Login/Register
Reverse SSH tunnel monitor
Asked Answered
windowssshmonitoringtunnel
P

7

12

I've setup a reverse ssh tunnel, using PuTTY, to allow me to VNC into a home computer without having to enable NAT port forwarding. Works great, no problem.

I would like to set the tunnel up as a "persistent service" that will connect on boot up and reconnect when dropped. PS. this is on Windows.

Exhaustive googling found a few products but many seem to have been abandoned and none appear to have major "street cred."

Does anyone have experience with this type of thing or with any of these products? I don't need all the bells and whistles, just reliability.

Pinball answered 16/12, 2008 at 19:49 Comment(1)
this question is substantially similar: #312971Signorina
S
2

wikipedia's comparison of ssh clients has columns for tunnelling, SOCKS etc. may help you find something suitable

Signorina answered 16/12, 2008 at 20:33 Comment(0)
T
1

Have you considered using plink and making it a service with srvany?

Tollman answered 16/12, 2008 at 20:21 Comment(1)
I agree Igal. A good, short and to-the-point tutorial can be found at xxlinxx.wordpress.com/2009/03/23/…Mcclain
E
1

Use plink from PuTTY and run in a batch file. When connection really dies, plink will exit, which means that you can run plink in a loop.

Like this:

  :: This is a batch file. Save with file name: plink_forever.bat
  :restart
  plink saved_session_name
  goto restart

And finally wrap that with srvany to get it to start on logon.

Or maybe easier: put the .bat in windows scheduler and set to run once on every boot.

Docs: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter7.html

Eugenioeugenius answered 23/10, 2012 at 4:53 Comment(0)
C
0

you can just set-up any application to start with windows and auto-connect your tunnel on startup. I personnally use Easytunnel... just checked the option to connect all tunnels on startup, and set-up windows to start Easytunnel on bootup. It works great, tho you'll need to set-up your server's inactivity timeout, or you will be disconnected every 10 minutes or so.

Hope you get it working!

Cindelyn answered 4/5, 2009 at 17:50 Comment(0)
E
0

I use ssh tunnels a lot, but all managers were not convinient to me (too many UI screens, not that stable). I wanted to have a script which can be easily cnfigurable and maintainable, so I came up with a PowerShell script for that. Posted here. SO rules dictates me to publish solution in answer as well, so happy to do that:

To start using it you need a config like this:

# LocalPort TargetHost  TargetPort  SshHost SshUsername SshKeyPath 
18080   google.com  80  bastion.example.com User    D:\secure\path\to\private_key.ppk

Save it as a config.csv. And use a powershell script to keep it up is:

<#
.SYNOPSIS
  Powershell script for keeping ssh tunnel up and running

.DESCRIPTION
  This script uses configuration of tunnels located in config.csv. For more information visit http://tsherlock.tech/2019/03/13/simple-ssh-tunnel-auto-reconnect-using-putty-and-powershell/

.NOTES
  Version:        1.0
  Author:         Anton Shkuratov
  Creation Date:  2019-03-13
  Purpose/Change: Initial script development

#>

$currentDir = $PSScriptRoot
if (-not $env:PATH.Contains($currentDir)) {
  $env:PATH="$env:PATH;$currentDir"
}

# Check plink is accessible
try {
  Start-Process plink.exe -WindowStyle Hidden
} catch {
  Write-Host Error running plink.exe Please make sure its path is in PATH environment variable
  EXIT 1
}

# Parse config
$config = [System.IO.File]::ReadAllLines("$currentDir\config.csv");
$bindings = New-Object System.Collections.ArrayList
$regex = New-Object System.Text.RegularExpressions.Regex("(\d)+\s([^ ]+)\s(\d+)\s([^ ]+)\s([^ ]+)\s([^ ]+)", [System.Text.RegularExpressions.RegexOptions]::IgnoreCase);
$keyPasswords = @{}
$procs = @{}

foreach($line in $config) {
  $match = $regex.Match($line)

  if ($match.Success) {
    $sshKey = $match.Groups[6];

    $bindings.Add(@{
      LocalPort = $match.Groups[1];
      TargetHost = $match.Groups[2];
      TargetPort = $match.Groups.Groups[3];
      SshHost = $match.Groups[4];
      SshUser = $match.Groups[5];
      SshKey = $match.Groups[6];
    });

    if (-not $keyPasswords.ContainsKey($sshKey)) {
      $pass = Read-Host "Please enter password for key (if set): $sshKey" -AsSecureString
      $keyPasswords.Add($sshKey, $pass);
    }
  }
}

# Starting Processes
function EnsureRunning($procs, $keyPasswords, $binding) {

  if ($procs.ContainsKey($binding) -and $procs[$binding].HasExited) {

    $proc = $procs[$binding]
    $sshKey = $binding.sshKey
    $out = $proc.StandardError.ReadToEnd()

    if ($out.Contains("Wrong passphrase")) {
      Write-Host "Wrong pass phrase for $sshKey, please re-enter"
      $pass = Read-Host "Please enter password for key: $sshKey" -AsSecureString
      $keyPasswords[$sshKey] = $pass;
    } else {
      $exitCode = $proc.ExitCode
      $tHost = $binding.sshHost

      Write-Host "Connection to $tHost is lost, exit code: $exitCode"
    }
  }

  if (-not $procs.ContainsKey($binding) -or $procs[$binding].HasExited) {
    $sshUser = $binding.SshUser
    $sshHost = $binding.SshHost
    $sshKey = $binding.SshKey
    $lPort = $binding.LocalPort
    $tPort = $binding.TargetPort
    $tHost = $binding.TargetHost
    $sshKeyPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($keyPasswords[$sshKey]))

    $psi = New-Object System.Diagnostics.ProcessStartInfo;
    $psi.FileName = "plink.exe";
    $psi.UseShellExecute = $false;

    $psi.CreateNoWindow = $true;
    $psi.RedirectStandardInput = $true;
    $psi.RedirectStandardError = $true;

    $psi.Arguments = "-ssh $sshUser@$sshHost -i `"$sshKey`" -batch -pw $sshKeyPass -L $lPort`:$tHost`:$tPort"

    $proc = [System.Diagnostics.Process]::Start($psi);

    Start-Sleep 1

    if (-not $proc.HasExited) {
      Write-Host Connected to $sshUser@$sshHost
    }

    $procs[$binding] = $proc;
  }
}

function EnsureAllRunning($procs, $keyPasswords, $bindings) {
  while($true) {
    foreach($binding in $bindings) {
      EnsureRunning $procs $keyPasswords $binding
    }
    Start-Sleep 1
  }
}


try {
  # Waiting for exit command
  Write-Host Working... Press Ctrl+C to stop execution...
  EnsureAllRunning $procs $keyPasswords $bindings
} finally {
  # Clean up
  Write-Host Clean up

  foreach($proc in $procs.Values) {
    if ($proc -ne $null -and -not $proc.HasExited) {
      $proc.Kill();
    }
  }
}

Then just run it with:

powershell -File autossh.ps1

To start it automatically with windows boot please use windows scheduler.

Emera answered 19/3, 2019 at 3:52 Comment(0)
G
0

A permanent tunnel is a security breach. I have setup an open service secured and opened as long you are in the web. It also have builtin timeouts, no activity 2 minutes, otherwise 10. Is over https and on top has some XTEA ciphering. Is available at mylinuz.com

screen shot

Glavin answered 4/9, 2020 at 22:9 Comment(0)
K
0

I have 2 main recommendations:

  • Teleport: Great tool, open source and relatively easy to use
  • Ngrok: Simple and doing exactly what you want

I would recommend using one of those services instead of doing it yourself. It can be dangerous to setup such setup on your own as any misconfiguration would lead to an attacker getting full access to all the connected devices.

Kumamoto answered 29/11, 2021 at 13:44 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.