Re: Somewhat OT -- Looking for ideas on how to test status of SSH TCP tunnel
From: Leonard Isham (leonard.isham_at_gmail.com)
Date: Thu, 3 Nov 2005 16:52:56 -0500 To: For users of Fedora Core releases <email@example.com>
On 11/3/05, Bruce McPeek <firstname.lastname@example.org> wrote:
> I am planning on setting up a TCP tunnel through an SSH connection between
> our Korean office's intranet and our US office's intranet. This tunnel will
> be used to provide a connection between a Perforce Proxy server in Korea and
> our main Perforce server (Redhat 9) in the US.
> The OS for Korean proxy server will be Redhat FC3 using OpenSSH. I may have
> to give up this server at some point in the future and go Windows as the
> underlying OS, if that happens I would like to use Plink (from the maker of
> PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/).
> I plan to set up the account used to connect our SSH server to a pretty
> restricted state; no login shell and port forwarding restricted to a
> specific ip:port.
> I am planning to script the SSH connection on the client side to reconnect
> should the connection drop. This should be a fairly trivial task.
> Unfortunately I have seen long running SSH tunnels in a state where they
> appear to be connected but no data flows through the tunnel or to the login
> shell. I would like test for this condition in my script but I am unsure
> which approach to take.
> I could conceivably try to connect through the tunnel to the server using
> some utility but which one? I could conceivable try using the Perforce
> client but would rather not consume a license to do this. Perhaps I could
> open have a second tunnel open just to test the connection, but what would
> be good to use?
I don't know that there is a solution for this issue.
If I where you I would consider using OpenVPN (www.openvpn.net). It is
designed for this type pf application. Has the ability to reconnect
if a connection is lost, Can use certificatres is cross platform,
including having RPM available. Well supported and in active
-- Leonard Isham, CISSP Ostendo non ostento. -- fedora-list mailing list email@example.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list