I have a set-up with a LDAP-sever (ldapserver) behind a strict firewall, and a webapplication running on a sever (appserver) outside that firewall that needs to authenticate using that LDAP-sever.
I have successfully used a third server (tunnelserver) as in intermediate, setting up a SSH-tunnel between appserver and ldapserver by running the following command on tunnelserver:
ssh username@appserver -R 28420:ldapserver:389
The only issue is that occasionally I get a broken pipe, and lose the SSH-tunnel.
A solution seems autossh, but my limited SSH-knowledge barely managed to get the tunnel working, and seems insufficient to correctly respecify the options for autossh.
Any tips?
The parameters are basically the same (
autosshpasses them directly tossh). Remove-fif you don't wantautosshto background itself. You probably want the-Noption to not execute a shell on the server. Select a free port for the-Moption (the port one above that must also be free). On Debian/Ubuntu you can omit this because the package includes a wrapper script which automatically selects a free port.I noticed in 2013 that using autossh for reverse tunnels that the remote side sshd was not being terminated.
I worked around this via script to start/stop/restart my tunnel (which i included with @reboot in crontab to start the tunnel), wherein I would kill the remote end using ssh forced command i.e. when stopping (or restarting) the tunnel.