![]() when a regular TCP connection is made to that listening port.L is "once the SSH connection is established, listen from the connecting client's side" -R is "once the SSH connection is established, listen at remote/server side" you make one side listen to a specified port (you choose which side, and which port).SSH tunnels mean that, aside from the SSH connection you're establishing always, 2.1.2 PuTTY X11 proxy: wrong authorisation protocol attempted.2.1.1 X11 forwarding request failed on channel 0.1.4.5 remote port forwarding failed for listen port.1.4.3 Pseudo-terminal will not be allocated because stdin is not a terminal.1.4.2 Authentication refused: bad ownership or modes for directory /home/someone.1.4.1 channel 2: open failed: administratively prohibited: open failed.1.4 Errors related to TCP tunnels (or general SSH).1.3.3 Automatic re-establishing when disconnects happen anyway.1.3.1 Avoiding having a shell open on it.1.3 Practicalities to the open SSH connection.1.2.2 Considering direction of SSH connection and/or tunnel.to the tun interfaces), but it works on the good old ssh you know so well. That's really close to a full-fledged VPN (you can apply routing, policies, firewall. It will detect that the link is lost and reconnect. Instead of ssh I suggest you use autossh (and keys) with the -M flag (monitor). If you lose the connection, no problem, the tun devices will wait until you restablish it and resume.įrom this moment on, you can connect the remote host over a "stable" link that will use eth0 or 4G as needed, but keeping the addresses (10.9.0.1/10.9.0.2). Then, if you do ssh -w3:3 will have those two interfaces connected via a ssh tunnel and you will be able to ping them. Something like (you have to swap the addresses for the other side): sudo ip tuntap add dev tun3 mode tun user myuser group mygroup Whenever there is a change (eth0 up or down) you will lose the connection, but that's not a problem (read on).Ĭreate tun devices on each server and let the user access them. Then connect them via the -w switch of ssh.įirst you should setup the two local default routes with the right metrics. Ssh 3430 craig 3u IPv4 69362 0t0 TCP 192.168.1.225:43878->1.1.1.1:22 (ESTABLISHED)Īnd netstat -tpln does not show interfaces when listing sockets.Ī possible solution (I'm using it) is to create a new interface on each side. I can list connections with lsof: lsof -ai -p 3430 -n -PĬOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME Note how eth1 has a metric of 200, so eth0 gets priority when it's working. So I'm thinking, when running -O check, I could see if the tunnel is currently using eth1 (the point of this question), and if eth0 is back, re-connect.ĭefault via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.225 metric 100ĭefault via 192.168.2.1 dev eth1 proto dhcp src 192.168.2.241 metric 200 If the failure was due to the eth0 network cable "falling out", then Linux will automatically use eth1.īut, when eth0 is back up again, I'd like to switch back to it. If this -O check fails, the socket will be closed (via -O exit), and a new SSH connection will be established. To ensure the tunnel is still working, I'm periodically using the -O check command: ssh -S "/tmp/tunnel.socket" -O check placeholder ![]() It also has a mobile 4G internet connection (eth1), which is slower, and more expensive. Normally it connects via a wired 1GB ethernet connection (eth0) but it's unreliable, as it's in an office where people move stuff around, and the cable "falls out" (unfortunately I can't use glue). Ssh -S "/tmp/tunnel.socket" -O forward -R "0:localhost:22" placeholder I've got a server with 2 network interfaces.ĭue to a restrictive NAT firewall, it establishes an SSH tunnel to a server on the internet: ssh -fNTMS "/tmp/tunnel.socket" host ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |