How to get a persistent reverse SSH tunnel using autossh?
$ autossh -M 20000 -N -i /home/rspi/.ssh/id_rsa [email protected]
...
$ ssh rspi@localhost -p 20000
In this case, you're not using the ssh -R
option to set up a reverse tunnel; you're specifying the autossh -M
option instead. The autossh -M parameter causes autossh to set up a tunnel on that port which autossh uses for its own purposes (to regularly test that the SSH link is still working). It's not the equivalent of the ssh -R parameter. When you connect to port 20000 in this scenario, you're being connected to autossh's private connection-testing port.
You should continue to specify the reverse tunnel that you want using ssh's -R option. If you want to use autossh's echo port feature, you should run that on a different port:
$ autossh -M 20002 -N -R 20000:localhost:22 [email protected]
Related videos on Youtube
Cedric Martin
Updated on September 18, 2022Comments
-
Cedric Martin over 1 year
(just asked this on SO but was adviced to take it here)
I managed to create a reverse SSH tunnel between a Raspberry Pi 2 and a server of mine (server which has a static IP) and it works fine. The user account I'm using on the server is called "ksproxy" (it's not really a "proxy" but whatever).
Now I'm trying to make
autossh
(from Debian / Raspbian packageautossh
) to work too but I'm not succeeding. I may be close.(I've changed the real IP here in this question to
37.xxx.yyy.zzz
to not post the server's actual IP)Here's what works fine: (no autossh)
On the Rpi:
rspi@antlia:~ $ ssh -N -R 20000:localhost:22 [email protected]
On the server (the one with the static IP):
[email protected]:~$ ssh rspi@localhost -t -p 20000 rspi@localhost's password: rspi@antlia:~ $
So everything works fine: I enter the password and I get a terminal/prompt.
I can even access the Raspberry Pi from my desktop (by first going through the server), doing:
ssh -t [email protected] "ssh rspi@localhost -p 20000" [email protected] password: rspi@localhost's password: ... rspi@antlia:~
It first ask for the server's password, then for the Pi's password and everything is fine.
So far so good.
Now I try the same but this time with autossh:
rspi@antlia:~ $ autossh -M 20000 -N -i /home/rspi/.ssh/id_rsa [email protected] [email protected]:~$ ssh rspi@localhost -p 20000
This "works" but it's just stuck there, doing nothing.
I tried to "-vvv" the output of the ssh commands but it just shows that nothing is going on.
If I try another port, it fails:
[email protected]:~$ ssh rspi@localhost -p 1234 ssh: connect to host localhost port 1234: Connection refused
If I try the correct port (20000) but this time with the
-t
param, same thing: it "works" but I don't get no terminal/prompt.Here's a the
-vvv
output[email protected]:~$ ssh -vvv rspi@localhost -t -p 20000 OpenSSH_6.7p1 Debian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 20000. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/ksproxy/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ksproxy/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory ... debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1
It's not asking for password, it's not showing any terminal/prompt.
What am I not understanding here or doing wrong?
Note that I don't think it's a firewalling issue as the "non autossh" method works fine (but then I don't get the automatic "always up" / reconnect feature). I'd really like to make autossh work (I know I could find a workaround, like some crontab automatically relaunching my manual SSH tunnel but that'd probably be more brittle than making autossh work).
-
Cedric Martin about 8 yearsthanks a lot, it worked once I used "-R" to specify a reverse tunnel. I'm not very familiar with SSH but got it to work as I needed to thanks to your answer: now I'm writing down all this (and the answer is safe here on SO).