Relaiable ssh tunnel via systemd

Nico Kadel-Garcia nkadel at gmail.com
Wed Mar 15 01:10:11 AEDT 2017


Look into the "autossh" program, which is very good to manage and
maintain such tunnels.

On Tue, Mar 14, 2017 at 5:02 AM, Thomas Güttler
<guettliml at thomas-guettler.de> wrote:
> We try to run a reliable ssh tunnel vis systemd.
>
> This is the unit configuration file:
>
> {{{
> [Unit]
> Description=Tunnel For %i
> After=network.target
>
> [Service]
> User=autossh
> ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o "ServerAliveInterval
> 60" -N -R 40443:installserver:40443 -R 8080:installserver:8080
> ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in  $$(ps -u tunnel | grep
> sshd| cut -d' ' -f1); do kill -9 $$pid; echo kill old ssh process p
> Restart=always
> RestartSec=5s
> StartLimitInterval=0
>
> [Install]
> WantedBy=multi-user.target
> }}}
>
> Unfortunately on some hosts we see this warning again and again:
>
> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
> cannot listen to port: 40443
> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
> cannot listen to port: 8080
>
> Since we kill the old tunnel before starting a new, I don't understand why
> this error message occurs.
>
> Any hints?
>
> --
> Thomas Guettler http://www.thomas-guettler.de/
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list