Create persistent local SSH server forwarding with autossh

UPD: Just use ZeroTier — open source, cross-platform, secure and easy to use virtual LAN. Add your remote computers to a virtual network and connect to them as if they are in the same LAN. Connections are end-to-end encrypted and P2P, so you always get the best speed and latency possible. Hamachi, TeamViewer, SSH forwarding, etc. — you don't need these anymore.

Install is pretty simple: add their repo, install package, join network, done.
Networks are created and managed on their control panel my.zerotier.com or via API, where you can register with email or Google SSO. 50 seconds video demonstration

So you want to be able to SSH into your home or office computer A, but it is not accessible from the internet? No problem, if you have internet accessible computer B (e.g. VPS), you can make A establish a secure connection to B and then connect to A through B from any other computer. Also, you can make this A ⇔ B connection to be reestablished automatically in case of failure. Nice, huh?

This one is similar to persistent SSH proxy setup. Preparation part is exactly the same, so if you've already done that, you may skip it and go straight to persistent local SSH server forwarding configuration.

After each file and command there will be a location label: @computer for your local computer, @server for remote server — so that you don't get confused what to do/get/put where.

Preparation

Create proxy user on the server:
sudo adduser ergo-proxy @server
Set up key based authentication for ergo-proxy@example.com.
We will assume that you private key is ~/.ssh/id_rsa_proxy @computer and that you can successfully connect (thus example.com is in known hosts list).
Install autossh:
sudo apt install autossh @computer

Create a systemd service for keeping connection alive with autossh @computer:

mkdir -p ~/.config/systemd/user

sudo tee ~/.config/systemd/user/autossh@.service << EOF
[Unit]
Description = Keeps a '%i' tunnel alive
After = network-online.target
Conflicts = shutdown.target

[Service]
ExecStart = /usr/bin/env autossh -M 0 -NTq %i
Restart = always
RestartSec = 60

[Install]
WantedBy = default.target
EOF

Disable shell for proxy user:
sudo chsh -s /usr/sbin/nologin ergo-proxy @server

Create persistent local SSH server forwarding

Install local SSH server:
sudo apt install ssh @computer

Create barebones SSH server config @computer, making it only listen localhost, leaving most other settings to defaults:

sudo tee /etc/ssh/sshd_config << EOF
ListenAddress localhost
PermitRootLogin no
# PasswordAuthentication no # Uncomment if you only use key authentication
AcceptEnv LANG LC_*
EOF

Restart SSH server to apply config changes:
sudo service ssh restart @computer

Add SSH client config for SSH forwarding @computer:

sudo tee -a ~/.ssh/config << EOF

Host ssh-server-forward
    Hostname example.com
    User ergo-proxy
    IdentityFile ~/.ssh/id_rsa_proxy
    RemoteForward 52222 localhost:22
    ServerAliveInterval 30
    ServerAliveCountMax 3
EOF

Enable and start persistent SSH server forwarding service:
systemctl --user --now enable autossh@ssh-server-forward @computer
That's it! Now you can SSH to your computer from anywhere using example.com as a proxy:
ssh -J ergo-proxy@example.com computer-user@localhost -p 52222 @anywhere

For easier use you would probably want to set connection settings in SSH client config on those computers you plan to often connect from (like your work computer). Something like this lets you connect with just ssh home:
```
Host proxy
    Hostname example.com
    User ergo-proxy
    IdentityFile ~/.ssh/id_rsa_proxy

Host home
    Hostname localhost
    Port 52222
    User home-user
    ProxyJump proxy
    # IdentityFile ~/.ssh/id_rsa_home
```
Don't forget to copy private key used in IdentityFile from your computer. You might also want to set up key based authentication for your home computer user, so you don't have to enter password at all.