4

I am trying to establish a reverse SSH tunnel from my home network. I've got it so that autossh connects successfully once (and only once) per reboot. I'm forwarding remote ports to my local machine so that I can connect when away from home. I'm on satellite internet and am behind a double-NAT firewall, so connecting directly to my home network is a non-starter.

It seems like the ports on the remote machine are left in an open state when the ssh connection drops out the first time. Any subsequent attempts to reconnect fail because the ports are already in use. I can't get things started again until I've rebooted the server, which is less than ideal.

Haven't had any luck with Google or forum searches so am hoping someone here might point me in the right direction.

I've configured the server and local machine following the guidance here:

http://linuxaria.com/howto/permanent-ssh-tunnels-with-autossh

My connect script is excerpted below and included in /etc/rc.local:

su -s /bin/sh autossh -c 'autossh -M 20000 -f -i /home/autossh/.ssh/id_rsa -N -R 99999:localhost:22 autossh@remotehost.com'

Cheers and thanks in advance for any help!

Corey

corey_s
  • 101

1 Answers1

2

Okay... Partial solution, tho I'm still not sure it's completely resolved. I made the following changes and things are at least still connected over night. I'm not sure whether it will successfully reconnect once the session terminates however.

  1. Added the following lines to the remote server sshd_config:

    ClientAliveInterval 600
ClientAliveCountMax 12

  2. Modified the rc.local script to launch autossh as follows (added ServerAliveInterval and ServerAliveCountMax options):

    su -s /bin/sh autossh -c 'autossh -M 20000 -f -i /home/autossh/.ssh/id_rsa -o "ServerAliveInterval 120" -o "ServerAliveCountMax 5" -N -R 99999:localhost:22 autossh@remotehost.com'

I also found that connecting using the GatewayPort was unreliable. Instead of:

user@machine1 $ ssh -p 99999 remotehost.com

I log into the remote host directly and then connect to port 99999 on localhost, ala:

user@machine1 $ ssh remotehost.com
user@remotehost $ ssh -p 99999 localhost

This seems to be more reliable. The gateway port tends to hang. But if I connect in two steps as above I'm still getting thru. Will post back with updates once I have a chance to see if it reconnects after an session drops.

Hopefully this might help others!

Corey

corey_s
  • 101