From owner-freebsd-questions@FreeBSD.ORG Wed Jul 26 09:49:52 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0D6716A4DE for ; Wed, 26 Jul 2006 09:49:52 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B1F643D53 for ; Wed, 26 Jul 2006 09:49:51 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k6Q9noEY031779; Wed, 26 Jul 2006 12:49:50 +0300 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Wed, 26 Jul 2006 12:47:53 +0300 User-Agent: KMail/1.9.1 References: <715841970607251003o1d358d3dl894291f50a0b8053@mail.gmail.com> In-Reply-To: <715841970607251003o1d358d3dl894291f50a0b8053@mail.gmail.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200607261247.53917.nvass@teledomenet.gr> Cc: Drew Subject: Re: ssh tunnel - remote access through nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2006 09:49:53 -0000 On Tuesday 25 July 2006 20:03, Drew wrote: > Hi, > I've got a box that's nat'd out to the internet. It is occassionally > neccessary for me to access this box remotely. The obvious answer is: > > ssh -R 7777:localhost:22 remote.box cat > > run from the nat'd box where remote box is a place I pretty much always > have access too from anywhere, anytime. The problem is that the connection > between these two boxes is famously unreliable - so I need to ensure that > this connection stays available. Unfortunately, the procedure for this is > not obvious to me. I've thought about a cron job, as the connection would > simply fail if it couldn't bind to 7777 on the remote box to listen. But > I'm thinking there has to be something that makes more sense. Suggestions? > Feedback? Thanks in advance for any pointers. you can do something like this in bourne-like shells: while true; do ssh -N ... sleep 1 done and something like this in csh: while ( 1 ) ... end from ssh manual: -N Do not execute a remote command. This is useful for just for- warding ports (protocol version 2 only). The sleep command is used to add a little delay in case there is some- thing really wrong and ssh returns immediately, resulting in looping very fast. Then you just have to ensure that ssh will be aware of a dropped connection (by the means of keep-alives) and exit. You can do this with ssh, but you have configure keep-alives on both machines, client and server. An alternative method would be ipfw keep-alives for dynamic rules and you have to configure it only on the box you're ssh'ing from. It works very nice. In both cases you have to use public key authentication in order to log on automatically after a network failure. I guess it's already set up. A few pointers, read ssh, sshd, ssh-keygen and ipfw manuals HTH, Nikos