Ssh: check if tunnel is alive

This is more of a serverfault type question, but you can use netstat.

sort of:

  # netstat -lpnt | grep 6000 | grep ssh 

This will tell you if the ssh process will be listening on the specified port. he will also tell you the PID of the process.

If you really want to double check that the ssh process was started with the correct parameters, you can look at the process using PID in something like

 # ps aux | grep PID 

Use autossh . This is a tool designed to monitor ssh connection.

stunnel is a good tool for creating semi-persistent connections between hosts.

http://www.stunnel.org/

 #!/bin/bash # Check do we have tunnel to example.com server lsof -i tcp@localhost :6000 > /dev/null # If exit code wasn't 0 then tunnel doesn't exist. if [ $? -eq 1 ] then echo ' > You missing ssh tunnel. Creating one..' ssh -L 6000:localhost:5432 example.com fi echo ' > DO YOUR STUFF < ' 

These are more detailed steps for testing or troubleshooting an SSH tunnel. Some of them can be used in the script. I am adding this answer because I had to eliminate the connection between the two applications after they stopped working. Just grepping for the ssh process was not enough, as it still was. And I could not use nc -z because this option was not available in my netcat spell.

Let it start from the very beginning. Suppose there is a machine that will be called local with an IP address of 10.0.0.1, and another, called remote , at 10.0.3.12. I will add these hostnames to the commands below, so they are obvious where they run.

The goal is to create a tunnel that will redirect TCP traffic from the return address on the remote computer to port 123 to the local computer on port 456. This can be done using the following command on the local computer:

 local:~# ssh -N -R 123:127.0.0.1:456 10.0.3.12 

To verify that the process is running, we can:

 local:~# ps aux | grep ssh 

If you see a command at the exit, we can continue. Otherwise, check that the SSH key is installed on the remote control. Note that with the exception of the username before the remote IP address, ssh uses the current username.

Next, we want to verify that the tunnel is open on the remote control:

 remote:~# netstat | grep 10.0.0.1 

We should get the same result:

 tcp 0 0 10.0.3.12:ssh 10.0.0.1:45988 ESTABLISHED 

It would be nice to actually see some data passing from the remote computer to the host. Here is the netcat. On CentOS, you can install it using yum install nc .

First open the listening port on the local computer:

 local:~# nc -l 127.0.0.1:456 

Then make the connection on the remote control:

 remote:~# nc 127.0.0.1 123 

If you open the second terminal on the local computer, you will see a connection. Something like that:

 local:~# netstat | grep 456 tcp 0 0 localhost.localdom:456 localhost.localdo:33826 ESTABLISHED tcp 0 0 localhost.localdo:33826 localhost.localdom:456 ESTABLISHED 

Better yet, go and type in something on the remote:

 remote:~# nc 127.0.0.1 8888 Hallo? anyone there? 

You should see this being mirrored on the local terminal:

 local:~# nc -l 127.0.0.1:456 Hallo? anyone there? 

The tunnel is working! But what if you have an application called appname that is supposed to listen on port 456 on the local computer? End nc on both sides, then run the application. You can verify that it is listening on the correct port with this :

 local:~# netstat -tulpn | grep LISTEN | grep appname tcp 0 0 127.0.0.1:456 0.0.0.0:* LISTEN 2964/appname 

By the way, running the same command on the remote control should show listening sshd on port 127.0.0.1:123.