LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-02-2015, 01:19 PM   #16
aristosv
Member
 
Registered: Dec 2014
Posts: 263

Original Poster
Rep: Reputation: 3

start-tunnel.sh
Code:
#!/bin/bash
TPORT="5001"
/usr/bin/nohup /root/tunnel/tunnel.sh root my_host_here $TPORT 22 &> $HOME/tunnel/rssh.out &
tunnel.sh
Code:
#!/bin/bash

user=$1
rip=$2
rport=$3
lport=$4

while [[ 1 ]]; do
   if [ -e $HOME/tunnel/$lport.pid ]; then
      pid=$(cat $HOME/tunnel/$lport.pid)
   else
      pid=1
   fi

   ps | grep $lport | grep $pid | grep -v $HOME/tunnel/tunnel.sh | grep -q ssh
   if [[ $? -ne 0 ]]; then
      echo $(date) opening reverse tunnel from $rip:$rport to 127.0.0.1:$lport
      ssh -o "ExitOnForwardFailure yes" -R $rport:127.0.0.1:$lport $user@$rip -N &
      echo $! > $HOME/tunnel/$lport.pid
   fi

   sleep 60
done
 
Old 02-02-2015, 01:29 PM   #17
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
You should check the pid in $HOME/tunnel/$lport.pid to make sure it's correct, and then play with the ps command to see where it's failing:

Code:
ps | grep $lport | grep $pid | grep -v $HOME/tunnel/tunnel.sh | grep -q ssh
You might need to add a flag or two to the ps command itself (like -f) in order for the "grep $lport" to match. My script was written for an embedded system with a busybox implementation of ps that differs slightly from the "real" version found on most boxes, so that line could probably be cleaned up quite a bit (like using the -p flag in ps to specify the pid, rather than grepping for it).
 
Old 02-02-2015, 01:53 PM   #18
aristosv
Member
 
Registered: Dec 2014
Posts: 263

Original Poster
Rep: Reputation: 3
I appreciate the help, but I don't completely comprehend how this script works. So I don't really know what to troubleshoot.
 
Old 02-02-2015, 02:02 PM   #19
aristosv
Member
 
Registered: Dec 2014
Posts: 263

Original Poster
Rep: Reputation: 3
actually I've added the -f option on ps and the error seems to have gone away. Does this sound logical?
 
Old 02-02-2015, 02:07 PM   #20
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Commented script is below:

Code:
user=$1    # Assign the first command line argument to the "user" variable (remote user)
rip=$2     # Assign the second command line argument to the "rip" variable (remote IP)
rport=$3   # Assign the third command line argument to the "rport" variable (report port)
lport=$4   # Assign the fourth command line argument to the "lport" variable (local port)

# Loop forever
while [[ 1 ]]; do

   # Check for the existence of a file called $lport.pid (eg: 22.pid if you set lport to 22), located in $HOME/tunnel/
   if [ -e $HOME/tunnel/$lport.pid ]; then

      # If that file exists, read the contents into the "pid" variable
      pid=$(cat $HOME/tunnel/$lport.pid)

   else

      # If that file does not exist, just set the "pid" variable to the number 1
      pid=1
   fi


   # That $lport.pid file contains the process ID (PID) for the previously-opened reverse ssh tunnel.  What
   # we're going to do now is test that PID.  Is it still running?  Is it associated with the right process?  Etc.

   # ps returns a list of currently running processes on the system
   # "|" lets you send the output from one command to the input of another
   # grep lets you search some text for a specific string or pattern

   # So the below command means:
   # 1) "ps" - List all running processes
   # 2) "| grep $lport" - Search those processes for the local port we're opening
   # 3) "| grep $pid" - Search those matches for the PID we're interested in
   # 4) "| grep -v tunnel.sh" - "-v" inverts the search, so this gets rid of any lines that match tunnel.sh (that would be this script itself)
   # 5) "| grep -q ssh" - "-q" does a quiet match, so it doesn't print anything out, it just searches for the string "ssh" and sets the exit status to 0=success or else=failure

   # The end result is the exit status gets set to 0 if a process matching $lport, $pid, and "ssh" but NOT tunnel.sh was found, and any other number if it wasn't

   ps | grep $lport | grep $pid | grep -v $HOME/tunnel/tunnel.sh | grep -q ssh

   # If the exit status was not 0, it means the process was not found, so the tunnel must not be open, so open it back up
   if [[ $? -ne 0 ]]; then

      # Print out a comment for the log file
      echo $(date) opening reverse tunnel from $rip:$rport to 127.0.0.1:$lport

      # Open up the tunnel
      ssh -o "ExitOnForwardFailure yes" -R $rport:127.0.0.1:$lport $user@$rip -N &

      # Dump the PID of that ssh command into $lport.pid for the next iteration of the loop
      echo $! > $HOME/tunnel/$lport.pid

   fi

   # Wait a minute before repeating
   sleep 60
done

Last edited by suicidaleggroll; 02-02-2015 at 02:09 PM.
 
Old 02-02-2015, 02:13 PM   #21
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Quote:
Originally Posted by aristosv View Post
actually I've added the -f option on ps and the error seems to have gone away. Does this sound logical?
Yes, "-f" does the full format listing in ps. Without it, any arguments to the running program will be hidden and you'll just see the name of the program itself, eg: "ssh" instead of "ssh -R 5001:127.0.0.1:22 root@my_host_here -N". That ps parsing command requires the full output in order to match $lport.

You may also need the "-e" flag in the ps command to catch it when it's auto-started on boot. The busybox implementation of ps on which I originally wrote this script does "-ef" by default, so I didn't need those flags.

Last edited by suicidaleggroll; 02-02-2015 at 02:16 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Reverse Tunnel - ~/.ssh/config - PHP marcelp1 Linux - Newbie 1 05-28-2014 12:49 AM
[SOLVED] ssh reverse tunnel vib150 Linux - Networking 16 10-27-2013 09:22 PM
[SOLVED] Reverse SSH tunnel edan Linux - Security 3 07-14-2010 09:37 PM
SSH reverse tunnel (lo only? why not eth0) Dinomight Linux - Networking 3 08-17-2006 09:44 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 01:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration