-
Star
(130)
You must be signed in to star a gist -
Fork
(52)
You must be signed in to fork a gist
-
-
Save thomasfr/9707568 to your computer and use it in GitHub Desktop.
[Unit] | |
Description=Keeps a tunnel to 'remote.example.com' open | |
After=network.target | |
[Service] | |
User=autossh | |
# -p [PORT] | |
# -l [user] | |
# -M 0 --> no monitoring | |
# -N Just open the connection and do nothing (not interactive) | |
# LOCALPORT:IP_ON_EXAMPLE_COM:PORT_ON_EXAMPLE_COM | |
ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -l autossh remote.example.com -L 7474:127.0.0.1:7474 -i /home/autossh/.ssh/id_rsa | |
[Install] | |
WantedBy=multi-user.target |
For completeness, you should also add:
ExecStop=kill -9 autosshWithout it
systemctl stop autossh
won't do anything.
I think it would be better idea to add
KillMode=control-group
to the .service
file because that will kill everything that was started (recursively) and nothing more. In addition, it will first send SIGTERM
and use SIGKILL
only if the process will not stop nicely.
If you randomly kill one or all autossh
processes in the system, you might kill more than expected if autossh
is used for other stuff, too.
See https://www.freedesktop.org/software/systemd/man/systemd.kill.html#KillMode= for details
@jotakar :
What I see is that service stop autossh every few minutes, why? where is the error?
Don't use -f
when using autossh as a systemd simple service. It will fork autossh (put in the background) and confuse systemd into thinking it ended.
Of course you do, without it autossh will give up if the very first connection attempt fails.
Systemd's Restart=always
and RestartSec=60
can take care of that. You usually want autossh to fail fast if it can't do the first connection, as it usually means misconfiguration or authentication issues, and giving up after first attempt helps highlighting that on the journalctl
logs.
JFYI: I created an SSH tunnel SystemD service that works without the autossh github.com/yurt-page/sshtunnel
@jotakar :
What I see is that service stop autossh every few minutes, why? where is the error?
Don't use
-f
when using autossh as a systemd simple service. It will fork autossh (put in the background) and confuse systemd into thinking it ended.Of course you do, without it autossh will give up if the very first connection attempt fails.
Systemd's
Restart=always
andRestartSec=60
can take care of that. You usually want autossh to fail fast if it can't do the first connection, as it usually means misconfiguration or authentication issues, and giving up after first attempt helps highlighting that on thejournalctl
logs.
Yes, I just remove the '-f' option, it seems fine.
@jotakar I've been using:
With
tunnel
defined in/root/.ssh/config
asAnd the
bastion
host also defined in the same file asI also have
at the top of my
/root/.ssh/config
, on the off-chance that's relevant.I've found this to be very consistent and stable, and easy to test (
ssh bastion
,ssh -NT tunnel
) when setting it up. Perhaps removing autossh and setting it up this way might help?