Am 14.03.2017 um 15:10 schrieb Nico Kadel-Garcia:> Look into the "autossh" program, which is very good to manage and > maintain such tunnels. >Hi Nico and other ssh users, Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. But maybe I am missing something. Is there a feature of autossh that I don't get with systemd? -- http://www.thomas-guettler.de/
On Tue, Mar 14, 2017 at 4:20 PM, Thomas G?ttler <guettliml at thomas-guettler.de> wrote:> > > > Am 14.03.2017 um 15:10 schrieb Nico Kadel-Garcia: >> Look into the "autossh" program, which is very good to manage and >> maintain such tunnels. >> > > Hi Nico and other ssh users, > > Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. > > But maybe I am missing something. Is there a feature of autossh that I don't > get with systemd?Better logging, especially error reporting, and much more modular configuration for multiple parallel autossh daemons without having to hand edit and customize systemd init scripts. I've had some success with using chef to manage it, along with deploying SSH configurations to avoid the "known_hosts" mismatched hostkey issues as target hosts change IP address, and to get management of the relevant public and private SSH keys for the port forwarding.
Am 14.03.2017 um 21:43 schrieb Nico Kadel-Garcia:> On Tue, Mar 14, 2017 at 4:20 PM, Thomas G?ttler > <guettliml at thomas-guettler.de> wrote: >> >> >> >> Am 14.03.2017 um 15:10 schrieb Nico Kadel-Garcia: >>> Look into the "autossh" program, which is very good to manage and >>> maintain such tunnels. >>> >> >> Hi Nico and other ssh users, >> >> Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. >> >> But maybe I am missing something. Is there a feature of autossh that I don't >> get with systemd? > > Better logging, especially error reporting,I am happy with the messages which gets passed from the ssh process to systemd. Could you please provide an example, since I fail to see what autossh does better.> and much more modular > configuration for multiple parallel autossh daemons without having to > hand edit and customize systemd init scripts.We use configuration management to create and update systemd unit configuration files. I don't see how autossh can help here. Do you have an example?> I've had some success > with using chef to manage it, along with deploying SSH configurations > to avoid the "known_hosts" mismatched hostkey issues as target hosts > change IP address, and to get management of the relevant public and > private SSH keys for the port forwarding.I can't follow. My brain is still focused on the question: Why autossh? Regards, Thomas -- Thomas Guettler http://www.thomas-guettler.de/
Am 16.03.2017 um 02:33 schrieb Jim Knoble:> (Response inline below). > >>> On Tue, Mar 14, 2017 at 4:20 PM, Thomas G?ttler >>> <guettliml at thomas-guettler.de <mailto:guettliml at thomas-guettler.de>> wrote: >>>> >>>> Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. >>>> >>>> But maybe I am missing something. Is there a feature of autossh that I don't >>>> get with systemd? > > AutoSSH can restart a failed connection even if SSH has not terminated. It uses either a pair of tunneled ports or an > alternate mechanism to detect tunnel failure.> See https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ for details, including a recipe for using > autossh with systemd. AFAIK ssh has the ability to detect broken connection itself. I use this options: -o "ExitOnForwardFailure yes" -o "ServerAliveInterval 60" But I guess these options are not perfect yet. Maybe I am wrong, but I think the "monitoring port" magic of auto-ssh is not needed. Please tell me if I am wrong. These options make ssh detect broken connections on his own: http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#ServerAliveInterval http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#ServerAliveCountMax BTW, thanks to Ingo Schwarze that you can link directly to ssh_config options now. Regards, Thomas G?ttler -- Thomas Guettler http://www.thomas-guettler.de/
Hi Jim and other ssh-users, I received no reply on my last post. Is there something autossh can do, which I don't get with systemd and ServerAliveInterval? Regards, Thomas G?ttler Am 16.03.2017 um 15:35 schrieb Thomas G?ttler:> > > Am 16.03.2017 um 02:33 schrieb Jim Knoble: >> (Response inline below). >> >>>> On Tue, Mar 14, 2017 at 4:20 PM, Thomas G?ttler >>>> <guettliml at thomas-guettler.de <mailto:guettliml at thomas-guettler.de>> wrote: >>>>> >>>>> Systemd restarts the ssh if it terminates. AFAIK this is all that is needed. >>>>> >>>>> But maybe I am missing something. Is there a feature of autossh that I don't >>>>> get with systemd? >> >> AutoSSH can restart a failed connection even if SSH has not terminated. It uses either a pair of tunneled ports or an >> alternate mechanism to detect tunnel failure. >> See https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ for details, including a recipe for using >> autossh with systemd. > > AFAIK ssh has the ability to detect broken connection itself. > > I use this options: > > -o "ExitOnForwardFailure yes" -o "ServerAliveInterval 60" > > But I guess these options are not perfect yet. > > > Maybe I am wrong, but I think the "monitoring port" magic of auto-ssh is not needed. > > Please tell me if I am wrong. > > These options make ssh detect broken connections on his own: > > > http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#ServerAliveInterval > > http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#ServerAliveCountMax > > BTW, thanks to Ingo Schwarze that you can link directly to ssh_config options now. > > Regards, > Thomas G?ttler > >-- Thomas Guettler http://www.thomas-guettler.de/