Relaiable ssh tunnel via systemd

Douglas E Engert deengert at gmail.com
Thu Mar 16 00:16:53 AEDT 2017 


On 3/14/2017 9:10 AM, Nico Kadel-Garcia wrote:
> Look into the "autossh" program, which is very good to manage and
> maintain such tunnels.
>
> On Tue, Mar 14, 2017 at 5:02 AM, Thomas Güttler
> <guettliml at thomas-guettler.de> wrote:
>> We try to run a reliable ssh tunnel vis systemd.
>>
>> This is the unit configuration file:
>>
>> {{{
>> [Unit]
>> Description=Tunnel For %i
>> After=network.target
>>
>> [Service]
>> User=autossh
>> ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o "ServerAliveInterval
>> 60" -N -R 40443:installserver:40443 -R 8080:installserver:8080
>> ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in  $$(ps -u tunnel | grep
>> sshd| cut -d' ' -f1); do kill -9 $$pid; echo kill old ssh process p
>> Restart=always
>> RestartSec=5s
>> StartLimitInterval=0
>>
>> [Install]
>> WantedBy=multi-user.target
>> }}}
>>
>> Unfortunately on some hosts we see this warning again and again:
>>
>> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
>> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
>> cannot listen to port: 40443
>> Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
>> Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
>> cannot listen to port: 8080
>>
>> Since we kill the old tunnel before starting a new, I don't understand why
>> this error message occurs.
>>
>> Any hints?

I remember from years ago, a problem like this. The TCP bind was not freed up
as quickly as one might expect. "kill -9" could be causing this not giving the
application time to shutdown.

Search for tcp bind address already in use

https://hea-www.harvard.edu/~fine/Tech/addrinuse.html

>>
>> --
>> Thomas Guettler http://www.thomas-guettler.de/
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>

More information about the openssh-unix-dev mailing list