LINUXMIND.DEV

Persistent Remote Connection with autossh

Persistent Remote Connections with autossh

autossh is a small utility designed to automatically restart SSH sessions and tunnels in the event of a failure or connection drop. In modern distributed architectures, maintaining an uninterrupted secure channel to remote servers is critical. This article explores installation, configuration, use cases, best practices, and troubleshooting for autossh.

1. Why Persistent SSH

  • Network Unreliability: WAN and mobile links can be unstable.
  • Firewall Timeouts: Many firewalls drop idle sessions after a period.
  • Automated Services: Continuous tunnels for monitoring, backup, or data replication require high availability.

2. Introducing autossh

autossh wraps the standard SSH client. It monitors the connection by setting up a looped port forwarding channel (using -M), and if traffic stops or SSH dies, it restarts the session.

  • Author: Todd Sabin
  • License: BSD-style
  • Primary feature: automatic re-connection without manual intervention

3. Installation amp Compatibility

  • Debian/Ubuntu: apt-get install autossh
  • RedHat/CentOS: yum install autossh or EPEL
  • macOS: brew install autossh
  • FreeBSD: pkg install autossh

4. Basic Usage

autossh -M 20000 -f -N -L local_port:remote_host:remote_port user@remote.example.com
  • -M 20000: monitor port
  • -f: fork to background
  • -N: do not execute remote commands
  • -L: local port forwarding

5. Common Options

Option Description
-M ltportgt Monitor port for heartbeat.
-f Go to background before command execution.
-N No remote command.
-o ExitOnForwardFailure=yes Ensure SSH exits if port forwarding setup fails.

6. Key-Based Authentication

  1. Generate key: ssh-keygen -t ed25519
  2. Copy public key: ssh-copy-id user@remote.example.com
  3. Test passwordless: ssh user@remote.example.com echo OK

7. Systemd Integration

[Unit]
Description=autossh tunnel service

[Service]
User=deploy
Environment=AUTOSSH_GATETIME=0
ExecStart=/usr/bin/autossh -M 0 -N -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -L 8080:localhost:80 deploy@remote.example.com
Restart=always

[Install]
WantedBy=multi-user.target

Save as /etc/systemd/system/autossh-tunnel.service, then:

  • systemctl daemon-reload
  • systemctl enable --now autossh-tunnel

8. Use Cases

  • Remote Web Management: Securely expose http://remote:80 locally.
  • Database Access: Forward 3306 for MySQL/PostgreSQL traffic.
  • IoT Devices: Maintain a reverse tunnel (-R) to devices behind NAT.

9. Security Considerations

  • Use strong key algorithms (ed25519, ecdsa).
  • Restrict commands in authorized_keys with command=….
  • Limit forwarded ports to necessary endpoints only.
  • Regularly patch OpenSSH and autossh.

10. Alternatives amp Comparisons

  • mosh: Good for roaming clients but not for port forwarding.
  • Systemd restart vs autossh: systemd can restart failures, but lacks heartbeat monitoring.
  • VPN solutions: sometimes you may opt for a site-to-site VPN instead of SSH tunnels:

11. Troubleshooting Tips

  • Check ~/.ssh/known_hosts for mismatched fingerprints.
  • Enable verbose logging: -vvv to diagnose SSH negotiation issues.
  • Inspect system logs: journalctl -u autossh-tunnel.
  • Ensure the monitor port (-M) is not firewalled.

Conclusion

By leveraging autossh, administrators and DevOps engineers can ensure continuous, reliable, and secure tunnels without manual intervention. Whether for remote service management, data replication, or IoT connectivity, autossh remains a lightweight and robust solution.

Download TXT



Powered by LinuxMind

Leave a Reply

Your email address will not be published. Required fields are marked *