My ISP started to roll out broken IPv6 for home users, so my services aren’t available from outside anymore. I don’t need a full vpn solution, but sometimes I just want to ssh home to check a file etc. The simplest solution was to create a reverse ssh tunnel. The raspberry pi inside my home network connects to my public server via ssh. Logged in on the server I can connect to a local port and get forwarded to the raspberry. That works for me really well.
Since wifi is a little bit flaky, I need to make sure, that the ssh connection is reopened when there is a connection loss. You can write a very simple script like this and use a cronjob to execute it.
#!/bin/bash
COUNT=$(ps ax | grep 'ssh -Nf -R' | wc -l)
if [ $COUNT -eq 1 ]
then
echo "No tunnel yet. Creating..."
ssh -Nf -R LOCALPORT:localhost:PORT user@remote
else
echo "Tunnel already exists. Aborting."
fi
But I just found out about autossh. Which does the monitoring for you. I tried to get it working with systemd, but without any success. Ideas are welcome.
$ cat /etc/systemd/system/autossh-tunnel.service [Unit] Description=reverse ssh tunnel Wants=network-online.target After=network-online.target [Service] Type=simple User=localuser ExecStart=/usr/bin/autossh -f -M 0 remote -l remoteuser -N -o "ServerliveInterval 60" -o "ServerAliveCountMax 3" -R LOCALPORT:localhost:PORT ExecStop=/usr/bin/pkill autossh Restart=always $ sudo systemctl enable autossh-tunnel.service $ systemctl start autossh-tunnel.service
Looking at journalctl, I can see the exit but no reason. Executing the command manually works fine.
systemd[1]: Starting reverse ssh tunnel... systemd[1]: Started reverse ssh tunnel. autossh[2468]: port set to 0, monitoring disabled autossh[2474]: starting ssh (count 1) ssh child pid is 2476 received signal to exit (15)
In the end I modified the bash script to use autossh.
#!/bin/bash COUNT=$(ps ax | grep 'autossh' | wc -l) if [ $COUNT -eq 1 ] then echo "No tunnel yet. Creating..." /usr/bin/autossh -f -M 0 remote -l remoteuser -N -o "ServerliveInterval 60" -o "ServerAliveCountMax 3" -R LOCALPORT:localhost:PORT else echo "Tunnel already exists. Aborting." fi
If you have a better solution, let me know.
Try removing the -f
It is not supported in service mode
I can confirm that removing the -f flag worked for me.
I’d love to find an answer to this too. Mine keeps existing with no reason… banging my head against a wall.
Why systemd put it in cron with the @reboot time.
„ServerliveInterval 60“ should be ServerAliveInterval