Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh multiplexing (ControlMaster) and forwards
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Thu Oct 13, 2016 10:06 am    Post subject: ssh multiplexing (ControlMaster) and forwards Reply with quote

Hi,

I got to know the powerful ssh multiplexing by using ControlMaster auto that makes remote connections faster and more responsive.
However since I enabled that, the way of adding forwards like
Code:
ssh -N -L <port>:<host>:<port> host2 &

makes that terminal very slow, only accepting every 2nd keystroke. On the other hand the connection is only working when hitting enter on that terminal. It seems that multiplexing makes the forward not correctly detaching by &. Without & the forward works well.

btw. what is the Gentoo way of adding those forwards by OpenRC when the connection is up? Usually those forwards are breaking after Supend-to-ram or network issues. I'd like to restart the forward automatically.
I was looking if shorewall can do the forwards, as shorewall also has some ifup ifdown scripts, but the #shorewall people say that is out of shorewall scope.[/code]
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13490

PostPosted: Fri Oct 14, 2016 1:51 am    Post subject: Reply with quote

You should not place ssh in the background using the shell. Instead, you should use -f to ask ssh to place itself in the background (and stop reading from your terminal) after it authenticates.
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Tue Oct 18, 2016 6:45 am    Post subject: Reply with quote

Thanks. While trying to make dropped forwards restarting and more reliable I looked at autossh. But can that be used for this kind of forward? Reading the man mage I tried replacing the ssh command with autossh, but failing:
Code:
autossh  -N -L <port>:<host>:<port> host2

That was about restarting broken connections. However with more than 2 or 3 such forwards it could be worth to look at sshuttle. But that would forward everything by default, if not creating some dummy interface and some iptable rules myself to forward only per destination host or port.

As for the performance, sshuttle explains about the bad situation of tcp-over-tcp tunnels, seriously improved by sshuttle, but is this the case when forwarding tcp connection multiplexed (ControlMaster) over ssh?
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5584

PostPosted: Tue Oct 18, 2016 4:38 pm    Post subject: Re: ssh multiplexing (ControlMaster) and forwards Reply with quote

Massimo B. wrote:
btw. what is the Gentoo way of adding those forwards by OpenRC when the connection is up? Usually those forwards are breaking after Supend-to-ram or network issues. I'd like to restart the forward automatically.

OpenRC will not restart the process automatically after it dies so this is not possible there. I have this kind of setup on my laptop, but I use runit (same command line, no -f or &).
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Wed Oct 19, 2016 6:48 am    Post subject: Reply with quote

Reading that runit is a sysvinit replacement, is it also a complete replacement of OpenRC or systemd? I don't think I would like that way. OpenRC should also have a method to restart a killed process.

btw. if using -f I don't see at all if connections are broken. With & before I had at least the "Broken pipe.." on stdout from the background process. I guess for now I just spend some terminals and use ssh without -f, I can detect if it is killed and restart. I could even insert it into while true;do ssh...;done. But these loops are a bit tricky to kill in general as one need to kill the parent shell.
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum