Ssh – Correct options for keeping open a reverse SSH-tunnel using autossh

ldapsshtunnel

I have a set-up with a LDAP-sever (ldapserver) behind a strict firewall, and a webapplication running on a sever (appserver) outside that firewall that needs to authenticate using that LDAP-sever.

I have successfully used a third server (tunnelserver) as in intermediate, setting up a SSH-tunnel between appserver and ldapserver by running the following command on tunnelserver:

ssh username@appserver -R 28420:ldapserver:389

The only issue is that occasionally I get a broken pipe, and lose the SSH-tunnel.

A solution seems autossh, but my limited SSH-knowledge barely managed to get the tunnel working, and seems insufficient to correctly respecify the options for autossh.

Any tips?

Best Answer

The parameters are basically the same (autossh passes them directly to ssh). Remove -f if you don't want autossh to background itself. You probably want the -N option to not execute a shell on the server. Select a free port for the -M option (the port one above that must also be free). On Debian/Ubuntu you can omit this because the package includes a wrapper script which automatically selects a free port.

autossh -M 20000 -f -N -R 28420:ldapserver:389 username@appserver
Related Topic