Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-06-2017, 08:53 AM
|
#1
|
Member
Registered: Aug 2012
Posts: 789
Rep: 
|
Ensure socket is always established
The following doesn't currently work, however, I am sure I can eventually get it to do so. Before going forward, I want to make sure that I should even do it this way. Let me explain my intent.
The machine which this script resides should always have a ssh connection to remote machine 12.34.56.78. If for some reason, it doesn't (maybe the server goes down for a while?), it should attempt to reestablish.
My thought was to create the connection upon boot time. Then ever 1 minute, run a cron job that checks if the connection is established, and if not, attempt to establish it.
Maybe I am going about this all wrong. Are there any tools designed to do just what I am attempting to do?
Code:
#!/bin/bash
ss dst 12.34.56.78:ssh | wc -l > cnt
if [ cnt -eq 1 ]
then
ssh -R 2222:localhost:22 remoteusername@12.34.56.78
fi
|
|
|
06-06-2017, 09:37 AM
|
#2
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
I'm not sure about that code, but if it works in getting you a connection, and it is ran on boot up. you also could put that in a loop to just keep it running every minute.
Code:
while [ true ] ;
do
code...
if [[ no connection ]] ; then
establish connection
else
sleep 1
fi
done
then it'd shut down when you do.
you also could have it something like this. if you are not hard wired to the net.
boot system, after system is up and running then have that script setup to run to establish connection with that loop inside of it. using sleep to put it in a hold state until the system has an actual connection to the outside world.
Last edited by BW-userx; 06-06-2017 at 09:42 AM.
|
|
|
06-06-2017, 09:51 AM
|
#3
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep: 
|
Thanks BW-userx,
Yeah, agree a loop seems best.
How should the condition look? If I execute ss dst 12.34.56.78:ssh from the cli, I get a column header row along with the connection if connected, and just the column header row if not.
|
|
|
06-06-2017, 10:05 AM
|
#4
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,097
|
It would be far easier and simpler to use OpenVPN in this situation. It acts as a cryptographically-secure TCP/IP router. Just "open the tunnel and fuhgeddaboudit." The target IP-address is, "simply, there." Without further effort from you and/or your programs, the connection between the two parties is secure, all the time.
|
|
|
06-06-2017, 10:17 AM
|
#5
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
Quote:
Originally Posted by NotionCommotion
Thanks BW-userx,
Yeah, agree a loop seems best.
How should the condition look? If I execute ss dst 12.34.56.78:ssh from the cli, I get a column header row along with the connection if connected, and just the column header row if not.
|
I have no idea, I do not use ssh, but you are getting output that is different between when connection and when NOT connection as you said you are. You can get that and look for something (a word even) to use that you can strip out of the return or just look for that one word.
Then use that depending on the logic you want to use.
Code:
userx%voider ⚡ ~ ⚡> var=''
userx%voider ⚡ ~ ⚡> [[ -z "$var" ]] && echo "empty"
empty
Code:
userx%voider ⚡ ~ ⚡> var=''
userx%voider ⚡ ~ ⚡> [[ -z $var ]] && echo "empty" || echo "not empty"
empty
userx%voider ⚡ ~ ⚡> var="hi"
userx%voider ⚡ ~ ⚡> [[ -z $var ]] && echo "empty" || echo "not empty"
not empty
userx%voider ⚡ ~ ⚡>
Code:
userx%voider ⚡ ~ ⚡> var="todays connection is"
userx%voider ⚡ ~ ⚡> [[ $var =~ "conn" ]] && echo "connected: $var"
connected: todays connection is
userx%voider ⚡ ~ ⚡>
Last edited by BW-userx; 06-06-2017 at 10:29 AM.
|
|
|
06-06-2017, 11:30 AM
|
#6
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep: 
|
Quote:
Originally Posted by sundialsvcs
It would be far easier and simpler to use OpenVPN in this situation. It acts as a cryptographically-secure TCP/IP router. Just "open the tunnel and fuhgeddaboudit." The target IP-address is, "simply, there." Without further effort from you and/or your programs, the connection between the two parties is secure, all the time.
|
Thanks sundialsrcs, So, I take it I would use OpenVPN client on one side and OpenVPN server on the other. If the connection was ever lost (should for instance the server go down), will the OpenVPN client automatically reestablish the connection?
|
|
|
06-06-2017, 11:36 AM
|
#7
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep: 
|
Thanks BW-userx,
I always get mixed up with the nomenclature such as [[ -z "$var" ]]. For instance, I don't know what -z is for, and there is no key command word I can use the man to check. Off-topic. Is there a good cheat sheet for these "special" commands?
Back on topic, the following will return 1 if no connection and 2 if a connection. That is why I unsuccessfully tried cnt -eq 1. How can this be used in the condition?
Code:
ss dst 12.34.56.78:ssh | wc -l
|
|
|
06-06-2017, 03:09 PM
|
#8
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
Quote:
Originally Posted by NotionCommotion
Thanks BW-userx,
I always get mixed up with the nomenclature such as [[ -z "$var" ]]. For instance, I don't know what -z is for, and there is no key command word I can use the man to check. Off-topic. Is there a good cheat sheet for these "special" commands?
|
here
File test operators
and here
Other Comparison Operators
the -z test for NULL
Quote:
Originally Posted by NotionCommotion
Back on topic, the following will return 1 if no connection and 2 if a connection. That is why I unsuccessfully tried cnt -eq 1. How can this be used in the condition?
