|Description=Keeps a tunnel to 'remote.example.com' open|
|# -p [PORT]|
|# -l [user]|
|# -M 0 --> no monitoring|
|# -N Just open the connection and do nothing (not interactive)|
|ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -l autossh remote.example.com -L 7474:127.0.0.1:7474 -i /home/autossh/.ssh/id_rsa|
Mar 14, 2020
Mar 25, 2020
Running into a strange problem....
[Unit] Description=AutoSSH tunnel After=network.target [Service] Environment="AUTOSSH_GATETIME=0" ExecStart=/usr/bin/autossh -N -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i ~/.ssh/id_rsa -R 6666:localhost:22 ********@********** -p 22 [Install] WantedBy=multi-user.target
After running daemon-reload and
sudo systemctl start autossh I can see it running after issuing a
ps ax | grep autossh with the exact command in the ExecStart listed above. However, when I check my remote host, nothing is listening on port 6666.
However, if I copy/paste that exact ExecStart line into a terminal and run it manually, it connects fine. I can reverse SSH to port 6666 without issue. So the command runs fine, when entered manually....but with systemd I see the service running, no errors, but no connection. Any ideas?
This is on CentOS 7....
Jan 14, 2021
There's some unsound advice in the comments here, see https://gist.github.com/Strykar/a65cf6461fdcc41a3e78f5fbbf9e18f9
May 13, 2021
Some stuff is overkill, e.g.
- you don't need the ExecStop,
systemctl stop autosshwill work just fine out of the box
- you don't need the AUTOSSH_GATETIME setting
Jul 12, 2022
Some stuff is overkill, e.g.
* you don't need the AUTOSSH_GATETIME setting
Of course you do, without it autossh will give up if the very first connection attempt fails.
You USED to not need it, because it was implied by the
-f flag. Except that systemd does not support the
Jul 14, 2022
@ScumCoder this wasn't my experience of it, I never used AUTOSSH_GATETIME but I use autossh and it does retry. It's been a while since I looked at it though, so stuff may have changed.
Dec 27, 2022
Hi, I have this service for tunnel with autossh
[Unit] Description=Open my Tunnel After=network.target [Service] ExecStart=autossh -M 12000 -N -f -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -i /home/usrtunel/.ssh/clavetunel -R 7090:localhost:7080 firstname.lastname@example.org -p YYY WorkingDirectory=/opt/run RestartSec=5 Restart=always [Install] WantedBy=multi-user.target
If I run the autossh by hand, in command line, the tunnel remains open and working fine.
But with the service I found that every a while the service restart
My log shows this:
Dec 27 19:26:51 myserver autossh: starting ssh (count 1) Dec 27 19:26:51 myserver autossh: ssh child pid is 24727 Dec 27 19:26:51 myserver autossh: received signal to exit (15) Dec 27 19:26:57 myserver autossh: starting ssh (count 1) Dec 27 19:26:57 myserver autossh: ssh child pid is 24733 Dec 27 19:26:57 myserver autossh: signalled to exit Dec 27 19:28:32 myserver autossh: starting ssh (count 1) Dec 27 19:28:32 myserver autossh: ssh child pid is 24898 Dec 27 19:28:32 myserver autossh: signalled to exit Dec 27 19:30:08 myserver autossh: starting ssh (count 1) Dec 27 19:30:08 myserver autossh: ssh child pid is 25107 Dec 27 19:30:08 myserver autossh: signalled to exit Dec 27 19:31:43 myserver autossh: starting ssh (count 1) Dec 27 19:31:43 myserver autossh: ssh child pid is 25279 Dec 27 19:31:43 myserver autossh: signalled to exit
What I see is that service stop autossh every few minutes, why? where is the error?
Jan 10, 2023
@jotakar I've been using:
[Unit] Description=Keep open a reverse tunnel to my computer via the DMZ server After=network.target [Service] ExecStart=/usr/bin/ssh -NT tunnel RestartSec=5 Restart=always [Install] WantedBy=multi-user.target
tunnel defined in
Host tunnel HostName <redacted> User <redacted> IdentityFile ~/.ssh/id_tunnel ProxyCommand ssh bastion -W %h:%p RemoteForward <redacted port> localhost:22 ExitOnForwardFailure yes ServerAliveCountMax 5
bastion host also defined in the same file as
Host bastion HostName <redacted> User <redacted> IdentityFile ~/.ssh/id_tunnel ForwardAgent yes
I also have
Host * ServerAliveInterval 60 IdentitiesOnly yes
at the top of my
/root/.ssh/config, on the off-chance that's relevant.
I've found this to be very consistent and stable, and easy to test (
ssh -NT tunnel) when setting it up. Perhaps removing autossh and setting it up this way might help?
Mar 22, 2023
For completeness, you should also add:ExecStop=kill -9 autossh
systemctl stop autosshwon't do anything.
I think it would be better idea to add
.service file because that will kill everything that was started (recursively) and nothing more. In addition, it will first send
SIGTERM and use
SIGKILL only if the process will not stop nicely.
If you randomly kill one or all
autossh processes in the system, you might kill more than expected if
autossh is used for other stuff, too.
See https://www.freedesktop.org/software/systemd/man/systemd.kill.html#KillMode= for details
Interactive authentication requiredseems to be the key part of the error msg to me. Try executing the command first as sudo to see what interactive prompts are required. Most likely you need to add a new host key to