3/1/2024 0 Comments Keep ssh session alive puttyI also have this command (the one that starts the SSH tunnel as a systemd process, if anyone is interested, here is the script: cat /etc/systemd/system/rvice the host that connects to my VPS) is behind my router the public IP address of my router frequently changes as it's DHCP assigned (from my ISP) so I stuck with "all hosts". Note: you could replace the * (which means apply this config to "all hosts") with a specific host - In my case my NAS (i.e. It is also worth adding some ssh config options to the server (in my case, on my VPS) as well by adding the following file if it doesn't already exist: ~]$ cat /home/foouser/.ssh/config - Specifies the user account foouser used to establish the remote port forwarding ssh session with the server.if either end is unable to bind and listen on a specified port). ExitOnForwardFailure - if set to "yes", the connection shall be terminated if ssh cannot set up all requested dynamic, tunnel, local, and remote port forwardings, (e.g.If this threshold is reached ssh will disconnect from the server, terminating the session. ServerAliveCountMax - the number of "server alive" messages which may be sent without reply from the server.ServerAliveInterval - the number of seconds that the client will wait before sending a "server alive" message to the server to keep the connection alive.-i /path/to/key - Specify the path to ssh key used to establish the ssh session, without this you will have to enter username (if not supplied) and password to establish the ssh session.In this case, it means forward port 80 of the remote server to port 8080 of the client. -R 8080:localhost:80 - Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.-N - Do not execute a remote command this is useful for just forwarding ports.To create an SSH Tunnel, I issue the following command (from the NAS): ssh -NT -o ServerAliveInterval=60 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -i /var/services/homes/foouser/.ssh/id_rsa -R 8080:localhost:80 -R 4443:localhost:443 explain this command: This can easily be overcome by having the client (in my case, the VPS) "ping" the server (in my case, the NAS) using the keep alive option. However, I suffered from the SSH tunnel being "closed" due to inactivity (depsite the ssh process staying up). So to reach my NAS from the internet, I simply need to create an SSH tunnel between my NAS and my VPS, that reliably stays open all the time (for round the clock access). Therefore, to reach my NAS, I have a VPS (which I rent from OVH for a very small monthly cost), and that has a fixed public IP address. I have a NAS that I want to reach from the internet, I can't use port forwarding because my ISP uses CGNAT (my public IP is not really my public IP, I'm behind another router I don't have any control over). This is the first time I have encountered this issue, if anyone has any ideas, I am all ears.For those who don't want to (or) can't use AutoSSH. This is just a simple test system, SELinux is enforcing, no strange packages or services. Subsystem sftp /usr/libexec/openssh/sftp-server Here is the entire contents of the sshd_config file: HostKey /etc/ssh/ssh_host_rsa_keyĪcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGESĪcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENTĪcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE I have tried this on two systems, a VMware VM and a GCE instance, both of which are running RHEL 8.6. Having ClientAliveCountMax set to 0 and ClientAliveInterval set to 10 seconds (for testing purposes) in the sshd_config file, an idle session does not disconnect as expected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |