Timeline for How to reliably keep an SSH tunnel open?
Current License: CC BY-SA 3.0
9 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Feb 14 at 13:57 | comment | added | cafce25 |
The After should specify network-online.target instead, that ensures the network target isn't only started, but there is actually a connection. Without that, ssh might not be able to resolve domain names and fail.
|
|
Jul 8, 2023 at 5:37 | comment | added | Sergey Ponomarev | Please check out my systemd service github.com/yurt-page/sshtunnel | |
Mar 22, 2022 at 22:07 | comment | added | CPBL |
Fails for me. ie the tunnel isn't open. Where do I find the error messages from systemd? When I try to use the tunnel, I get: channel 0: open failed: connect failed: Connection refused stdio forwarding failed kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535 but 65535 was not mentioned in my command. My tunnel works fine if I set it up myself.
|
|
Nov 6, 2021 at 13:51 | comment | added | Yeti |
You forgot about adding StartLimitIntervalSec=0 to the [Unit] section. This disables the rate-limiting feature of systemd, which prevents restarting services if they fail too fast. This could happen if the local network device is temporarily down, and ssh would quit immediately with a connection refused error.
|
|
Mar 22, 2018 at 19:42 | comment | added | David Tonhofer |
If you want to start ssh from a (bash) script given as argument to ExecStart for example to build the ssh argument list, do basic checks etc then call it from the script like so exec /bin/ssh -N ... . Here is my command: exec /bin/ssh -N -oExitOnForwardFailure=Yes -oTCPKeepAlive=no -oServerAliveInterval=5 -oServerAliveCountMax=6 -i "${LOCAL_PRIVATE_KEY}" -L "${TUNNEL_INLET}:${TUNNEL_OUTLET}" "${REMOTE_USER}@${REMOTE_MACHINE}" where TUNNEL_INLET="127.0.0.1:3307" and TUNNEL_OUTLET="127.0.0.1:3306"
|
|
Mar 22, 2018 at 19:36 | comment | added | David Tonhofer |
Excellent for a systemd system. If one uses Restart=on-failure then manually killing the SSH client will not result in a restart-by-systemd as the SSH client with exit with success.
|
|
Jan 14, 2018 at 3:39 | history | edited | IanB | CC BY-SA 3.0 |
add update warning about SELinux policy restrictions
|
Dec 22, 2017 at 11:47 | comment | added | guettli | This looks very similar to my gist: gist.github.com/guettli/… Feedback is welcome! | |
Jul 28, 2016 at 6:10 | history | answered | IanB | CC BY-SA 3.0 |