[NTLUG:Discuss] Script to (re)initiate a SSH port forwarding session
Wayne Walker
wwalker at bybent.com
Thu Sep 20 10:03:45 CDT 2007
perma_tunnel:
#!/bin/bash
while true
do
ssh -$1 $2:$3:$4 -o ExitOnForwardFailure=yes -o TCPKeepAlive=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=3 scripts at www.axzas.com sleep 1000000000
echo "$HOSTNAME - lost tunnel $1 $2 $3 $4" | mail root at axzas.com
sleep 60
done
perma_tunnel R 2200 127.0.0.1 22
The client will die as soon as it can't get a response from the server
(15 seconds with the above arguments).
The problem is that if the client dies, the server side is still there,
still listening on the port so the above code will keep retrying until
the server sshd dies (never :( )
Fix for that:
On the server:
vim /etc/ssh/sshd_config
ClientAliveInterval 5
ClientAliveCountMax 3
Now the server will drop the connection 15 seconds after it loses
connection with the client.
Problem - some low end client programs will puke when the server sends
the client an "are you alive" request. so the above setting MAY break
ssh to the server from such clients (Alpha Communicator on windows is
the only one I know about for sure).
So, if you can't use ClientAliveInterval/ClientAliveCountMax on the server (or you don't have access to the server's sshd_config :), then
crontab -e
* * * * * nc 127.0.0.1 2200 < /dev/null > /dev/null 2>&1
When this happens, the connection to the client through the tunnel will
wait for a TCP timout interval (2 or 3 minutes :( ) then the sshd on
the server will die. So the tunnel will auto reset, but may be down
for 5 minutes.
Wayne
On Thu, Sep 20, 2007 at 09:02:19AM -0500, David Simmons wrote:
>
>
> Guys/Gals,
>
> Was hoping someone has had experience with this and
> could forward whatever script their using:
>
> Scenario: Say,
> for totally hypothetical reasons, that I need to port forward to get
> around company's restrictive firewall - am currently running the
> command:
>
> ssh -ND 9999 outside.server.com
>
> this sets
> up a proxy port that I change in FireFox to forward all browser requests
> to (i.e. I setup FireFox to use the proxy at port 9999 - all local firefox
> requests are proxied to local port 9999, which is then automagically
> ssh-encrypted, forwarded to an outside machine and returns the webpage to
> my 'behind the firewall'ed machine.)
>
> System works great until
> 'ole master of firewall' closes my session and I get a "Read from
> remote host outside.server.com: Connection reset by peer"....while I
> initially thought it might have been a sshd_config issue on the
> outside.server.com machine - the same setup works great when I'm on my
> home network....SO...sometype of system/script must be shutting down my
> ssh session.
>
> I'm looking for a script that can (re)initiate the
> SSH session when it goes down perpetually (or at least until a
> CTRL-C). Googling didn't really turn up anything - maybe my search
> was wrong/bad.
>
> Any help would be great (and I'm sure a good
> lesson even to those just wanting to automate some other type of
> session)
>
> Thanks - dave (from a secured bunker, deep in the
> heart of firewalled land)
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
--
Wayne Walker
# Code comments are lies waiting to happen
wwalker at bybent.com Do you use Linux?!
http://www.bybent.com Get Counted! http://counter.li.org/
Perl - http://www.perl.org/ Perl User Groups - http://www.pm.org/
Jabber: wwalker at jabber.gnumber.com AIM: lwwalkerbybent
IRC: wwalker on freenode.net
More information about the Discuss
mailing list