Hi all, I use the command below to set up a ssh tunnel. And I run it as a daemon process to keep the ssh tunnel work all the time. And I should wait for the ssh tunnel to be up and notify the tunnel is OK before sending any command to the remote port on the remote server. But the question is I don't know how to check the ssh tunnel status. Is there a way to show whether the ssh tunnel is up? Thank you for your help. *"ssh -i /root/ah_rsa -oUserKnownHostsFile=/root/hosts -oStrictHostKeyChecking=yes -oNumberOfPasswordPrompts=0 -oBatchMode=yes -oHostKeyAlgorithms=ssh-rsa -R 20001:localhost:22 user at xxx.xxx.xxx.xxx -p 13422 -Nyv"* Best Regard, Vincent
On Fri, 26 Apr 2013, Vincent Lin wrote:> Hi all, > > I use the command below to set up a ssh tunnel. And I run it as a daemon > process to keep the ssh tunnel work all the time. And I should wait for the > ssh tunnel to be up and notify the tunnel is OK before sending any command > to the remote port on the remote server. But the question is I don't know > how to check the ssh tunnel status. Is there a way to show whether the ssh > tunnel is up? Thank you for your help. > > *"ssh -i /root/ah_rsa -oUserKnownHostsFile=/root/hosts > -oStrictHostKeyChecking=yes -oNumberOfPasswordPrompts=0 -oBatchMode=yes > -oHostKeyAlgorithms=ssh-rsa -R 20001:localhost:22 user at xxx.xxx.xxx.xxx -p > 13422 -Nyv"*ExitOnForwardFailure=yes should provide the checking you need. If you use it with -f then the fork is delayed until the forwarding is answered by the server, though note that this doesn't include an end-to-end test that involves the forward target - that is till up to you to check if you need it. -d
On 04/26/2013 05:06 PM, Vincent Lin wrote:> I use the command below to set up a ssh tunnel. And I run it as a daemon > process to keep the ssh tunnel work all the time. And I should wait for the > ssh tunnel to be up and notify the tunnel is OK before sending any command > to the remote port on the remote server. But the question is I don't know > how to check the ssh tunnel status. Is there a way to show whether the ssh > tunnel is up? Thank you for your help.I recommend using -oExitOnForwardFailure=yes in such a configuration. You could also look into the various keepalive options (TCPKeepAlive, ServerAliveCountMax, ServerAliveInterval) to ensure that your process terminates when the connection is no longer established. This reduces your problem to ensuring that your daemon process is still running (and there are a number of good solutions for that sort of daemon supervision -- e.g. runit, daemontools, systemd, etc) Finally, you could test whether the tunnel is up by sending traffic over it and seeing if there is a response :) hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20130427/1a83734c/attachment.bin>
On 26 Apr 2013, at 10:06, Vincent Lin wrote:> Is there a way to show whether the ssh > tunnel is up?In addition to the suggestions you have already been sent, can I suggest you look at autossh? It uses a combination of -L and -R to send packets to the other end and back, to check the tunnel is working as well as up, and reopens the tunnel if it's not up. -- Alex Bligh