search

OSSystems / ssh-tunnel

MIT License
1 stars 1 forks source link

SSH Connections Remain Open #1

Open JLee21 opened 5 years ago

JLee21 commented 5 years ago

Hello @ldnunes !

It appears that the local, embedded agent does not close its reverse ssh tunnels once the end-user is done using the ssh-tunnel. This can lead to multiple reverse ssh tunnels being active which then appears to disable any new incoming connections.

For example, I would create a new connection with ssh mygateway.com -l root@my-embedded-device And then once I'm done I would just

Last login: Wed Dec 19 21:02:37 2018 from 192.168.1.11
root@my-embedded-device:~# exit

However, if I need to connect to the agent multiple times through the day it can begin to look like this:

 8803  5706 root     S     4832  0.4   0  0.0 ssh -i /usr/share/ssh-tunnel/id_rsa -o StrictHostKeyChecking=no -nNT -p 2221 -R 41763:localhost:22 ssh@gateway.kcam-service.com
10112  5706 root     S     4828  0.4   0  0.0 ssh -i /usr/share/ssh-tunnel/id_rsa -o StrictHostKeyChecking=no -nNT -p 2221 -R 37723:localhost:22 ssh@gateway.kcam-service.com
10064  5706 root     S     4696  0.4   0  0.0 ssh -i /usr/share/ssh-tunnel/id_rsa -o StrictHostKeyChecking=no -nNT -p 2221 -R 42963:localhost:22 ssh@gateway.kcam-service.com
10123  5706 root     S     4696  0.4   0  0.0 ssh -i /usr/share/ssh-tunnel/id_rsa -o StrictHostKeyChecking=no -nNT -p 2221 -R 40601:localhost:22 ssh@gateway.kcam-service.com
10075  5706 root     S     4696  0.4   3  0.0 ssh -i /usr/share/ssh-tunnel/id_rsa -o StrictHostKeyChecking=no -nNT -p 2221 -R 38787:localhost:22 ssh@gateway.kcam-service.com
 6018     1 root     S     4688  0.4   2  0.0 sshd: root@pts/0
JLee21 commented 5 years ago

After using ssh-tunnel successfully for several days, the app seems to stall out and I'm not able to establish any SSH connections to the unit. Can we please correct this behavior?

I can connect to the gateway server but it appears ssh-tunnel-agent is failing to establish its Reverse SSH tunnel.

SnoopMac:~ topher$ karlt
The authenticity of host 'gateway.kcam-service.com (54.244.216.203)' can't be established.
RSA key fingerprint is SHA256:L2r6RODoD4gXUz2UllocdWbBjNFAjHGtg1rLgpvuwj4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gateway.kcam-service.com,54.244.216.203' (RSA) to the list of known hosts.
password:
Failed to connect to root@localhost:37455: dial tcp [::1]:37455: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$ karlt
password:
Failed to connect to root@localhost:45769: dial tcp [::1]:45769: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$
SnoopMac:~ topher$
SnoopMac:~ topher$
SnoopMac:~ topher$ karlt
password:
Failed to connect to root@localhost:45021: dial tcp [::1]:45021: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$ karlt
password:
Failed to connect to root@localhost:37717: dial tcp [::1]:37717: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$ karlt
password:
Failed to connect to root@localhost:35593: dial tcp [::1]:35593: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$ karlt
password:
Failed to connect to root@localhost:38149: dial tcp [::1]:38149: connect: connection refused
Connection to gateway.kcam-service.com closed.
SnoopMac:~ topher$

Logs

There were no logs. They appeared to have malfunctioned according to systemctl status ssh-tunnel

image

JLee21 commented 5 years ago

Works well. ssh-tunnel closes connections upon exit or dropped connection.