[linux-elitists] Fun* with ssh tunnels

Don Marti dmarti at zgp.org
Sun Aug 1 11:18:12 PDT 2010


begin David L. Anselmi quotation of Sat, Jul 31, 2010 at 11:51:08PM -0600:

> >So the "postqueue" command is running on the client.
> 
> *That* is fun.  How creative.
> 
> Might this also work though:
> 
> ssh -L 10025:localhost:25 $MAILHOST -N -f && /usr/sbin/postqueue -f
> 
> This seems to do the right thing if ssh can't connect, but maybe not
> if it connects but the remote port isn't listening.  Also the
> setting of ExitOnForwardFailure might matter.
> 
> The connection stays open (in the background) until signaled to
> stop.  I think yours will be all cleaned up after postqueue runs so
> maybe the extra convolution is worth it.

The ssh back method works for me and has never left an
extra ssh process behind.  It's the least troublesome*
of the various ways I've tried to do this, and I've
sent mail from a variety of weird café and airport
networks.

The -N -f method works, too.  Cleaning up the
leftover ssh process is a couple of extra lines in
the mail script.  If you have a Debian system you
can run something like:

  start-stop-daemon --pidfile .ssh_tunnel_pidfile --make-pidfile \
  --exec /usr/bin/ssh --start -- $SSH_ARGS

before doing the stuff that has to run over the tunnel, then

  start-stop-daemon --pidfile .ssh_tunnel_pidfile --stop

afterward.

(Don't believe the man page: start-stop-daemon works
fine for keeping an eye on things running as yourself,
not just "system-level processes".)

* Most troublesome: ssh "master" connections with tunnels
  started from /etc/network/*.d :
  http://zgp.org/pipermail/linux-elitists/2008-November/012624.html

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti at zgp.org


More information about the linux-elitists mailing list