I have a few devices that may get serviced through a server.
Since the devices connect through a GPRS network with inbound connections blocked I make them check with the server every few minutes. The server will response if a reverse ssh tunnel is needed for the support team and handle them an available port in the server.
Once this port is handled to the client device, the device will open a reverse ssh tunnel on an limited user account (no shell available due command="/sbin/nologin"
directive on the authorized_keys
file) with this command:
ssh -fN -R $AVAILABLE_PORT:localhost:22 srvUsername@srvHost -i Indentity
On the server I can see the available port has been used with netstat -tulpn
with an output like this:
tcp 0 0 127.0.0.1:PORT 0.0.0.0:* LISTEN -
tcp 0 0 ::1:PORT :::* LISTEN -
And that port will remain listening unless I kill the ssh process on the client machine that opened it.
But from time to time (during network issues mostly) even if I kill the process or shutdown the client machine, this port will keep listening on the server.
There's a way to close down that socket from the server side without restarting the ssh service?
GPRS connections are kind of unstable so I might get with a situation where I used up all my available ports and have to wait until they expire. Also I'm relying that the clients successfully kill the ssh process when the connection is no longer needed. I would like to do that on the server side.