autossh not working for two or more tunnels - or is there an alternative?
From the autossh documentation:
autossh uses ssh to construct a loop of ssh forwardings (one from local to remote, one from remote to local), and then sends test data that it expects to get back.
-M port[:echo_port] specifies the base monitoring port to use. Without the echo port, this port and the port immediately above it ( port + 1) should be something nothing else is using. autossh will send test data on the base monitoring port, and receive it back on the port above. For example, if you specify "-M 20000", autossh will set up forwards so that it can send data on port 20000 and receive it back on 20001.
if you are using -M 20000 twice, this must fail. Use different ports for that (with one port space between them, so -M 20000 and -M 20002 would work). I recommend doing a "man autossh" and read the documentation of autossh, its also available online: http://www.manpagez.com/man/1/autossh/ . If you are using a lot of autossh tunnels, you may setup a dedicated echo service (From autossh documentation again):
Alternatively, a port for a remote echo service may be specified. This should be port 7 if you wish to use the standard inetd echo service. When an echo port is specified, only the specified monitor port is used, and it carries the monitor message in both directions. This allows the autossh to verify the connection without blocking ports for each tunnel on the remote side.
If you want to use xinetd for that, here is my echo service decleration:
service echo
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/bin/cat
log_on_failure += USERID
only_from = 127.0.0.1
disable = no
}
then you can use -M 20000:7 on all tunnels from different machines. if you have multiple tunnelns on one machine, use multiple -L or -R options or use a different port like -M 20002:7
You can specify both tunnels on the same ssh command.
ssh -R 123.456.789.45:2214:127.0.0.1:22 -R 123.456.789.45:2215:127.0.0.1:22 tunnel-user@gateway
Or may you can try to add tunnels in a .ssh/config like this, so the command line didn't get too crowded:
host server1
RemoteForward 123.456.789.45:2214:127.0.0.1:22
RemoteForward 123.456.789.45:2215:127.0.0.1:22
You can configure multiple tunnels in autossh's config file. Unfortunately it is not too well documented. For two tunnels, with your given details, and based on PubkeyAuthentication I'd do it like so (SuSE 11 SP 4):
In /etc/sysconfig/autossh
# Number of autossh instances to spawn on start.
AUTOSSH_SPAWNS="3"
# All options except for the first must end with "_<number>"
AUTOSSH_OPTIONS_1="tunnel-user1@server1 \
-i /home/tunnel-user1/.ssh/id_rsa \
-M 0 -f -N -L2214:127.0.0.1:22 -o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 -o ServerAliveCountMax=3
-o StrictHostKeyChecking=no"
AUTOSSH_OPTIONS_2="tunnel-user2@server2 \
-i /home/tunnel-user2/.ssh/id_rsa \
-M 0 -f -N -L2215:127.0.0.1:22 -o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 -o ServerAliveCountMax=3
-o StrictHostKeyChecking=no"
Of course everything else with respect to a successful ssh connection with keys must be in place
- pub keys of tunnel-users in the servers'
/home/tunnel-user[1|2]/.ssh/authorized_keysfiles - tunnel-user must exist on the gateways and servers
- and be configured in
/etc/ssh/sshd_config - on the gateway's sshd_config
AllowTcpForwardingmust be setyesas well asPermitTunnel