| [Unit] | |
| Description=Keeps a tunnel to 'remote.example.com' open | |
| After=network.target | |
| [Service] | |
| User=autossh | |
| # -p [PORT] | |
| # -l [user] | |
| # -M 0 --> no monitoring | |
| # -N Just open the connection and do nothing (not interactive) | |
| # LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM | |
| ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -l autossh remote.example.com -L 7474:127.0.0.1:7474 -i /home/autossh/.ssh/id_rsa | |
| [Install] | |
| WantedBy=multi-user.target |
Hi, I have this service for tunnel with autossh
[Unit]
Description=Open my Tunnel
After=network.target
[Service]
ExecStart=autossh -M 12000 -N -f -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -i /home/usrtunel/.ssh/clavetunel -R 7090:localhost:7080 usrremote@100.xxx.xxx.xxx -p YYY
WorkingDirectory=/opt/run
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
If I run the autossh by hand, in command line, the tunnel remains open and working fine.
But with the service I found that every a while the service restart
My log shows this:
Dec 27 19:26:51 myserver autossh[24726]: starting ssh (count 1)
Dec 27 19:26:51 myserver autossh[24726]: ssh child pid is 24727
Dec 27 19:26:51 myserver autossh[24726]: received signal to exit (15)
Dec 27 19:26:57 myserver autossh[24732]: starting ssh (count 1)
Dec 27 19:26:57 myserver autossh[24732]: ssh child pid is 24733
Dec 27 19:26:57 myserver autossh[24732]: signalled to exit
Dec 27 19:28:32 myserver autossh[24897]: starting ssh (count 1)
Dec 27 19:28:32 myserver autossh[24897]: ssh child pid is 24898
Dec 27 19:28:32 myserver autossh[24897]: signalled to exit
Dec 27 19:30:08 myserver autossh[25106]: starting ssh (count 1)
Dec 27 19:30:08 myserver autossh[25106]: ssh child pid is 25107
Dec 27 19:30:08 myserver autossh[25106]: signalled to exit
Dec 27 19:31:43 myserver autossh[25278]: starting ssh (count 1)
Dec 27 19:31:43 myserver autossh[25278]: ssh child pid is 25279
Dec 27 19:31:43 myserver autossh[25278]: signalled to exit
What I see is that service stop autossh every few minutes, why? where is the error?
@jotakar I've been using:
[Unit]
Description=Keep open a reverse tunnel to my computer via the DMZ server
After=network.target
[Service]
ExecStart=/usr/bin/ssh -NT tunnel
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
With tunnel defined in /root/.ssh/config as
Host tunnel
HostName <redacted>
User <redacted>
IdentityFile ~/.ssh/id_tunnel
ProxyCommand ssh bastion -W %h:%p
RemoteForward <redacted port> localhost:22
ExitOnForwardFailure yes
ServerAliveCountMax 5
And the bastion host also defined in the same file as
Host bastion
HostName <redacted>
User <redacted>
IdentityFile ~/.ssh/id_tunnel
ForwardAgent yes
I also have
Host *
ServerAliveInterval 60
IdentitiesOnly yes
at the top of my /root/.ssh/config, on the off-chance that's relevant.
I've found this to be very consistent and stable, and easy to test (ssh bastion, ssh -NT tunnel) when setting it up. Perhaps removing autossh and setting it up this way might help?
For completeness, you should also add:
ExecStop=kill -9 autosshWithout it
systemctl stop autosshwon't do anything.
I think it would be better idea to add
KillMode=control-groupto the .service file because that will kill everything that was started (recursively) and nothing more. In addition, it will first send SIGTERM and use SIGKILL only if the process will not stop nicely.
If you randomly kill one or all autossh processes in the system, you might kill more than expected if autossh is used for other stuff, too.
See https://www.freedesktop.org/software/systemd/man/systemd.kill.html#KillMode= for details
@jotakar :
What I see is that service stop autossh every few minutes, why? where is the error?
Don't use -f when using autossh as a systemd simple service. It will fork autossh (put in the background) and confuse systemd into thinking it ended.
Of course you do, without it autossh will give up if the very first connection attempt fails.
Systemd's Restart=always and RestartSec=60 can take care of that. You usually want autossh to fail fast if it can't do the first connection, as it usually means misconfiguration or authentication issues, and giving up after first attempt helps highlighting that on the journalctl logs.
JFYI: I created an SSH tunnel SystemD service that works without the autossh github.com/yurt-page/sshtunnel
@ScumCoder this wasn't my experience of it, I never used AUTOSSH_GATETIME but I use autossh and it does retry. It's been a while since I looked at it though, so stuff may have changed.