3

I am trying to establish a reverse SSH tunnel from my home network. I've got it so that autossh connects successfully once (and only once) per reboot. I'm forwarding remote ports to my local machine so that I can connect when away from home. I'm on satellite internet and am behind a double-NAT firewall, so connecting directly to my home network is a non-starter.

It seems like the ports on the remote machine are left in an open state when the ssh connection drops out the first time. Any subsequent attempts to reconnect fail because the ports are already in use. I can't get things started again until I've rebooted the server, which is less than ideal.

Haven't had any luck with Google or forum searches so am hoping someone here might point me in the right direction.

I've configured the server and local machine following the guidance here:

http://linuxaria.com/howto/permanent-ssh-tunnels-with-autossh

My connect script is excerpted below and included in /etc/rc.local:

su -s /bin/sh autossh -c 'autossh -M 20000 -f -i /home/autossh/.ssh/id_rsa -N -R 99999:localhost:22 [email protected]'

Cheers and thanks in advance for any help!

Corey

corey_s
  • 81
  • 3
  • Just in case someone picks up on it... No '99999' is not the real port number. I am using a valid port number for the forwarding. – corey_s Jan 30 '16 at 15:16

1 Answers1

1

Okay... Partial solution, tho I'm still not sure it's completely resolved. I made the following changes and things are at least still connected over night. I'm not sure whether it will successfully reconnect once the session terminates however.

  1. Added the following lines to the remote server sshd_config:

    ClientAliveInterval 600
ClientAliveCountMax 12

  2. Modified the rc.local script to launch autossh as follows (added ServerAliveInterval and ServerAliveCountMax options):

    su -s /bin/sh autossh -c 'autossh -M 20000 -f -i /home/autossh/.ssh/id_rsa -o "ServerAliveInterval 120" -o "ServerAliveCountMax 5" -N -R 99999:localhost:22 [email protected]'

I also found that connecting using the GatewayPort was unreliable. Instead of:

user@machine1 $ ssh -p 99999 remotehost.com

I log into the remote host directly and then connect to port 99999 on localhost, ala:

user@machine1 $ ssh remotehost.com
user@remotehost $ ssh -p 99999 localhost

This seems to be more reliable. The gateway port tends to hang. But if I connect in two steps as above I'm still getting thru. Will post back with updates once I have a chance to see if it reconnects after an session drops.

Hopefully this might help others!

Corey

corey_s
  • 81
  • 3
  • Ugh... I think I found my issue with GatewayPorts too. Decided to try running autossh on OS X instead of raspi to see if it was more stable. When I went to open a new port on the remote host, I found that the original port (99999) was still closed. I guess the changes didn't save when I was setting up the AWS security group the last time. – corey_s Jan 30 '16 at 15:15
  • More updates? I am having exactly the same issues – Chenming Zhang Nov 13 '18 at 09:13