Ssh – autossh in background does not work

sshssh-tunnel

I have set up a tunnel via autossh.

This works:

autossh -M 33201 -N -i myIdFile -R 33101:localhost:22 autossh@myhost.com

I would like to run autossh in background. Seems easy using the -f option.

This does not work, however:

autossh -f -M 33201 -N -i myIdFile -R 33101:localhost:22 autossh@myhost.com

Autossh runs in the background fine, but the ssh connection seems to fail every time. In /var/syslog I see multiple occurences of:

autossh[3420]: ssh exited with error status 255; restarting ssh

What am I doing wrong? A wild guess is it has something to do with the authentication via key file. How can I debug this (adding -v to the ssh options does not seem to log anywhere).

Edit:
I got some ssh logs using the -y option

/usr/bin/ssh[3484]: debug1: Next authentication method: publickey
/usr/bin/ssh[3484]: debug1: Trying private key: /home/myuser/.ssh/id_rsa
/usr/bin/ssh[3484]: debug1: Trying private key: /home/myuser/.ssh/id_dsa
/usr/bin/ssh[3484]: debug1: Trying private key: /home/myuser/.ssh/id_ecdsa
/usr/bin/ssh[3484]: debug1: No more authentication methods to try.
/usr/bin/ssh[3484]: fatal: Permission denied (publickey).
autossh[3469]: ssh exited with error status 255; restarting ssh

So it seems autossh does not accept my identiy file (-i myIdFile) when using the -f option. Why is that?

(autossh 1.4c on Raspian)

Best Answer

It seems like when autossh drops to the background (-f option) it is changing the working directory, meaning relative paths do not work any longer. Or more specific: By entering the absolute path of your id file you will probably succeed.

I re-created the scenario by creating a key with no password at a non-default location:

~/$ mkdir test
~/$ cd test
~/test$ ssh-keygen -f test_id_rsa

I simply hit enter twice to generate a key that is not protected by a password.

I copied the new key to my server (which allows password authentication currently):

~/test$ ssh-copy-id -i test_id_rsa user@server

First I confirmed the key was working with regular ssh, then using autossh like you:

~/test$ ssh -i test_id_rsa user@server
~/test$ autossh -M 13000 -N -i test_id_rsa user@server
^C

They both worked fine, so I recreated the problem you had:

~/test$ autossh -f -M 13000 -N -i test_id_rsa user@server

This did not work and the following was written to /var/log/syslog:

autossh[2406]: ssh exited prematurely with status 255; autossh exiting

By changing the path of the keyfile to be absolute, it worked though:

~/test$ autossh -f -M 13000 -N -i /home/user/test/test_id_rsa user@server

No errors in /var/log/syslog.

Related Solutions

Ssh authentication nfs

Your ssh client is trying password authentication before public key authentication.

Check your ~/.ssh/config and /etc/ssh/ssh_config files for a PreferredAuthentications entry.

I see similar behavior if I add the following entry to my ~/.ssh/config file:

PreferredAuthentications password,publickey

If you have something like that in either of the aforementioned files, comment it out.

Ssh – How to manage ssh keys to add a second user

You need to login using the putty on the windows machine and exit the .ssh/authorized_keys file and add the key that you generated on the mac to the file.

Do not run the command

scp -2 -P 50022 -v ~/.ssh/id_rsa.pub newuser@111.222.333.444:

That will over write the existing key on the server, and it will not work either as the server only accepts key logins.

Best Answer

Related Solutions

Ssh authentication nfs

Ssh – How to manage ssh keys to add a second user

Related Topic