OpenSSH with "resumable" functionality
Bob Proulx
bob at proulx.com
Thu Jun 10 04:20:44 EST 2010
Jeremy Nickurak wrote:
> Bob Proulx wrote:
> > I use the 'autossh' wrapper to really good effect. It works
> > awesomely! For my use autossh handles the task so well that I
> > personally don't have any need for anything beyond it.
> >
> > http://www.harding.motd.ca/autossh/
>
> Does this correctly and transparently resume forwarded streams when your
> client's IP address changes?
I use it for exactly that purpose. It was originally recommended to
me from someone who uses it with 'screen' for a resumable terminal
session. I have tried it for that and it works well for that purpose
but that wasn't my need.
I use it to control ssh to set up port forwards to other machines in
dynamic IP address space. It is a more lightweight solution than a
full VPN for attaching a dynamic IP client to a static IP server so as
to be able to port forward to it. Specifically I port forward 22, 25,
and 80 through from the static IP to the dynamic IP. Then I can 1)
always log into the dynamic IP machine 2) forward email to the dynamic
IP machine 3) locate a web server on the dynamic IP machine and proxy
content (in this case personal photo albums) through it.
> Does this correctly and transparently resume forwarded streams when your
> client's IP address changes?
Having said what I said I do note that you say "transparently resume
forwarded streams" and will respond with ... no. For the protocols I
use it for that isn't needed. And no it doesn't. It will spawn a new
ssh process which will open a new port forward connection. In use
with screen it will resume the terminal session and you won't know the
difference. Using it with vnc or nxclient the previous session will
be resumed and you won't know the difference. But I realize that it
isn't the same as transparently resuming a previously opened TCP
connection already with data flow in progress. But I think few
applications really truly need that level of resume. If I needed that
I would go with a /dev/tun solution. Personally for that purpose I
recommend OpenVPN. That works well but is a heavier and relatively
more complicated solution.
Bob
More information about the openssh-unix-dev
mailing list