All geek questions in one place

How to set up automatic (re) starting ssh background tunnel

I am a novice Linux user, and also completely new to ssh and tunnels.

In any case, my goal is to keep the ssh tunnel open in the background.

To do this, I wrote the following batch, which I then added to crontab (the package is automatically processed every 5 minutes on weekdays and from 8 am to 9 pm). I read in some other thread in stackoverflow that should use autossh, which will ensure that ssh will always be ok with periodic checking. I, too...

#!/bin/bash LOGFILE="/root/Tunnel/logBatchRestart.log" NOW="$(date +%d/%m/%Y' - '%H:%M)" # date & time of log if ! ps ax | grep ssh | grep tunnelToto &> /dev/null then echo "[$NOW] ssh tunnel not running : restarting it" >> $LOGFILE autossh -f -N -L pppp:tunnelToto:nnnnn nom-prenom@193.xxx.yyy.zzz -p qqqq if ! ps ax | grep ssh | grep toto &> /dev/null then echo "[$NOW] failed starting tunnel" >> $LOGFILE else echo "[$NOW] restart successfull" >> $LOGFILE fi fi

My problem is that sometimes the tunnel stops working, although everything looks fine (ps ax | grep ssh> the result shows two expected tasks: the main task is autossh and the ssh tunnel itself). I really know about the problem, because the tunnel is used by third-party software, which causes an error as soon as the tunnel no longer responds.

SO I wonder how I should improve my party in order. He will be able to check the tunnel and restart it if he is dead. I saw some ideas in there , but this was completed with the "autossh" hint ... which I already use. So I have no ideas ... If any of you have, I would love to look at them!

Thank you for your interest in my question and for your (possibly) suggestions!

+6
source share
3 answers

Instead of checking the ssh process with ps you can do the following trick

create a script that will execute the following and add it to your crontab via crontab -e

 #!/bin/sh REMOTEUSER=username REMOTEHOST=remotehost SSH_REMOTEPORT=22 SSH_LOCALPORT=10022 TUNNEL_REMOTEPORT=8080 TUNNEL_LOCALPORT=8080 createTunnel() { /usr/bin/ssh -f -N -L$SSH_LOCALPORT:$REMOTEHOST:SSH_REMOTEPORT -L$TUNNEL_LOCALPORT:$REMOTEHOST:TUNNEL_REMOTEPORT $REMOTEUSER@ $REMOTEHOST if [[ $? -eq 0 ]]; then echo Tunnel to $REMOTEHOST created successfully else echo An error occurred creating a tunnel to $REMOTEHOST RC was $? fi } ## Run the 'ls' command remotely. If it returns non-zero, then create a new connection /usr/bin/ssh -p $SSH_LOCALPORT $REMOTEUSER@localhost ls >/dev/null 2>&1 if [[ $? -ne 0 ]]; then echo Creating new tunnel connection createTunnel fi

In fact, this script will open two ports

  • port 22, which will be used to check if the tunnel is alive
  • port 8080, which is the port you might want to use

Please check and send me additional questions with comments.

+12
source

(I add this as an answer as there is not enough room for comments for him)

Well, I managed to start batch launch to start the ssh tunnel (I needed to specify my host name instead of localhost so that it could be started):

 #!/bin/bash LOGFILE="/root/Tunnel/logBatchRedemarrage.log" NOW="$(date +%d/%m/%Y' - '%H:%M)" # date et heure du log REMOTEUSER=username REMOTEHOST=remoteHost SSH_REMOTEPORT=22 SSH_LOCALPORT=10022 TUNNEL_REMOTEPORT=12081 TUNNEL_SPECIFIC_REMOTE_PORT=22223 TUNNEL_LOCALPORT=8082 createTunnel() { /usr/bin/ssh -f -N -L$SSH_LOCALPORT:$REMOTEHOST:$SSH_REMOTEPORT -L$TUNNEL_LOCALPORT:$REMOTEHOST:$TUNNEL_REMOTEPORT $REMOTEUSER@193.abc.def.ghi -p $TUNNEL_SPECIFIC_REMOTE_PORT if [[ $? -eq 0 ]]; then echo [$NOW] Tunnel to $REMOTEHOST created successfully >> $LOGFILE else echo [$NOW] An error occurred creating a tunnel to $REMOTEHOST RC was $? >> $LOGFILE fi } ## Run the 'ls' command remotely. If it returns non-zero, then create a new connection /usr/bin/ssh -p $SSH_LOCALPORT $REMOTEUSER@193.abc.def.ghi ls >/dev/null 2>&1 if [[ $? -ne 0 ]]; then echo [$NOW] Creating new tunnel connection >> $LOGFILE createTunnel fi

However, I received an immediate message (below) when the tunnel is running, and when cron tries to execute the packet again ... it looks like it cannot listen to it. In addition, since I need some time to get the proof, I cannot say that it will restart successfully if the tunnel is missing.

Here is the answer to the second launch of the package.

bind: address is already used channel_setup_fwd_listener: cannot listen to port: 10022 bind: address is already used channel_setup_fwd_listener: cannot listen port: 8082 Failed to request local forwarding.

0
source

You can use netcat to test the connection and open it if necessary:

 while sleep 3; do nc -z localhost 3333 >/dev/null || ssh -NfL 3333:lg:5432 rene@lg ; done
-1
source

Source: https://habr.com/ru/post/893132/

More articles:


All Articles