Autossh 的问题:从 cron 运行还是从终端运行

Autossh 的问题:从 cron 运行还是从终端运行

我正在尝试在一台服务器和多台客户端之间设置可靠的反向隧道。如果连接断开或失效,我会使用 autossh 重新建立连接,但遇到了一些问题。

服务器:服务器有一个动态 IP,链接到 DDNS 服务。我希望 SSH 中的“-o“CheckHostIP=no”参数可以防止服务器 IP 更改时出现问题。服务器通过网关路由器的端口转发获取 SSH。路由器端口 3141 上的传入连接转到服务器端口 22。

客户端:每个客户端从配置文件中获取不同的 autossh 监控端口和反向隧道端口。python 脚本读取 cfg 文件并构建使用“os.system(cmd)”运行的 autossh cmd。它们每个都具有相同的密钥,用于进入服务器。目前,AutoSSH 命令在重新启动时从 cron 运行,所有输出都记录在文本文件中。命令是:

autossh -v -M 23000 -N -o "CheckHostIP=no" -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /home/client1/.ssh/id_ed25519 -R 22000:localhost:22 [email protected] -p 3141

该命令在终端中调用时可以正常工作,但在 cron 中调用时则无法工作。

来自CRON:

OpenSSH_6.7p1 Raspbian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to server.org [x.x.x.x] port 3141.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5
debug1: match: OpenSSH_6.7p1 Raspbian-5 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:dd:b6:88:33:00:bb:aa:ee:08:7b:19:01:ae:da:34
debug1: Host '[server.org]:3141' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
SERVER: Server hello message
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to server.org ([x.x.x.x]:3141).
debug1: Local connections to LOCALHOST:23000 forwarded to remote address 127.0.0.1:23000
debug1: Local forwarding listening on 127.0.0.1 port 23000.
debug1: channel 0: new [port listener]
socket: Address family not supported by protocol
debug1: Remote connections from LOCALHOST:23000 forwarded to local address 127.0.0.1:23001
debug1: Remote connections from LOCALHOST:22000 forwarded to local address localhost:22
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: remote forward failure for: listen 23000, connect 127.0.0.1:23001
Error: remote port forwarding failed for listen port 23000

如果我从终端运行相同的命令,除了最后几行之外,输出是相同的:

socket: Address family not supported by protocol
debug1: Remote connections from LOCALHOST:23000 forwarded to local   address 127.0.0.1:23001
debug1: Remote connections from LOCALHOST:22000 forwarded to local address localhost:22
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: remote forward success for: listen 23000, connect 127.0.0.1:23001
debug1: remote forward success for: listen 22000, connect localhost:22
debug1: All remote forwarding requests processed

你知道为什么它不能从 cron 运行吗?我怎样才能让它在启动时运行并密切关注它?

编辑:在客户端重新启动后调用“ps aux | grep autossh”显示 python autossh 命令未运行。日志文件以“错误:远程端口转发失败”消息结尾,并且不会继续尝试。这是 python 问题、autossh 问题还是 cron 问题?

答案1

从 cron 运行时,您可能需要传递-f给 autossh(转到后台)并使用nohup

0 0 * * * nohup autossh -f <your params>  >/dev/null 2>&1 &

答案2

好吧,问题是非正常断开连接后,服务器上的端口仍保持打开状态。整个终端/cron/python 的事情只是我寻找问题的兔子洞。

无论如何,这是一个很好的答案: 其他 Stack Exchange 答案

答案3

当在没有终端的情况下运行时,您必须使用 -f 将其置于后台,这是 ssh 的一个参数。

关于使用 -f 的一件事,您必须在远程机器上运行一个程序,否则它将连接、设置您请求的任何隧道,然后退出。对于您的特定情况,我建议进行以下修改:

autossh -v -M 23000 -N \
-o "CheckHostIP=no" \
-o "ExitOnForwardFailure=yes" \
-o "ServerAliveInterval=10" \
-o "PubkeyAuthentication=yes" \
-o "PasswordAuthentication=no" \
-i /home/client1/.ssh/id_ed25519 \
-R 22000:localhost:22 \
-f \
[email protected] -p 3141 \
sleep 31536000

-f 和 sleep 是新的。Sleep 是连接时运行的命令,我选择它休眠 365 天,我希望这足够长了。

相关内容