1

I need some port on a publicly accessible host constantly forwarded to a server that is behind a firewall.

I'm currently using autossh to connect from the server to an openssh container running on GKE and forward the port as required:

/usr/bin/autossh \
   -y \
   -v \
   -i <ssh key> \
   -M 0 \
   -q \
   -o 'ServerAliveInterval 60' \
   -o 'ServerAliveCountMax 3' \
   -p <alternative ssh port> \
   -l <user name> \
   <name resolving (locally) to GKE public IP address> \
   -R 30000:localhost:6000 
   'while true; do echo were up; sleep 10; done'  # this is done to generate a minimal amount of traffic.

Problem is, sometimes when the connection drops, autossh reconnects but can't set up forwarding again. It won't fail though, and therefore it won't retry. When I stop autossh and try to connect in such a situation, just using ssh (-vvv), I get a warning message that says the port is already in use.

Questions:

  1. Is there a better way to keep forwarding a port to a server behind a firewall (securely)

  2. Why isn't the port freed immediately once the connection is dropped, can I force it to be freed somehow, or at least disconnect and try again until it is freed?

Johannes Bauer
  • 109
  • 5

1 Answers1

2

  1. This is because the host you’re connecting to may not realize that the previous connection has died, and is still utilizing the port. While the new autossh connection will succeed, it won’t open a tunnel and autossh won't restart since it thinks the connection is okay.

  2. There are two particular OpenSSH options that are useful when using autossh:

    1. ExitOnForwardFailure=yes on the client side to make sure forwardings have succeeded when autossh assumes the connection is set up properly.

    2. ClientAliveInterval on the server side to make sure the listening socket is closed on the server side if the connection closes on the client side.

    Replace the autossh command for:

    -o “ServerAliveCountMax 3” with -o “ServerAliveCountMax=3”

    -o “ServerAliveInterval 60” with -o “ServerAliveInterval =60”

    the “=” sign was critical

Example:

    autossh -M 0 -q -f -gNC -o “ServerAliveCountMax=3” -o “ServerAliveInterval=60” -o “ExitOnForwardFailure=yes” -R xxxx:localhost:22  auto ssh@remotehost
Srividya
  • 260
  • 1
  • 8