Controlling port 2222 to 22 failover

[gdevenyi]

I'd like to default to using hpnssh as my ssh command all the time, however, in some network I work in, port 2222 is a black-hole out to the internet due to the firewall.

This means the hpnssh 2222->22 failover hangs.

I would like to request the introduction of some "-o" options to specify a timeout for triggering the transition from port 2222 to port 22

Forgive me if this is already available, I was unable to find an option in the man pages.

[rapier1]

Hi, there are a couple of ways to do that. Assuming that you are being blackholed from the client side the easiest thing to do is us the -p option. E.g. hpnssh -p22 host will force the client to try connecting on port 22 as opposed to the default of port 2222. You can also modify the ssh_config file if you don't want use the -p option. The site wide one is located in /etc/hpnssh/ssh_config. Uncomment the line that says # Port 22 and the hpnssh clients will automatically use port 22 for all connection attempts. If you don't want to change it for everyone you can use ~/.ssh/config. Just cp /etc/hpnssh/ssh_config ~/.ssh/config as a template and go from there. More information on how to configure the ssh_config file can be found with man hpnssh_config. As a note, if you use a local config file that will apply to ssh and hpnssh as we (hpnssh) use the same directories for keys and configs.

Let me know if this helps.

[gdevenyi]

Thanks for the suggestion, I'm aware I can control the port, however, I'd still like hpnssh to try 2222, since some endpoints I connect to do have HPNSSH available, hence I'd like to enable it to try and fail in a specified timeframe, like a connection timeout.

[rapier1]

Ah, I misread what you were asking for. Let me see what I can do about that.

[rapier1]

Okay, took me a moment to track down the specific option to handle the timeout period for connection attempts. Normally, ssh uses the TCP default timeout which can be excessively long. However, you can override this with -OConnectTimeout=N where N is the number of seconds you want to wait for a timeout. As a note: "This timeout is applied both to establishing the connection and to performing the initial SSH protocol handshake and key exchange." That shouldn't make much of a difference but if you start having problems during the key exchange try increasing ConnectTimeout.

When hpnssh tries to connect to port 2222 it is using the same method that OpenSSH uses (ssh_connect) so the ConnectTimeout option will/should work as expected.

You can also set this in ssh_config if you like. Just insert the line ConnectTimeout 10 if you want a 10 second timeout, for example.

[gdevenyi]

Awesome great, I can confirm that adding -o ConnectTimeout=3 will result in a quick failover and retry on the next port.

This issue can be transformed into a request to document this behaviour somewhere :)

[rapier1]

Request heard. In reviewing the man pages I noticed that I don't make any mention of the fallback port option or other aspects of this. I'll get something in the manpages as soon as I can.