I’m looking for a suggestion on how to reliably open a port with ssh port forwarding. I live behind a firewall that is out of my control (along with my pfsense firewall that I do) and am in need of opening up a port to my VPS. I have tried running ssh port opens, which do work for a while, until the network hitches, and I lose the connection. I’ve tried autossh, but there are times which this drops as well, leaving me with no connection back home. Are there any other options that can be recommended? SSH on a cron job to just retry open every X minutes? Open to anything.
a reverse shell to a proxy? that would be my first thought.
That was what I have tried. I connect to my VPS which allows me to reverse proxy back. Unfortunately my issue is with dealing with when that connection dies due to generally unknown reasons, at random times making it very hard to debug. Getting that connection to refire when down is what I am hoping to get help with as autossh has worked for me in the past, though even that loses connection after less than a day in my current network.
get or make a watch dog for it, poll ps -aux for your ssh and if its not there run it?
if you ssh dies it would rebuild one, set as a script to run at boot with a 2 second sleep??
also find issue that is taking down your ssh… but it could still fail otherwise
I’ll give that a shot. Any opinion on plain ssh vs autossh? Appreciate the suggestion.
sorry i havent used autossh
ZeroTier…
you say it works until the network “hitches”, could that be an upstream firewall connection timeout?
Do you need to enable “keepalive” option in ssh?
Either way, sounds like you you need some scripting to detect loss of connection and reconnect? Maybe something simple like monit? Or just a shell loop like
while date; do ssh -n <options>; sleep <n>; done > /tmp/sshlog 2>&1I guess you have already solved any non fixed external IP address issue already.
As far as having a stable network of things I control, yeah, everything is tested. As far as the “hitch” I am still debugging that one. It could be a firewall issue (the one I don’t control), or it could be that the internet does intermittently drop (internal network is sane, outer network to wan link drops occasionally). The subnet I control is under a pfsense firewall, and the outer is under a Ubiquity firewall. So far I do know that everything within my control seems to have 0 packet loss issues to anything before my subnet at least, along with my connection to the ubiquity firewall. My logging ends there until my VPS, which seems to just time out according the logs on it for the ssh service.
#!/sbin/openrc-run
name=$RC_SVCNAME
command="/usr/bin/autossh"
pidfile="/run/${RC_SVCNAME}.pid"
AUTOSSH_LOGFILE="${AUTOSSH_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
start_stop_daemon_args="-e AUTOSSH_PIDFILE=\"${pidfile}\" -e AUTOSSH_LOGFILE=\"${AUTOSSH_LOGFILE}\""
command_args="-f -N -M 0 -o 'ServerAliveInterval 30' -o 'ServerAliveCountMax 3' -R 22:localhost:22 [email protected]"
depend() {
need net.enp5s0
}
Ended up just using openrc to do the job and it autorespawns crashed services. I’m sure systemd could do something similar, but tend to avoid it. Hope this helps someone if they come across this thread.