automatically connect the ssh tunnel and mount the share after reboot.

Well of course!

So there are two steps involved in this, which are:

  1. Establishing the ssh tunnel and exposing the remote NFS port to our local system
  2. Mount the aforementioned NFS share.

Let’s cater this one by one:

Bringing up the tunnel on startup

Assuming that you can already establish the tunnel on-demand, we should be half way done. The next step is to enable passwordless ssh connection from the local system to the remote node. Put the private key somewhere that can only be accessed by your root account, and change the owner of said key to root.

Let’s generate our new Unit file for the SystemD service

$ sudo nano /etc/systemd/system/shtunnel.service

Here’s how my Unit file looks like:

Description=Create Tunnel and expose port 2049 on remote system to port 3049 on local

ExecStart=/usr/bin/ssh -i /key/id_rsa -NTC -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L 3049:localhost:2049 pipe@aaa.bbb.ccc.ddd -p wxyz


Notice “After=network.target” on top. This will tell the service to initiate only after “network.target” is up. Change aaa.bbb.ccc.ddd to your remote node IP address and wxyz to the SSH port you’re exposing to the internet (Please don’t use the default port). Change “pipe” to the username that you set your passwordless ssh login to. I’m exposing NFS port 2049 on the remote system as port 3049 on my local machine. Change it to whatever you need to expose

Update SystemD daemon, and enable the service so it will automatically run on system startup

$ sudo systemctl daemon-reload
$ sudo systemctl enable shtunnel

The system should now automatically establish our ssh tunnel on boot. You can also


$ sudo systemctl start shtunnel


$ sudo systemctl stop shtunnel

..or restart the tunnel via SystemD

$ sudo systemctl restart shtunnel

To see whether the tunnel is alive, do

$ telnet localhost 3049
Connected to localhost.
Escape character is '^]'.

We are done with the first half of the setup

Mounting the NFS share

Now that we have the ssh tunnel at system startup, let’s handle how we mount the NFS share as well.

Like part 1, we will be relying on another type of SystemD unit file, this time it’s a “mount”. Unlike other type of SystemD unit file a mount type SystemD unit file must be named in accordance to the file system mount target. For example:

$ sudo nano /etc/systemd/system/mnt-remote.mount

Here’s how the unit file configured:




Since we are going to mount the remote NFS share to “/mnt/remote”, then the name for unit file would be “mnt-remote.mount”. Just like our ssh tunnel unit file, we will need to set this one run only after a particular service has been established, in this case, the shtunnel.service. As usual, after we add, remove, or modify a SystemD daemon, do:

$ sudo systemctl daemon-reload

And set the daemon to run on system startup

$ sudo systemctl enable mnt-remote.mount

…and now, you should have your ssh tunelled NFS share mounted on reboot.

By ikhsan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.