Re: Relaiable ssh tunnel via systemd

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 3/14/2017 9:10 AM, Nico Kadel-Garcia wrote:

Look into the "autossh" program, which is very good to manage and
maintain such tunnels.

On Tue, Mar 14, 2017 at 5:02 AM, Thomas Güttler
<guettliml@xxxxxxxxxxxxxxxxxx> wrote:

We try to run a reliable ssh tunnel vis systemd.

This is the unit configuration file:

{{{
[Unit]
Description=Tunnel For %i
After=network.target

[Service]
User=autossh
ExecStart=/usr/bin/ssh -o "ExitOnForwardFailure yes" -o "ServerAliveInterval
60" -N -R 40443:installserver:40443 -R 8080:installserver:8080
ExecStartPre=-/usr/bin/ssh tunnel@%i "for pid in  $$(ps -u tunnel | grep
sshd| cut -d' ' -f1); do kill -9 $$pid; echo kill old ssh process p
Restart=always
RestartSec=5s
StartLimitInterval=0

[Install]
WantedBy=multi-user.target
}}}

Unfortunately on some hosts we see this warning again and again:

Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
cannot listen to port: 40443
Mar 13 23:11:14 remotehost sshd[10938]: error: bind: Address already in use
Mar 13 23:11:14 remotehost sshd[10938]: error: channel_setup_fwd_listener:
cannot listen to port: 8080

Since we kill the old tunnel before starting a new, I don't understand why
this error message occurs.

Any hints?


I remember from years ago, a problem like this. The TCP bind was not freed up
as quickly as one might expect. "kill -9" could be causing this not giving the
application time to shutdown.

Search for tcp bind address already in use

https://hea-www.harvard.edu/~fine/Tech/addrinuse.html



--
Thomas Guettler http://www.thomas-guettler.de/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux