LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-06-2017, 07:53 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 762

Rep: Reputation: Disabled
Ensure socket is always established


The following doesn't currently work, however, I am sure I can eventually get it to do so. Before going forward, I want to make sure that I should even do it this way. Let me explain my intent.

The machine which this script resides should always have a ssh connection to remote machine 12.34.56.78. If for some reason, it doesn't (maybe the server goes down for a while?), it should attempt to reestablish.

My thought was to create the connection upon boot time. Then ever 1 minute, run a cron job that checks if the connection is established, and if not, attempt to establish it.

Maybe I am going about this all wrong. Are there any tools designed to do just what I am attempting to do?

Code:
#!/bin/bash
ss dst 12.34.56.78:ssh | wc -l > cnt
if [ cnt -eq 1 ]
then
    ssh -R 2222:localhost:22 remoteusername@12.34.56.78    
fi
 
Old 06-06-2017, 08:37 AM   #2
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
I'm not sure about that code, but if it works in getting you a connection, and it is ran on boot up. you also could put that in a loop to just keep it running every minute.
Code:
while [ true ] ;
do

code...
if [[ no connection ]] ; then

establish connection
else
sleep 1
fi

done
then it'd shut down when you do.

you also could have it something like this. if you are not hard wired to the net.
boot system, after system is up and running then have that script setup to run to establish connection with that loop inside of it. using sleep to put it in a hold state until the system has an actual connection to the outside world.

Last edited by BW-userx; 06-06-2017 at 08:42 AM.
 
Old 06-06-2017, 08:51 AM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 762

Original Poster
Rep: Reputation: Disabled
Thanks BW-userx,

Yeah, agree a loop seems best.

How should the condition look? If I execute ss dst 12.34.56.78:ssh from the cli, I get a column header row along with the connection if connected, and just the column header row if not.
 
Old 06-06-2017, 09:05 AM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,139
Blog Entries: 4

Rep: Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227
It would be far easier and simpler to use OpenVPN in this situation. It acts as a cryptographically-secure TCP/IP router. Just "open the tunnel and fuhgeddaboudit." The target IP-address is, "simply, there." Without further effort from you and/or your programs, the connection between the two parties is secure, all the time.
 
Old 06-06-2017, 09:17 AM   #5
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by NotionCommotion View Post
Thanks BW-userx,

Yeah, agree a loop seems best.

How should the condition look? If I execute ss dst 12.34.56.78:ssh from the cli, I get a column header row along with the connection if connected, and just the column header row if not.
I have no idea, I do not use ssh, but you are getting output that is different between when connection and when NOT connection as you said you are. You can get that and look for something (a word even) to use that you can strip out of the return or just look for that one word.

Then use that depending on the logic you want to use.

Code:
userx%voider ⚡ ~ ⚡> var=''
userx%voider ⚡ ~ ⚡> [[ -z "$var" ]] && echo "empty"
empty
Code:
userx%voider ⚡ ~ ⚡> var=''
userx%voider ⚡ ~ ⚡> [[ -z $var ]] && echo "empty" || echo "not empty"
empty
userx%voider ⚡ ~ ⚡> var="hi"
userx%voider ⚡ ~ ⚡> [[ -z $var ]] && echo "empty" || echo "not empty"
not empty
userx%voider ⚡ ~ ⚡>
Code:
userx%voider ⚡ ~ ⚡> var="todays connection is"
userx%voider ⚡ ~ ⚡> [[ $var =~ "conn" ]] && echo "connected: $var"
connected: todays connection is
userx%voider ⚡ ~ ⚡>

Last edited by BW-userx; 06-06-2017 at 09:29 AM.
 
Old 06-06-2017, 10:30 AM   #6
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 762

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sundialsvcs View Post
It would be far easier and simpler to use OpenVPN in this situation. It acts as a cryptographically-secure TCP/IP router. Just "open the tunnel and fuhgeddaboudit." The target IP-address is, "simply, there." Without further effort from you and/or your programs, the connection between the two parties is secure, all the time.
Thanks sundialsrcs, So, I take it I would use OpenVPN client on one side and OpenVPN server on the other. If the connection was ever lost (should for instance the server go down), will the OpenVPN client automatically reestablish the connection?
 
Old 06-06-2017, 10:36 AM   #7
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 762

Original Poster
Rep: Reputation: Disabled
Thanks BW-userx,

I always get mixed up with the nomenclature such as [[ -z "$var" ]]. For instance, I don't know what -z is for, and there is no key command word I can use the man to check. Off-topic. Is there a good cheat sheet for these "special" commands?

Back on topic, the following will return 1 if no connection and 2 if a connection. That is why I unsuccessfully tried cnt -eq 1. How can this be used in the condition?
Code:
ss dst 12.34.56.78:ssh | wc -l
 
Old 06-06-2017, 02:09 PM   #8
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by NotionCommotion View Post
Thanks BW-userx,

I always get mixed up with the nomenclature such as [[ -z "$var" ]]. For instance, I don't know what -z is for, and there is no key command word I can use the man to check. Off-topic. Is there a good cheat sheet for these "special" commands?
here
File test operators
and here
Other Comparison Operators

the -z test for NULL

Quote:
Originally Posted by NotionCommotion View Post
Back on topic, the following will return 1 if no connection and 2 if a connection. That is why I unsuccessfully tried cnt -eq 1. How can this be used in the condition?
Code:
ss dst 12.34.56.78:ssh | wc -l
Code:
var=$(ss dst 12.34.56.78:ssh | wc -l)
if [[ "$var" = '1' ]] ; then
{
issue connect code
}
else
sleep 1
fi

Last edited by BW-userx; 06-06-2017 at 02:17 PM.
 
