[ale] Robust Reverse Tunnels via SSH

Thomas, Dave dthomas at tandbergtv.com
Wed Aug 20 22:09:47 EDT 2008


Hey John Clinton!  Nice to hear a keepalive from an old coworker.  I'm working from Atlanta office now but I guess I just missed ya.

-----Original Message-----
From: ale-bounces at ale.org on behalf of John Clinton
Sent: Wed 8/20/2008 6:50 PM
To: ale at ale.org
Subject: Re: [ale] Robust Reverse Tunnels via SSH
 
Greg,

I use reverse tunnels as a primary means of access and have little issues
with it.

To keep the connection alive, I run a "keepalive" script that merely runs
ls, sleeps 60 seconds and repeats on the target host.  I also fork the ssh
process in the background and have TCPKeepAlive set to yes in my ssh config.

My ssh config has all my RemoteForwards statements.  My command line is:

ssh -f  target_host "~/keepalive.sh"

The other thing I did but does not seem to work properly is I have a 5min
cronjob that looks for my ssh process.  If the process is not found it runs
the command above.

This is little tacky but it seems to work for me.

John

On Wed, Aug 20, 2008 at 11:50 AM, Greg Freemyer <greg.freemyer at gmail.com>wrote:

> All,
>
> Does anyone know a recipe for "Robust Reverse Tunnels via SSH", or
> some other robust way to achieve reverse tunnels.
>
> === background
>
> I've seen a few posts about ssh agent forwarding, etc.  That assumes
> you have at least one way through the firewall.
>
> I need to talk to a machine behind a firewall and I don't want to open
> up a port.  ssh with the -R option puts in place a reverse tunnel to a
> gateway server.  Exactly what I want to do.
>
> I've tried to set it up this weekend.  It works, but it has not been
> very robust.
>
> I've seen comments online saying you can add an entry to crontab to
> address that.  I've done that as well and I can see the new ssh
> sessions being initiated from the remote server on my gateway server,
> but when I try ssh to the gateway port, I get nothing more often than
> not.  (It has worked a few times, so I have the basic concepts right.)
>
> Thanks
> Greg
> --
> Greg Freemyer
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> First 99 Days Litigation White Paper -
> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
>
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
John Clinton
john at mysnmp.org
Mobile: 404.200.7333

**********************************************************************

This communication is confidential and intended solely for the 
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in 
error, please notify the sender by replying to this transmission and 
delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, 
interception, unauthorized amendment, tampering and viruses, and we 
only send and receive e-mails on the basis that we are not liable for 
any such corruption, interception, amendment, tampering or viruses or 
any consequences thereof.

This email, its content and any attachments is PRIVATE AND 
CONFIDENTIAL to TANDBERG Television, Part of the Ericsson Group. 

www.tandbergtv.com
**********************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3893 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20080820/ed64211c/attachment-0001.bin 


More information about the Ale mailing list