0

Two computers:

  1. Desktop-Ubuntu; fixed local IP, connected to a modem with port 22 open and forwarding to it. Because of dynamic IP I have a no-ip account. So domain-Desktop-Ubuntu.com forwards incoming requests to this computer.
  2. Remote Raspberry Pi 3 connected to a cellular network that has all incoming requests closed by ISP.

I need SSH access from Desktop-Ubuntu to RPi. Because it is not possible directly I built a tunnel. After all sort or tries to get it work persistently (autossh e.g.), this is my schema:

At RPi:

sshd_config:

 ClientAliveInterval 120     
 ClientAliveCountMax 720

Crontab each 5 minutes to check if ssh process ID is not null.
screen is used to keep ssh output is a separate shell window. 

*/5 * * * * /bin/sh /path-to/check-ssh-tunnel.sh

check-ssh-tunnel.sh:

COMMAND="/usr/bin/screen -dmS ssh-Ubuntu /usr/bin/ssh -R 2255:localhost:22 user@domain-Desktop-Ubuntu.com -g"
COMMAND_SSH="/usr/bin/ssh -R 2255:localhost:22 domain-Desktop-Ubuntu.com -g"
PID=$(/usr/bin/pgrep -f -x "$COMMAND_SSH")
if [ "$PID" = "" ]
then
    $COMMAND
fi

Here's the related ps aux | grep ssh I get 3 hours after reboot:

pi        2128  0.0  0.2   5396  2252 ?        Ss     08:25     0:00 /usr/bin/SCREEN -dmS ssh-Desktop-Ubuntu /usr/bin/ssh -R 2255:localhost:22 user@domain-Desktop-Ubuntu.com -g  
pi        2130  0.0  0.5   9132  4748 pts/0    Ss+  **08:25**   0:00 /usr/bin/ssh -R 2255:localhost:22 user@domain-Desktop-Ubuntu.com -g

If I kill 2128 cron works and:

pi        4755  0.0  0.2   5396  2092 ?        Ss     11:25     0:00 /usr/bin/SCREEN -dmS ssh-Desktop-Ubuntu /usr/bin/ssh -R 2255:localhost:22 user@domain-Desktop-Ubuntu.com -g     
pi        4756  0.0  0.5   9132  4840 pts/0    Ss+  **11:25**   0:00 /usr/bin/ssh -R 2255:localhost:22 user@domain-Desktop-Ubuntu.com -g

To access RPi from Desktop-Ubuntu: 

ssh -p 2255 pi@localhost

My problem is that this connection acts random:

  • sometimes it ask for a password and I get connected
  • sometimes ssh: connect to host localhost port 2255: Connection refused
  • sometimes it takes a long time to finally output ssh_exchange_identification: read: Connection reset by peer After retry: Connection refused.

Back to RPi nothing seems to be changed:

$ screen -r      # to get the ssh window
user@domain-Desktop-Ubuntu.com~$ ssh -p 2255 pi@localhost
ssh: connect to host localhost port 2255: Connection refused

At this time and for all those tests I am managing RPi remotely using Teamviewer. For some reasons I don't want to use it in the future unless it would be absolutely necessary. That's why I need a SSH tunnel.

What is wrong? How to make the tunnel work reliably?

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
dstonek
  • 153
  • 1
  • 8
  • 1
    `ClientAliveInterval` etc. matters on the server. Your RPi is a client when it tries to establish the tunnel. The values are very high for this purpose, I think. Check [this question](https://superuser.com/q/1283597/432690). The connection that tries to establish the tunnel should fail if port forwarding didn't succeed. Check [this question](https://superuser.com/q/1281720/432690) and use `ExitOnForwardFailure=yes`. If my two links helped, please upvote my answer(s) there and write your own here (with links maybe). If they didn't help, give some feedback. – Kamil Maciorowski Jan 20 '18 at 15:53
  • 1
    On the client side you may want to use `ServerAliveInterval` and `ServerAliveCountMax` (these are for `ssh`, not for `sshd`). – Kamil Maciorowski Jan 20 '18 at 15:58
  • Did my links help? If so, are you going to write an answer? or should I? – Kamil Maciorowski Feb 08 '18 at 21:36
  • Yes, great! I already upvoted both linked answers and your previous comments some days ago. `ExitOnForwardFailure=yes` was the key – dstonek Feb 09 '18 at 14:23

0 Answers0