I use SSH on a daily basis to connect to a number of networks, see my previous posting on Opening up network using SSH tunnels. Unfortunately not all network connections, most notably the wireless ones, are very reliable.
Some of the tunnels I use are 'reverse tunnels', which means that I need to physically access the remote machine in order to setup those tunnels, which is not always possible or practical.
The standard OpenSSH client application does not seem to have a function to automatically retry when there is a network hiccup. However, with a little bit of creativity we can add this functionality ourselves.
The solution: Setup a bash script that executes the ssh command in an infinite loop. In order to make this work we need to ensure that the user does not need to manually authenticate on every retry as that would defeat the purpose of a fully automatic mechanism. This solution has been tested with Cygwin and should work on Linux without change.
SSH supports authentication using either passwords or public keys. We have already established that password authentication is not going to work so we need to setup DSA (Digital Signature Algorithm) authentication.
In this example we will be using the following names:
- UserClient: The user on the client PC (running the SSH client) that wants to connect to a server. Please replace this with the actual user name.
- UserServer: The user on the server we want to login as. Change this to the actual user name.
- Client: The machine we are connecting from.
- Server: The machine we are connecting to.
First we need to create the keys for UserClient on the Client machine. Enter the following command to do so:
ssh-keygen -t dsa
When asked for a pass phrase press enter. This generates a set of keys in the ~UserClient/.ssh directory on the Client machine. As I use Cygwin this directory is located in the following location.
C:\Program Files\cygwin\home\UserClient\.ssh
This file needs to be appended to the list of authorized keys on the Server. Copy ~UserClient/.ssh/id_dsa.pub to the server and concatenate it to the list of authorized keys for UserServer using the following commands:
cat id_dsa.pub >> ~UserServer/.ssh/authorized_keys2
chmod 644 ~UserServer/.ssh/authorized_keys2
That is all what is needed to login using DSA. Try it by issuing the following command on the Client:
ssh UserServer@Server
With this mechanism in place, we can create a small bash script that rebuilds the SSH connection in an infinite loop. Note that in the following example I use the most basic SSH command only. Replace this with your combination of Local and Remote tunnel command line switches.
#!/bin/bash
while [ true ]; do
echo Opening SSH session
ssh UserServer@Server
echo SSH session disconnected
done
Name this file something like 'ssh_connect.sh'. Once saved it can be executed using ./ssh_connect.sh.
That is it, works like a charm.
Another article on setting up SSH using DSA can be found here. An introduction to BASH scripting is available here.