My company doesn’t have VPN setup. To be able to work from home, usually I have to setup a reversed ssh tunnel from office to my home server (my home router forwards port 12345 to my home server port 22) by running this command from my office machine:
ssh -R 10000:localhost:22 my.homeserver.com -p 12345
In this way, when I get to home, I can connect to my office by command:
ssh -p 10000 localhost
But the ssh session sometimes got timed-out and then I couldn’t connect back. It happened several time and I eventually got annoyed. To keep my connection always alive, I created a file ~/.ssh/config:
Host *
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 60
This helped a lot. But later, my company had some network issues and sometimes the network was down for hours. This broke my tunnel again. So I went even further and tried to find a solution to always keep my tunnel up — as soon as the network is available. Finally I found a program called “autossh“, which solved my problem perfectly.
First I made ssh passwordless from my office machine to my home server:
On my office machine, run following commands:
ssh-keygen -t dsa
scp ~/.ssh/id_dsa.pub my.homeserver.com:/tmp -p 12345
Then login my home server, run these commands:
cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
After this, I tried to login my home server from office again, and yes! it didn’t ask me password anymore. Finally I installed autossh with apt-get, and changed my reverse tunnel command to:
autossh -M 29001 -f -N -R 10000:localhost:22 www.coffeestone.com -p 12345
You can find more information about autossh at this page: http://gentoo-wiki.com/HOWTO_autossh.
After re-setup the reverse tunnel with command autossh, I intentionally killed the ssh session from my home server; on my office machine side, the process autossh detected it and immediately restarted a new ssh session to my home server.
Now I have a perfect unbreakable ssh tunnel!
Entries (RSS)