1 members found this post helpful.
Old 06-06-2017, 06:04 PM   #9
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 762

Original Poster
Rep: Reputation: Disabled
Thanks BW-userx,

So, putting it together, the following? Note that I included comments of why you did what you did, and have one question in the mix.

Code:
#!/bin/bash
# Use [] construct as it is simple
while [ true ] ;
do
	# Command substitution using $().
	var=$(ss dst 12.34.56.78:22 | wc -l)
	# Use [[]] construct as comparisons will cause an error with the [] construct
	# Why are you treating the count as a string and not an integer?
	if [[ "$var" = '1' ]] ; then
	{
		ssh -R 2222:localhost:22 remoteusername@12.34.56.78
	}
	else
		sleep 1
	fi
done
 
Old 06-06-2017, 06:13 PM   #10
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by NotionCommotion View Post
Thanks BW-userx,

So, putting it together, the following? Note that I included comments of why you did what you did, and have one question in the mix.

Code:
#!/bin/bash
# Use [] construct as it is simple
while [ true ] ;
do
	# Command substitution using $().
	var=$(ss dst 12.34.56.78:22 | wc -l)
	# Use [[]] construct as comparisons will cause an error with the [] construct
	# Why are you treating the count as a string and not an integer?
	if [[ "$var" = '1' ]] ; then
	{
		ssh -R 2222:localhost:22 remoteusername@12.34.56.78
	}
	else
		sleep 1
	fi
done
# Why are you treating the count as a string and not an integer?

because it works.
write it like this if you want to.
Code:
userx%voider ⚡ ~ ⚡> var=$(ls ~/ | wc -l)
userx%voider ⚡ ~ ⚡> [[ $var > 1 ]] && echo "$var"
48
userx%voider ⚡ ~ ⚡>
removing quotes ' ' and " "

Last edited by BW-userx; 06-06-2017 at 06:19 PM.
 
Old 06-06-2017, 09:23 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,139
Blog Entries: 4

Rep: Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227
Quote:
Originally Posted by NotionCommotion View Post
Thanks sundialsrcs, So, I take it I would use OpenVPN client on one side and OpenVPN server on the other. If the connection was ever lost (should for instance the server go down), will the OpenVPN client automatically reestablish the connection?
Ordinarily, yes.

Configure OpenVPN to use unique, revokable, digital certificates for security, and also use tls-auth. Now, you have a completely secure connection between the two parties ... who can conclusively identify one another ... and yet "the doorway between them" is now "a secret(!) door." Outsiders cannot even detect that an OpenVPN server exists.

L33T H4X0RZ are screwed: they can't even find it, and, even if they could, they can't attack it. (Either you possess "a unique-to-you one-of-a-kind badge, that hasn't been revoked," or ...)

And yet, to authorized users, "it's drop-dead easy." Those IP-addresses "are right there, on the local network." No one knows, and no one cares, that the path from here to there is cryptographically secure. It just is.

- - -
Trust me on this: "once you embrace OpenVPN, you will n-e-v-e-r look back."

Last edited by sundialsvcs; 06-06-2017 at 09:27 PM.
 
Old 06-07-2017, 07:30 AM   #12
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
yeah what @sundialsvcs said, if OpenVPN does the trick I'd go with that and figure out how to use it if it were me. They probably have a better built in everything to deal with a connection then a basic loop script.
 
Old 06-07-2017, 08:37 AM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,139
Blog Entries: 4

Rep: Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227
Quote:
Originally Posted by BW-userx View Post
yeah what @sundialsvcs said, if OpenVPN does the trick I'd go with that and figure out how to use it if it were me. They probably have a better built in everything to deal with a connection then a basic loop script.
I have written about it extensively both here and on my blog, because I use it everywhere.

The analogy I like to use is the "Mines of Moria" sequence in The Lord of the Rings. ("Even their own masters cannot find them, if their secrets are forgotten.") Even though, of course, the Dwarves made a terrible choice of password ... and in fact used a password at all ... the security concept is the same: if you can't detect that an entrance exists, you can't even begin to attack it. (And of course, if the gate is sealed by a truly-random unknown sequence that is 4,096 bits long, you can't attack it anyway.)

Probably the best thing about it, though, is that your computer does not waste resources shrugging-off "thousands of 'unauthorized access attempts' per second." OpenVPN only responds to supplicants who already demonstrate that they are probably going to turn out to be authorized.
Quote:
Number of unauthorized access attempts: Zero.
Authorized users (or, their routers), if the credentials that they alone possess have not been revoked, pass swiftly through the gantlet that no one else can even see. (And, both sides positively identify the party to which they are, in fact, directly communicating.) The overhead imposed by encryption and decryption is consistent and acceptable.

Once you get the hang of using OpenVPN properly – and it's not that hard, really – you will never turn back.

Last edited by sundialsvcs; 06-07-2017 at 08:47 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/usr/sbin/in.telnetd: getpeername: Socket operation on non-socket vnaveen Linux - Networking 1 05-05-2009 04:42 AM
Can't connect to UNIX socket /var/run/clamav/clamd.socket ganick Linux - Server 8 08-01-2008 01:22 PM
AF_LOCAL domain socket versus AF_INET socket performance zzaappp Linux - General 0 06-19-2008 07:50 AM
cannot read data at server socket, though client socket sends it jacques83 Linux - Networking 0 11-15-2005 01:58 PM
Unable to connect to UNIX socket /tmp/.esd/socket error while using grip dr_zayus69 Linux - Software 4 08-23-2005 07:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration