<div dir="ltr">Greg,<br><br>I use reverse tunnels as a primary means of access and have little issues with it. <br><br>To
keep the connection alive, I run a "keepalive" script that merely runs
ls, sleeps 60 seconds and repeats on the target host. I also fork the
ssh process in the background and have TCPKeepAlive set to yes in my
ssh config.<br>
<br>My ssh config has all my RemoteForwards statements. My command line is: <br><br>ssh -f target_host "~/keepalive.sh"<br><br>The
other thing I did but does not seem to work properly is I have a 5min
cronjob that looks for my ssh process. If the process is not found it
runs the command above. <br>
<br>This is little tacky but it seems to work for me.<br><br>John<br><br><div class="gmail_quote">On Wed, Aug 20, 2008 at 11:50 AM, Greg Freemyer <span dir="ltr"><<a href="mailto:greg.freemyer@gmail.com">greg.freemyer@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">All,<br>
<br>
Does anyone know a recipe for "Robust Reverse Tunnels via SSH", or<br>
some other robust way to achieve reverse tunnels.<br>
<br>
=== background<br>
<br>
I've seen a few posts about ssh agent forwarding, etc. That assumes<br>
you have at least one way through the firewall.<br>
<br>
I need to talk to a machine behind a firewall and I don't want to open<br>
up a port. ssh with the -R option puts in place a reverse tunnel to a<br>
gateway server. Exactly what I want to do.<br>
<br>
I've tried to set it up this weekend. It works, but it has not been<br>
very robust.<br>
<br>
I've seen comments online saying you can add an entry to crontab to<br>
address that. I've done that as well and I can see the new ssh<br>
sessions being initiated from the remote server on my gateway server,<br>
but when I try ssh to the gateway port, I get nothing more often than<br>
not. (It has worked a few times, so I have the basic concepts right.)<br>
<br>
Thanks<br>
Greg<br>
--<br>
Greg Freemyer<br>
Litigation Triage Solutions Specialist<br>
<a href="http://www.linkedin.com/in/gregfreemyer" target="_blank">http://www.linkedin.com/in/gregfreemyer</a><br>
First 99 Days Litigation White Paper -<br>
<a href="http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf" target="_blank">http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf</a><br>
<br>
The Norcross Group<br>
The Intersection of Evidence & Technology<br>
<a href="http://www.norcrossgroup.com" target="_blank">http://www.norcrossgroup.com</a><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>John Clinton<br><a href="mailto:john@mysnmp.org">john@mysnmp.org</a><br>Mobile: 404.200.7333<br>
</div>