We try to run a reliable ssh tunnel vis systemd.
This is the unit configuration file:
{{{
[Unit]
Description=Tunnel For %i
After=network.target
[Service]
User=autossh
ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o
"ServerAliveInterval 60" -N -R 40443:installserver:40443 -R
8080:installserver:8080
ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in  $$(ps -u tunnel | grep
sshd| cut -d' ' -f1); do kill -9 $$pid; echo
kill old ssh process p
Restart=always
RestartSec=5s
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
}}}
Unfortunately on some hosts we see this warning again and again:
Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
cannot listen to port: 40443
Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
cannot listen to port: 8080
Since we kill the old tunnel before starting a new, I don't understand why
this error message occurs.
Any hints?
-- 
Thomas Guettler http://www.thomas-guettler.de/
Look into the "autossh" program, which is very good to manage and maintain such tunnels. On Tue, Mar 14, 2017 at 5:02 AM, Thomas G?ttler <guettliml at thomas-guettler.de> wrote:> We try to run a reliable ssh tunnel vis systemd. > > This is the unit configuration file: > > {{{ > [Unit] > Description=Tunnel For %i > After=network.target > > [Service] > User=autossh > ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o "ServerAliveInterval > 60" -N -R 40443:installserver:40443 -R 8080:installserver:8080 > ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in $$(ps -u tunnel | grep > sshd| cut -d' ' -f1); do kill -9 $$pid; echo kill old ssh process p > Restart=always > RestartSec=5s > StartLimitInterval=0 > > [Install] > WantedBy=multi-user.target > }}} > > Unfortunately on some hosts we see this warning again and again: > > Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use > Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener: > cannot listen to port: 40443 > Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use > Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener: > cannot listen to port: 8080 > > Since we kill the old tunnel before starting a new, I don't understand why > this error message occurs. > > Any hints? > > -- > Thomas Guettler http://www.thomas-guettler.de/ > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Am 14.03.2017 um 15:10 schrieb Nico Kadel-Garcia:> Look into the "autossh" program, which is very good to manage and > maintain such tunnels. >Hi Nico and other ssh users, Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. But maybe I am missing something. Is there a feature of autossh that I don't get with systemd? -- http://www.thomas-guettler.de/
On 3/14/2017 9:10 AM, Nico Kadel-Garcia wrote:> Look into the "autossh" program, which is very good to manage and > maintain such tunnels. > > On Tue, Mar 14, 2017 at 5:02 AM, Thomas G?ttler > <guettliml at thomas-guettler.de> wrote: >> We try to run a reliable ssh tunnel vis systemd. >> >> This is the unit configuration file: >> >> {{{ >> [Unit] >> Description=Tunnel For %i >> After=network.target >> >> [Service] >> User=autossh >> ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o "ServerAliveInterval >> 60" -N -R 40443:installserver:40443 -R 8080:installserver:8080 >> ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in $$(ps -u tunnel | grep >> sshd| cut -d' ' -f1); do kill -9 $$pid; echo kill old ssh process p >> Restart=always >> RestartSec=5s >> StartLimitInterval=0 >> >> [Install] >> WantedBy=multi-user.target >> }}} >> >> Unfortunately on some hosts we see this warning again and again: >> >> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use >> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener: >> cannot listen to port: 40443 >> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use >> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener: >> cannot listen to port: 8080 >> >> Since we kill the old tunnel before starting a new, I don't understand why >> this error message occurs. >> >> Any hints?I remember from years ago, a problem like this. The TCP bind was not freed up as quickly as one might expect. "kill -9" could be causing this not giving the application time to shutdown. Search for tcp bind address already in use https://hea-www.harvard.edu/~fine/Tech/addrinuse.html>> >> -- >> Thomas Guettler http://www.thomas-guettler.de/ >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >-- Douglas E. Engert <DEEngert at gmail.com>