[ale] Robust Reverse Tunnels via SSH

John Clinton john at mysnmp.org
Wed Aug 20 21:50:16 EDT 2008 

Greg,

I use reverse tunnels as a primary means of access and have little issues
with it.

To keep the connection alive, I run a "keepalive" script that merely runs
ls, sleeps 60 seconds and repeats on the target host.  I also fork the ssh
process in the background and have TCPKeepAlive set to yes in my ssh config.

My ssh config has all my RemoteForwards statements.  My command line is:

ssh -f  target_host "~/keepalive.sh"

The other thing I did but does not seem to work properly is I have a 5min
cronjob that looks for my ssh process.  If the process is not found it runs
the command above.

This is little tacky but it seems to work for me.

John

On Wed, Aug 20, 2008 at 11:50 AM, Greg Freemyer <greg.freemyer at gmail.com>wrote:

> All,
>
> Does anyone know a recipe for "Robust Reverse Tunnels via SSH", or
> some other robust way to achieve reverse tunnels.
>
> === background
>
> I've seen a few posts about ssh agent forwarding, etc.  That assumes
> you have at least one way through the firewall.
>
> I need to talk to a machine behind a firewall and I don't want to open
> up a port.  ssh with the -R option puts in place a reverse tunnel to a
> gateway server.  Exactly what I want to do.
>
> I've tried to set it up this weekend.  It works, but it has not been
> very robust.
>
> I've seen comments online saying you can add an entry to crontab to
> address that.  I've done that as well and I can see the new ssh
> sessions being initiated from the remote server on my gateway server,
> but when I try ssh to the gateway port, I get nothing more often than
> not.  (It has worked a few times, so I have the basic concepts right.)
>
> Thanks
> Greg
> --
> Greg Freemyer
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> First 99 Days Litigation White Paper -
> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
>
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
John Clinton
john at mysnmp.org
Mobile: 404.200.7333
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080820/06dc5b91/attachment.html

More information about the Ale mailing list