![]() If TCPKeepAlive is not good or reliable enough, kill all sshd pidsĪssociated with listening sockets that don't produce the usual.Reconnect until it can actually bind one. Detect and kill sshd pids without listening socket, forcing "ssh -R" to.Though probably still not fast enough for e.g. TCPKeepAlive in sshd_config - to detect dead connections there faster,.Result: reverse-tunnels don't survive any kind of non-clean reconnects. power-cycled device will not be able to bind it, and that client Machine will hang around for a while, as keepalive options are only used byĪlong with (dead) connection, listening port will stay open as well, and "ssh Issues, kernel panic, stray "kill -9" or what have you - connection on sshd When device with a tunnel suddenly dies for whatever reason - power or network There's a bunch of common pitfalls listed below. Restarting and reconnecting in case of any errors, even with keepalives toĭetect dead connections and restart asap. No additional stuff needed, "ssh -R" will connect reliably on boot, keep Or have sshd_config section with same restrictions and only keys inįorceCommand echo 'no shell access!' exit 1 No-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519. "tun-user" with an access like this (as a single line):Ĭommand="echo >&2 'No shell access!' exit 1", On the other side, ideally in a dedicated container or VM, there'll be sshd oExitOnForwardFailure=yes -NnT -R "1234:localhost:22" WantedBy = multi-user.target oPasswordAuthentication=no -oNumberOfPasswordPrompts=0 \ oServerAliveInterval=6 -oServerAliveCountMax=10 -oConnectTimeout=180 \ Wants = rvice After = rvice Type = simple User = ssh-reverse-access-tunnel Restart = always RestartSec = 10 ExecStart = /usr/bin/ssh -oControlPath=none -oControlMaster=no \ ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |