[AusNOG] Detecting "hung" ssh sessions.

Karl Auer kauer at biplane.com.au
Mon Feb 22 14:53:27 EST 2016


On Mon, 2016-02-22 at 14:07 +1100, Ross Wheeler wrote:
> instead I have each device ssh to one of my hosts and create a reverse 
> tunnel.

Use a sentinel file on the terminating host. Have the remote hosts check
for its presence at frequent intervals. Depending on what you want they
could bring up the tunnels if it's there, destroy the tunnels if it's
there, or reset the tunnels if it's there. Or bring them up when they
see it, keep watching, and take them down if it disappears. The general
idea is that the tunnel-builders react to something that is under your
more direct control.

> Each remote box also periodically (cron) checks that the ssh session is 
> (still) running (simple ps) and (re)starts it if not.

You could do the check for a sentinel file - or other check of your
choosing - via a shared connection (look at the -S, -O etc options to
ssh) and if the check fails assume the whole connection is dead and
restart the tunnel.

Are you using server keepalives or just TCP keepalives? The former are
more responsive, but I seem to remember (checks... yes) you can only use
them if you are using ssh protocol version 2.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4




More information about the AusNOG mailing list