[lug] 3 Questions: 1) Port Forwarding 2) Unison 3) Job Management Software 4) Test Apache

Daniel Webb lists at danielwebb.us
Mon Feb 14 20:00:02 MST 2005 

On Mon, Feb 14, 2005 at 07:20:08PM -0700, David Morris wrote:

> I suppose I could be missing something but from several
> years of using SSH on both stable and unstable connections
> (even dialup and VERY bad wireless) I've never had notable
> problems.
> 
> I agree SSH port forwarding sometimes dies in funky ways but
> it is trivial to work around this and by setting the SSH
> connection to restart automatically from time to time.  All
> you have to do is add a count to ping using the '-c' option.
> The exact value which works best varies by connection
> stability and what the connection is being used for.

With your solution, if the connection is reset every 5 minutes, I will
get my connection cut every five minutes when working on my sister's
computer over the reverse tunnel, even if the connection is fine.
That would be pretty annoying.  If I make the reset time longer, I may
have to wait a long time to get back in after a connection loss.  My
script doesn't have this tradeoff: you never lose a connection except
from "natural causes", and if you do lose it, you'll have it back within
2 minutes.

> The only major annoyance with this solution is, as you say,
> when SSH looses the connection and does not quit.  I've
> found this situation is exponentially more likely to happen
> on unstable connections the longer SSH is connected to the
> remote host.  

That's also my experience.

> This is where carefully picking the value
> given to 'ping -c xxx' comes in.  For an http proxy server,
> for example, I set the timeout to reset once every 5 minutes
> and almost never even notice the reset happening and only
> have the connection lock up on me once every month or so.

Sure, for a stateless connection such as HTTP, having the connection
reset every 5 minutes is not a problem.  It's more annoying for shell
sessions or a VNC session.

> Is it a perfect solution?  No.  Does it work for every case?
> Not even remotely.  But it is extremely simple, can be run
> without any extra software, and (in my experience) works
> *great* for simple port-forwarding situations.

I've found autossh a much better solution than yours for the situation
you're describing, since it only resets the connection if the connection
fails.

Have you done much with reverse forwarding using -R?  I have found it to
be more difficult than forward port forwarding, because of problems in
the sshd side.  If it weren't for those problems, I would just use
autossh and be done with it.

Daniel

More information about the LUG mailing list