Autossh is a simple but effective tool for SysAdmins. It maintains an SSH connection and restarts it automatically if it drops. It helps sysadmins build stable SSH connections over unstable networks.
This article will discuss Autossh and how you can use it effectively. So, read ahead to learn more about it!
What does Autossh do?
To understand Autossh, you have to understand what SSH does. SSH or Secure Shell is a protocol for encrypted communication between two computer systems. The protocol creates a public-private keypair to encrypt communication. The client requests the server to form a connection.
These SSH connections can break or die for many reasons. Some firewalls disconnect SSH connections after a period of inactivity. If you have privileges and access, you can increase the timeout period for SSH. That cannot go on indefinitely.
Keeping this in mind, Autossh is a program that monitors an SSH connection and restarts it again if it dies or disconnects. The program is often used to maintain connections when the connection is not stable, the IP address keeps changing, or when the SSH connection keeps dropping due to other reasons.
How Autossh works
There are two methods that Autossh uses to monitor the SSH tunnel.
In the first method, Autossh keeps sending packages between client and server. And if this is not interrupted, the tunnel is assumed to be working. In this case, two ports carry these packets, one from client to server and another from server to client.
In the second method, a remote echo port is used for sending the packages both ways.
There are specific rules on how Autossh restarts an SSH connection. For example, if the user gives the exit command, Autossh will take that as an intentional exit by the user and close the connection. Or if you command Autossh itself to stop, it will also stop the connection.
Autossh will restart the connection in all other situations where an SSH connection dropped. Of course, you can command Autossh to restart the SSH connection even if it wasn’t dropped.
Every ten minutes (by default), Autossh will attempt to send packets to see if the connection still exists. If it fails, the program will try to restart the connection.
When using SSH, there are two authentication methods, one without passwords and another with passwords. For Autossh, you need to go without the passwords so that you’re not prompted to enter the password every time Autossh attempts to restart the connection.
Installing Autossh is pretty straightforward on a Linux machine. Depending on the distribution, you can use apt or YUM to install it.
For Debian or Ubuntu systems, the command is:
$ sudo apt-get install autossh
For RHEL, Fedora, or CentOS systems, the command is:
$ sudo yum install autossh
For Windows, the easiest way is to use Cygwin. If you’re not familiar, Cygwin is a collection of tools that essentially gives you a Linux-ish environment on a Windows system.
If you’re going this route, the first step is to install Cygwin. For this, head to cygwin.com, download the setup-x86_64.exe, and run it. You’ll be greeted by a screen that looks like this.
Hit "Next," and choose "Download from the internet."
Hit "Next," and choose where you want to install it.
Hit "Next,", and select where you want your package directory to be.
Hit "Next," and select your internet connection.
In the following step, the wizard will show you a list of sources to download Cygwin from. Choose a source with HTTPS.
Now, choose the packages you want to install. Cygwin recommends you DON’T install all of them. So change the ‘View’ menu to ‘Full’ and search for Autossh.
Hit Next. Once the installation is complete, you’ll be greeted by the following window.
Hit "Finish," open the Cygwin terminal, and enter the following command:
The command causes the Autossh to print the version number and exit. If everything goes well, you’d be greeted with the following message.
In macOS, the easiest way to install AutoSSH is using Homebrew. If you don’t have Homebrew installed, open the terminal, and run this command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Once you have it, just type this command to install AutoSSH:
brew install autossh
Running Autossh is relatively straightforward. Almost all the commands are similar to SSH, except you replace ssh with autossh.
Another difference is that you can use -M to specify the port for monitoring. Even if you’re not using the option, you have to mention it; in this case, it will be -M 0 (this disables the monitoring port).
Another option is -f. With -f, Autossh would drop to the background and won’t ask for passwords. And when the command is sent to SSH, the ‘-f’ will be removed since it has different meanings for SSH.
To use Autossh to login into a service, the command will look like:
autossh -M -0 username@servername
In the above example, we’re turning the monitoring off.
To use port 2000 as the monitoring port, the command will be like:
autossh -M 2000 username@servername
In this case, Autossh will use 2000 as the forwarding port and port 2001 to receive the data back.
By default, Autossh sets 30 seconds as the starting gate time. This is when Autossh starts and tries to create a tunnel; if it takes longer than 30 seconds to connect, it will try again. But if it fails before this time, it assumes that the connection is impossible and exits. When starting Autossh, you can tweak this with the AUTOSSH_GATETIME variable.
AUTOSSH_GATETIME = 45 autossh -m 2000 username@servername
In this instance, the starting gate time is 45 seconds. If it is 0, this feature is turned off, and Autossh won’t exit after 30 seconds.
There are plenty of alternatives for creating a persistent SSH tunnel. However, you can find one on Github if you want to go the script route.
Here are some of the other alternatives for Autossh:
- Persistent SSH: This is a Windows system tool that keeps SSH connections like Autossh. The tool has a GUI and can be configured through browsers. You can use the free version for non-server systems without any time limits.
- iTivity SSH Manager: This is a complete tunnel management solution. It essentially creates a hyper server into which all the devices in your network will tunnel. You don’t have to establish connections or worry about SSH connections dropping manually.
Autossh is a tool to monitor and restart SSH connections if and when they drop.
Once installed, the tool will monitor an SSH tunnel using either method. In both methods, the server and the client send packages to each other in a loop to see if the connection still exists. In the first method, two monitoring ports are used; one to send data packets from the client to the server and the other for sending them the other way. In the second method, a port for remote echo service is specified, which sends back the test data.
There are three arguments for the Autossh tool. -V will return the version and exit, -M specifies the monitoring port, and -f runs AutoSSH in the background.
If you don't want to use this tool, there are a couple of alternatives for you to try:
- Scripts that automatically restart SSH
- Persistent SSH
- iTivity SSH Manager
Frequently Asked Questions
What is reverse SSH?
In some situations, it is difficult to reach a remote system due to configurations on its end. You can let the remote computer connect to your end in such cases. But this doesn’t allow you to perform operations on the remote computer. So you use this connection to create an SSH tunnel back to the remote system. This is called a reverse SSH, and the SSH connection from your system to the remote system is called a reverse SSH tunnel.
What is Autossh package?
To use Autossh, you need to install the Autossh package. This can be for your Linux systems or your Cygwin terminal.
Is SSH a VPN?
They are similar in what they do, but they do it differently. The data packets sent across a VPN are encrypted. On the other hand, while the network is encrypted in SSH, the individual packets aren't. And VPN works across the network layer while SSH works on the application layer.
Both have their advantages, disadvantages, and specific use cases.
What is tunneling SSH?
An encrypted network or channel is created between two computer systems in a tunneling SSH or Secure Shell. This is often used for controlling remote systems and allowing access to network resources.