1

I'm trying to setup a reliable reverse tunnel between a server to several client boxes. I'm using autossh to re-establish connections if they drop or go stale but I'm having some problems.

THE SERVER: The server has a dynamic IP that is linked to a DDNS service. I'm hoping the '-o "CheckHostIP=no"' argument in SSH will prevent issues when the IP of the server changes. The server gets SSH via port forwarding from it's gateway router. Incoming connections on router port 3141 go to server port 22.

THE CLIENTS: Each of the clients get a different autossh monitoring port and reverse tunnel port from a config file. A python script reads the cfg file and builds an autossh cmd that is run with "os.system(cmd)" They each have the same key that they use to get into server. Currently the AutoSSH command is run from cron on reboot and all outputs is logged in a text file. The command is :

autossh -v -M 23000 -N -o "CheckHostIP=no" -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /home/client1/.ssh/id_ed25519 -R 22000:localhost:22 user@server.ddns.org -p 3141

The command works fine when called in the terminal but won't work from cron.

FROM CRON:

OpenSSH_6.7p1 Raspbian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to server.org [x.x.x.x] port 3141.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5
debug1: match: OpenSSH_6.7p1 Raspbian-5 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:dd:b6:88:33:00:bb:aa:ee:08:7b:19:01:ae:da:34
debug1: Host '[server.org]:3141' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
SERVER: Server hello message
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to server.org ([x.x.x.x]:3141).
debug1: Local connections to LOCALHOST:23000 forwarded to remote address 127.0.0.1:23000
debug1: Local forwarding listening on 127.0.0.1 port 23000.
debug1: channel 0: new [port listener]
socket: Address family not supported by protocol
debug1: Remote connections from LOCALHOST:23000 forwarded to local address 127.0.0.1:23001
debug1: Remote connections from LOCALHOST:22000 forwarded to local address localhost:22
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: remote forward failure for: listen 23000, connect 127.0.0.1:23001
Error: remote port forwarding failed for listen port 23000

If I run the same command from terminal the output is the same except for the last few lines:

socket: Address family not supported by protocol
debug1: Remote connections from LOCALHOST:23000 forwarded to local   address 127.0.0.1:23001
debug1: Remote connections from LOCALHOST:22000 forwarded to local address localhost:22
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: remote forward success for: listen 23000, connect 127.0.0.1:23001
debug1: remote forward success for: listen 22000, connect localhost:22
debug1: All remote forwarding requests processed

Any ideas on why it's not working from cron? How can I get it to run this on boot and to keep an eye on it?

EDIT: Calling "ps aux | grep autossh" after reboot of the client shows that the python autossh command is not running. The log file ends with the "Error: remote port forwarding failed" message and doesn't continue trying. Is this a python problem, autossh problem or cron problem?

RedM
  • 121

3 Answers3

4

When running from cron you may need to pass -f to autossh (to drop to the background) and use nohup:

0 0 * * * nohup autossh -f <your params>  >/dev/null 2>&1 &
Ezequiel Tolnay
  • 323
1

Okay the problem was having the ports stay open on the server after unclean disconnections. The whole terminal/cron/python thing was just me chasing the problem down a rabbit hole.

Anyway, here's a good answer: Other Stack Exchange Answer

Community
  • 1
RedM
  • 121
1

When running without a terminal, you must use -f which places it in the background which is an argument of ssh.

One thing about using -f, you must run a program on the remote machine otherwise it will connect, setup any tunnels you request, then exit. For your particular case, I would suggest the following modification:

autossh -v -M 23000 -N \
-o "CheckHostIP=no" \
-o "ExitOnForwardFailure=yes" \
-o "ServerAliveInterval=10" \
-o "PubkeyAuthentication=yes" \
-o "PasswordAuthentication=no" \
-i /home/client1/.ssh/id_ed25519 \
-R 22000:localhost:22 \
-f \
user@server.ddns.org -p 3141 \
sleep 31536000

-f and sleep are new. Sleep is the command you will run when you connect, I selected it to sleep for a 365 days, I expect that will be long enough.

Jimminy Doe
  • 11