You are not logged in.
I need to provide an internal network with a reverse shell mechanism as the internal network has no single IP.
On the internal side I am doing this
ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=15 -R 64022:localhost:22 user@remotehost /bin/sh -c '"sleep 5"'the sleep allows polling the port for connectivity on the remote server .
On the remote side I am executing in a loop something like this
while ! ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o ServerAliveInterval=15 user@localhost -p 64022; do
sleep 1
donethis seems to work perfectly, however, if I kill the terminal after the session from remote --> internal has started then the ssh session doesn't die, it persists in a wait state.
If I exit the session properly then both remote and local seem to die properly. Is there some way to prevent the persistence?
I added the -o ServerAliveInterval=15 options to see if that would help, but it doesn't seem to.
Offline
There are various edge conditions etc which you don't really need to deal with if you just use autossh which has been around for many years to do exactly this. It is in the standard Arch packages.
Offline
thanks bulletmark, but I have the reverse of the problem autossh tries to solve. I want my connection to go away reliably rather than persist when the remote terminal has been killed (usually by someone clicking on a window close icon).
As I understand it, autossh tries to keep the connection up and dies only when deliberately killed on the local side. I think my problems are on the remote.
Offline
What's the point of that second ssh command? Don't you just want to run an ssh command from internal to external server which creates a reverse port forward for users to ssh from external back to internal? I.e. they don't have ssh access directly, so you are creating a reverse tunnel for them? That's a common thing people do and they use autossh for it.
Offline
You are correct in assuming I wish to make a tunnel available from remote --> internal, but I don't want it open all the time. I use a loop to test and to convert a remote ssh session into a session on the internal machine. When the last user gracefully exits the tunneled session then the tunnel should die; autossh seems to want to keep the tunnel open all the time. Problem is that killing the tunneled session window leaves behind the tunneled session. I don't want a persistent connection, but one that can be used in emergency in response to some signal on an external machine.
Offline
Why do something odd like that? You can set up the user account for the autossh on the external machine so that connection is extremely lightweight and has almost zero authority to do anything, certainly you would not allow an actual session, or allow remote commands etc. Just allow it to create the reverse tunnel and that is all. The ~/.authorized_keys entry would be something like I have used before:
no-pty,no-X11-forwarding,no-agent-forwarding,command="/bin/echo Command not allowed",permitopen="localhost:64022" ssh-rsa <ssh_key> serverI.e. the only thing the autossh can do on your remote server is to create the ssh tunnel for users.
Offline
Why do something odd like that?
I have my instructions from security guys, they do not want a permanent extra hole for whatever reason.
Offline
FWIW I think the issue is that the remote script polling is the hanger, if I change so the polling is done by nc and then we exec ssh then it seems hangup propagation does work.
Offline