Code:
ss dst 12.34.56.78:ssh | wc -l
|
Code:
var=$(ss dst 12.34.56.78:ssh | wc -l)
if [[ "$var" = '1' ]] ; then
{
issue connect code
}
else
sleep 1
fi
Last edited by BW-userx; 06-06-2017 at 03:17 PM.
|
|
1 members found this post helpful.
|
06-06-2017, 07:04 PM
|
#9
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep: 
|
Thanks BW-userx,
So, putting it together, the following? Note that I included comments of why you did what you did, and have one question in the mix.
Code:
#!/bin/bash
# Use [] construct as it is simple
while [ true ] ;
do
# Command substitution using $().
var=$(ss dst 12.34.56.78:22 | wc -l)
# Use [[]] construct as comparisons will cause an error with the [] construct
# Why are you treating the count as a string and not an integer?
if [[ "$var" = '1' ]] ; then
{
ssh -R 2222:localhost:22 remoteusername@12.34.56.78
}
else
sleep 1
fi
done
|
|
|
06-06-2017, 07:13 PM
|
#10
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
Quote:
Originally Posted by NotionCommotion
Thanks BW-userx,
So, putting it together, the following? Note that I included comments of why you did what you did, and have one question in the mix.
Code:
#!/bin/bash
# Use [] construct as it is simple
while [ true ] ;
do
# Command substitution using $().
var=$(ss dst 12.34.56.78:22 | wc -l)
# Use [[]] construct as comparisons will cause an error with the [] construct
# Why are you treating the count as a string and not an integer?
if [[ "$var" = '1' ]] ; then
{
ssh -R 2222:localhost:22 remoteusername@12.34.56.78
}
else
sleep 1
fi
done
|
# Why are you treating the count as a string and not an integer?
because it works. 
write it like this if you want to.
Code:
userx%voider ⚡ ~ ⚡> var=$(ls ~/ | wc -l)
userx%voider ⚡ ~ ⚡> [[ $var > 1 ]] && echo "$var"
48
userx%voider ⚡ ~ ⚡>
removing quotes ' ' and " "
Last edited by BW-userx; 06-06-2017 at 07:19 PM.
|
|
|
06-06-2017, 10:23 PM
|
#11
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,097
|
Quote:
Originally Posted by NotionCommotion
Thanks sundialsrcs, So, I take it I would use OpenVPN client on one side and OpenVPN server on the other. If the connection was ever lost (should for instance the server go down), will the OpenVPN client automatically reestablish the connection?
|
Ordinarily, yes.
Configure OpenVPN to use unique, revokable, digital certificates for security, and also use tls-auth. Now, you have a completely secure connection between the two parties ... who can conclusively identify one another ... and yet "the doorway between them" is now "a secret(!) door." Outsiders cannot even detect that an OpenVPN server exists.
L33T H4X0RZ are screwed: they can't even find it, and, even if they could, they can't attack it. (Either you possess "a unique-to-you one-of-a-kind badge, that hasn't been revoked," or ...)
And yet, to authorized users, "it's drop-dead easy." Those IP-addresses "are right there, on the local network." No one knows, and no one cares, that the path from here to there is cryptographically secure. It just is.
- - -
Trust me on this: "once you embrace OpenVPN, you will n-e-v-e-r look back."
Last edited by sundialsvcs; 06-06-2017 at 10:27 PM.
|
|
|
06-07-2017, 08:30 AM
|
#12
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
yeah what @sundialsvcs said, if OpenVPN does the trick I'd go with that and figure out how to use it if it were me. They probably have a better built in everything to deal with a connection then a basic loop script.
|
|
|
06-07-2017, 09:37 AM
|
#13
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,097
|
Quote:
Originally Posted by BW-userx
yeah what @sundialsvcs said, if OpenVPN does the trick I'd go with that and figure out how to use it if it were me. They probably have a better built in everything to deal with a connection then a basic loop script.
|
I have written about it extensively both here and on my blog, because I use it everywhere.
The analogy I like to use is the "Mines of Moria" sequence in The Lord of the Rings. ("Even their own masters cannot find them, if their secrets are forgotten.") Even though, of course, the Dwarves made a terrible choice of password  ... and in fact used a password at all ... the security concept is the same: if you can't detect that an entrance exists, you can't even begin to attack it. (And of course, if the gate is sealed by a truly-random unknown sequence that is 4,096 bits long, you can't attack it anyway.)
Probably the best thing about it, though, is that your computer does not waste resources shrugging-off "thousands of 'unauthorized access attempts' per second." OpenVPN only responds to supplicants who already demonstrate that they are probably going to turn out to be authorized.
Quote:
Number of unauthorized access attempts: Zero.
|
Authorized users (or, their routers), if the credentials that they alone possess have not been revoked, pass swiftly through the gantlet that no one else can even see. (And, both sides positively identify the party to which they are, in fact, directly communicating.) The overhead imposed by encryption and decryption is consistent and acceptable.
Once you get the hang of using OpenVPN properly – and it's not that hard, really – you will never turn back.
Last edited by sundialsvcs; 06-07-2017 at 09:47 AM.
|
|
|
All times are GMT -5. The time now is 07:55 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|