Linux – How to make ssh fail if port forwarding fails

linuxsolarissshssh-tunnel

I have a bash script that runs ssh to create a port forward, using a command like this:

ssh -N -i keyfile -L 1000:localhost:22 *remote_ip*

There are occasions where the listen port may be busy, so this command gives the error:

channel_setup_fwd_listener: cannot listen to port: 1000
Could not request local forwarding.

However, the ssh connection remains up and the ssh command blocks. How can I make ssh actually fail when this occurs, so my script can handle it?

Unfortunately, I also need to support this on Solaris (Intel), and the ssh command there doesn't support the ExitOnForwardFailure option – any ideas in this case?

Best Answer

If you check the ssh man page, you'll find there is a config option called ExitOnForwardFailure and you can specify it on the command line by adding:

-o "ExitOnForwardFailure yes"

All the ssh config options are described in the ssh_config and sshd_config man pages. If you find the option is not supported, you may have to upgrade to a newer version of ssh.

Good Luck.

Related Solutions

Ssh – Port forwarding for Rsync

If the server is running SSHd then you can just use rsync over SSH directly.

For instance I run things like
rsync -a --inplace some/dir/ user@remote.server.tld:/destination/dir/
all the time. There is no need to run rsync as a daemon or have port forwarding enabled as rsync will start a copy of itself using the SSH link and handle all synchronisation between itself and that instance over the SSH link too (and the remote copy closes as the connection is dropped so you don't end up with a bunch of zombie processes hanging around).

To talk over a port other than the standard one you just need to give rsync a little extra info about how it should manage the connection, like so:
rsync -a --inplace -e 'ssh -p 222' some/dir/ user@remote.server.tld:/destination/dir/

This is actually more secure (all the rsync communication is protected by SSHs secure transport, whereas with port forwarding everything is sent plain) and more convenient (no rsyncd needed, and you can use SSHs key based auth)

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Ssh – Port forwarding for Rsync

Ssh – How to automate SSH login with password

Related Topic