3

I have a set-up with a LDAP-sever (ldapserver) behind a strict firewall, and a webapplication running on a sever (appserver) outside that firewall that needs to authenticate using that LDAP-sever.

I have successfully used a third server (tunnelserver) as in intermediate, setting up a SSH-tunnel between appserver and ldapserver by running the following command on tunnelserver:

ssh username@appserver -R 28420:ldapserver:389

The only issue is that occasionally I get a broken pipe, and lose the SSH-tunnel.

A solution seems autossh, but my limited SSH-knowledge barely managed to get the tunnel working, and seems insufficient to correctly respecify the options for autossh.

Any tips?

mhermans
  • 133
  • 1
  • 4

2 Answers2

6

The parameters are basically the same (autossh passes them directly to ssh). Remove -f if you don't want autossh to background itself. You probably want the -N option to not execute a shell on the server. Select a free port for the -M option (the port one above that must also be free). On Debian/Ubuntu you can omit this because the package includes a wrapper script which automatically selects a free port.

autossh -M 20000 -f -N -R 28420:ldapserver:389 username@appserver
mgorven
  • 30,615
  • 7
  • 79
  • 122
1

I noticed in 2013 that using autossh for reverse tunnels that the remote side sshd was not being terminated.

I worked around this via script to start/stop/restart my tunnel (which i included with @reboot in crontab to start the tunnel), wherein I would kill the remote end using ssh forced command i.e. when stopping (or restarting) the tunnel.

evanxsummers
  • 11
  • 2