In macOS 10.12.6
When ssh to a server use the follow command:
ssh -i ~/key.pem ubuntu#123.111.222.101
the connection will keep until I disconnect it manually or the computer fall asleep.
However, when I ssh to the server behind a proxy:
ssh -i ~/key.pem -o ProxyCommand='/usr/bin/nc -x 127.0.0.1:1080 %h %p' ubuntu#123.111.222.101
the connection will disconnect if I don't type any word in the terminal after 30 seconds.
Why this will happen and how to keep the connection?
P.S.: the protocol of my proxy is socks5
Add this option. This should keep the connection open
-o ServerAliveInterval=15
Related
I want my Linux computer to automaticly create an ssh tunnel to a server.
I have created keys, everything works fine if i connect by hand.
Here what i tried in supervisor.conf on the client computer:
[program:mycommand]
command=autossh -f -nNT -i /home/<myuser>/.ssh/id_rsa -R 20001:localhost:22 ssh1#<myserver_ip_address>
user=<myuser>
or
[program: mycommand]
command=ssh -i /home/<myuser>/.ssh/id_rsa -R 20001:localhost:22 ssh1#<myserver_ip_address>
user=<myuser>
autostart=true
autorestart=true
stopsignal=KILL
It works in both case, but, sometimes, i lost connexion (in both case). I need to reboot the serveur or the client computer.
What should i do in order to detect that my ssh tunnel is down and launch again the command ?
Thanks
Change command to:
command=autossh -M 0 -NT -i /home/<myuser>/.ssh/id_rsa -R 20001:localhost:22 ssh1#<myserver_ip_address>
Added -M 0, removed -f and -n.
That will cause ssh to be restarted when server connection times out.
Timeout check interval is configured by the ServerAliveInterval and ServerAliveCountMax client options in /etc/ssh/ssh_config, for example:
/etc/ssh/ssh_config
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
ServerAliveInterval 60
ServerAliveCountMax 5
You can take a look at TunMan, a tunnel supervisor - spawns, performs health checks, restarting not working tunnels, works in Docker.
https://github.com/riotkit-org/tunman
I am trying to ssh over my university's proxy server, to one of our lab's servers. The goal is to automate it with paramiko, but I am trying to first understand what's happening in the terminal level.
I tried
ssh -o ProxyCommand='ssh eran#proxy_server nc inner_server 22' eran#inner_server
And got
*** forbidden char/command over SSH: "nc inner_server 22"
This incident has been reported.
ssh_exchange_identification: Connection closed by remote host
Which I guess means the server does not allow the ProxyCommand.
Any way to achieve this in a different way?
Just to be clear, ssh to proxy_server, and then to inner_server, works fine, but doesn't produce a paramiko SSHClient instance, which is what I'm aiming for.
Do not use netcat. It is probably not allowed on the proxy server. Use -W switch:
ssh -o ProxyCommand='ssh -W %h:%p eran#proxy_server' eran#inner_server
Establishing SSH tunnel can done from the command line by explicitly giving
ssh -N -f -L 18888:192.168.224.143:8888 username#192.168.224.143
or defining tunnel in ~/.ssh/config file
Host tunnel
HostName 192.168.224.143
IdentityFile ~/.ssh/mine.key
LocalForward 18888 192.168.224.143:8888
User username
and then running,
ssh -f -N tunnel
Is there a way to start this tunnel without running the ssh ssh -f -N tunnel command explicitly?
I would like to establish this tunnel whenever my machine boots up. Do not want to add it in init script. Can it be done with SSH configuration itself?
No. SSH configuration is not designed to start something for you automatically. You need to add it to your startup applications or init script/systemd service, if you want to start it automatically after the network.
I also recommend you to use autossh which will take care of re-establishing the tunnel, if it fails for some reason.
My ultimate goal is to use MyEnTunnel to set up a tunnel between a Windows server at location A, and a BSD machine at location B so that I can access a database server running at location B locally at A. (localhost:3054 ======> bsdmachine:3050) MyEnTunnel is essentially a Windows Service wrapper for plink.
We use a private key for ssh access at location B. PuttyGen was used to convert the private key into a .ppk file to be compatible with putty, plink, etc. Putty connects to the BSD machine using the .ppk with no problems whatsoever.
I copied the command line string MyEnTunnel is using to establish the connection, pasted it into a directory with the latest version of putty, plink, etc. (in case MyEnTunnel's plink.exe is outdated), and it still failed.
plink.exe 192.168.0.233 -N -ssh -2 -P 916 -l "root" -C -i "keyfile.ppk" -L 3054:192.168.0.208:3050
The BSD machine has several jails running; 1.233 is the host, and accepts SSH connections. 1.208 is a jail with a server listening to 3050, and will not accept ssh connections.
I use tunnels so rarely, I always forget the proper order of things, and when I'm supposed to ur -R and -L, so I tried the 16 possibilities. ;-) I then started plink with the bare options:
plink.exe 192.168.0.233 -N -ssh -2 -P 916 -l "root" -i "keyfile.ppk"
Putty, with these settings, connects without a hitch. Plink reports:
Using username "root".
And proceeds to do nothing forever.
What am I doing wrong, and what would establish the tunnel with the local listening port 3054, and the target port 3050 at 192.168.0.208?
You used the -N flag, this makes it run on the background. If you add the -v flag you can see all the activity of the forward/tunnel.
Is it possible to use tunneling to connect to a ssh server via telnet? I'm using an API that can only telnet to a host, but that host will only accept ssh connections. If it is possible, what do I need to do to set that up?
Use netcat and ssh
$ nc -l -p 12345 -c "ssh someone#remotehost.com"
make sure that you have RSA auth setup, since you cannot enter a password.
i think what would work would be to run a telnet server on a local port on the host and use ssh to forward that locally where the api could connect to it; but that's just a bit silly