~alpine/devel

1

[alpine-devel] autossh / SSH Persistent Tunnel

Jeremy Thomerson <jeremy@thomersonfamily.com>
Details
Message ID
<CADVmKVC7YNzHQPEoHaeeXM6o+ctH07K+fA03-Qa3WGfdcB3VCg@mail.gmail.com>
Sender timestamp
1318727603
DKIM signature
missing
Download raw message
Has anyone on this list tried using autossh [1] to keep a persistent SSH
tunnel going?  Or do you have a different / better approach to this or the
following scenarios?

Scenario 1:
Where I live my router doesn't have access to a public IP - so I can't use
openvpn like I used to for VPN connection to home.  But, I need to have
remote access to my file server at home, which is behind my router (NAT)
which is behind another router for our building's network (also NAT).  I
would like my home (Alpine) file server (or possibly my Alpine router) to
keep a persisten ssh connection to a remote (public) server that I have.
 Then when I'm remote I could ssh to my home file server (or router) through
that public server.

I suppose I might even be able to port forward OpenVPN (or similar...
suggestions?) ports through this SSH tunnel so that I could connect vpn to
the public server, which is really forwarding that traffic back to my home
network.. giving me access to SMB file systems and printing remotely like I
used to have.

Scenario 2:
I'm migrating an application from a single server to multiple servers soon
for a friend.  One server will be a web application server.  The other will
do background processing of files, reporting, etc.  So, between the two I
need: shared file system access, MySQL replication, and a connectivity
between a couple other ports like ActiveMQ, etc.  ActiveMQ could probably
just be a firewall rule that only allows traffic between ServerA and
ServerB.  But for MySQL replication (and MySQL client access on port 3306)
I'll want a secure tunnel.  I don't want those ports open on the firewall at
all.  For the file mount between servers I was thinking of using sshfs.

So, I'll need to at least set up a port forwarding tunnel for MySQL
replication and client access.  Do you have suggestions?  AutoSSH?  Other?
 Also, I don't have any real-world experience with sshfs.  Any suggestions
there?  (These boxes will unfortunately not be Alpine, but all the ones in
Scenario 1 above are Alpine boxes).

[1] http://www.harding.motd.ca/autossh/

Many Thanks!
Jeremy Thomerson
Nathan Angelacos <nangel@alpinelinux.org>
Details
Message ID
<4E9C466E.6010305@alpinelinux.org>
In-Reply-To
<CADVmKVC7YNzHQPEoHaeeXM6o+ctH07K+fA03-Qa3WGfdcB3VCg@mail.gmail.com> (view parent)
Sender timestamp
1318864494
DKIM signature
missing
Download raw message
Hi Jeremy,

On 10/15/2011 06:13 PM, Jeremy Thomerson wrote:
> Has anyone on this list tried using autossh [1] to keep a persistent SSH
> tunnel going?  Or do you have a different / better approach to this or
> the following scenarios?
>
> Scenario 1:

OpenVPN with the "client-to-client" configuration setting.

All clients can then see each other, no need for an extra ssh process - 
you should have native IP connectivity between the two clients.

>
> Scenario 2:

I've seen a GRE tunnel used things like that; actually OpenNHRP + IPSec 
does /exactly/ what you are wanting to do.


Or you can just go with OpenVPN "client-to-client" again.


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)