The second step is to set up the launchd daemon that will keep the connection alive. To do that, we have to write have the following
.plist file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ssh.tunnels</string>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh</string>
<string>-a</string>
<string>-x</string>
<string>-k</string>
<string>-C</string>
<string>-D</string>
<string>10080</string>
<string>ip-or-name-of-remote-server</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
This is equivalent to executing the following cmd in a terminal window:
ssh -axkC -D10080 ip-or-name-of-remote-server
The
-a and
-k tells SSH not to forward the authentication agent connection and the GSSAPI credentials. This is used as a precaution.
-x tells SSH not to forward X11 connections. This is because if your default does forward, it will save you a little bandwidth. You should of course replace
ip-or-name-of-remote-server with your servers domain name or ip address.
The
plist itself should be saved as (for example):
~/Library/LaunchAgents/com.ssh.tunnels.plist
It will run automatically after you restart, but, if you're impatient, you can tell launchd to load it by typing:
launchctl load -S Aqua ~/Library/LaunchAgents/com.ssh.tunnels.plist
That's it!
Note, if you have problems, you can unload the plist:
launchctl unload ~/Library/LaunchAgents/com.ssh.tunnels.plist
and use the following plist instead, which will dump into the console a lot of debugging information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ssh.tunnels</string>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh</string>
<string>-a</string>
<string>-x</string>
<string>-k</string>
<string>-C</string>
<string>-v</string>
<string>-D</string>
<string>10080</string>
<string>ip-or-name-of-remote-server</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Note the extra "debug" key and -v option for the SSH. Once edited, load the plist again.