I have created a reverse SSH tunnel that creates a UNIX socket on a distant server (let's call it proxy_srv), so that I can connect the tunnel owner (named target_srv in the rest of this question) in 2 steps: creating a link from the Unix socket to a TCP port with socat
, and connect to that port with a SSH client (SSH client does not seems to accept connecting to a Unix socket, so I used that socat
trick as a workaround).
The commands involved are (enough to reproduce, a little more in practice, with identity files & co), in that order:
From target_srv:
me@target_srv:% ssh -CNR /tmp/$(hostname):127.0.0.1:22 me@proxy_srv -o ExitOnForwardFailure=yes
From proxy_srv:
me@proxy_srv:% socat TCP-LISTEN:2222 UNIX-CONNECT:/tmp/target_srv
From any other computer that can access proxy_srv:
ssh someone@proxy_srv
The goal of all this is to have a tunnel built automatically from machines that use GPRS networks to an access point so that I can access them in case of problems, considering the fact I do not have physical access to them (too many kilometers away).
I have 2 major problems:
when someone deletes the Unix socket file on proxy_srv, the tunnel does not ends, so I can not recreate it (easy to workaround, just use a dedicated user, but still a little concerning to me),
most importantly, if for some reason something on target_srv was restarted, either a physical reboot or a system crash with things going up automatically after, the file on proxy_srv is not deleted, and the tunnel can't be rebuilt. Of course, I could just delete it, and hope the problem is not a conflict with another computer, but I think there must be a better way to at least work around that, for example detecting socket files that no longer have listeners and automatically delete them regularly (inside a dedicated folder, of course).
Any idea?