autossh(1)

1AUTOSSH(1)                BSD General Commands Manual               AUTOSSH(1)
2

NAME

4     autossh — monitor and restart ssh sessions
5

SYNOPSIS

7     autossh [-V] [-M port[:echo_port]] [-f] [SSH_OPTIONS]
8

DESCRIPTION

10     autossh is a program to start a copy of ssh and monitor it, restarting it
11     as necessary should it die or stop passing traffic.
12
13     The original idea and the mechanism were from rstunnel (Reliable SSH Tun‐
14     nel). With version 1.2 of autossh the method changed: autossh uses ssh to
15     construct a loop of ssh forwardings (one from local to remote, one from
16     remote to local), and then sends test data that it expects to get back.
17     (The idea is thanks to Terrence Martin.)
18
19     With version 1.3, a new method is added (thanks to Ron Yorston): a port
20     may be specified for a remote echo service that will echo back the test
21     data. This avoids the congestion and the aggravation of making sure all
22     the port numbers on the remote machine do not collide. The loop-of -for‐
23     wardings method remains available for situations where using an echo ser‐
24     vice may not be possible.
25

CONTROLLING SSH

27   SSH exits
28     autossh tries to distinguish the manner of death of the ssh process it is
29     monitoring and act appropriately. The rules are:
30
31     1.      If the ssh process exited normally (for example, someone typed
32             "exit" in an interactive session), autossh exits rather than
33             restarting;
34
35     2.      If autossh itself receives a SIGTERM, SIGINT, or a SIGKILL sig‐
36             nal, it assumes that it was deliberately signalled, and exits
37             after killing the child ssh process;
38
39     3.      If autossh itself receives a SIGUSR1 signal, it kills the child
40             ssh process and starts a new one;
41
42     4.      Periodically (by default every 10 minutes), autossh attempts to
43             pass traffic on the monitor forwarded port. If this fails,
44             autossh will kill the child ssh process (if it is still running)
45             and start a new one;
46
47     5.      If the child ssh process dies for any other reason, autossh will
48             attempt to start a new one.
49
50   Startup behaviour
51     If the ssh session fails with an exit status of 1 on the very first try,
52     autossh
53
54     1.      will assume that there is some problem with syntax or the connec‐
55             tion setup, and will exit rather than retrying;
56
57     2.      There is a "starting gate" time. If the first ssh process fails
58             within the first few seconds of being started, autossh assumes
59             that it never made it "out of the starting gate", and exits. This
60             is to handle initial failed authentication, connection, etc. This
61             time is 30 seconds by default, and can be adjusted (see the
62             AUTOSSH_GATETIME environment variable below). If AUTOSSH_GATETIME
63             is set to 0, then both behaviours are disabled: there is no
64             "starting gate", and autossh will restart even if ssh fails on
65             the first run with an exit status of 1.
66
67   Continued failures
68     If the ssh connection fails and attempts to restart it fail in quick suc‐
69     cession, autossh will start delaying its attempts to restart, gradually
70     backing farther and farther off up to a maximum interval of the autossh
71     poll time (usually 10 minutes).  autossh can be "prodded" to retry by
72     signalling it, perhaps with SIGHUP ("kill -HUP").
73
74   Connection setup
75     As connections must be established unattended, the use of autossh
76     requires that some form of automatic authentication be set up. The use of
77     RSAAuthentication with ssh-agent is the recommended method. The example
78     wrapper script attempts to check if there is an agent running for the
79     current environment, and to start one if there isn't.
80
81     It cannot be stressed enough that you must make sure ssh works on its
82     own, that you can set up the session you want before you try to run it
83     under autossh
84
85     If you are tunnelling and using an older version of ssh that does not
86     support the -N flag, you should upgrade (your version has security
87     flaws). If you can't upgrade, you may wish to do as rstunnel does, and
88     give ssh a command to run, such as "sleep 99999999999".
89

OPTIONS

91     -M port[:echo_port]
92             specifies the base monitoring port to use. Without the echo port,
93             this port and the port immediately above it ( port + 1) should be
94             something nothing else is using.  autossh will send test data on
95             the base monitoring port, and receive it back on the port above.
96             For example, if you specify "-M 20000", autossh will set up for‐
97             wards so that it can send data on port 20000 and receive it back
98             on 20001.
99
100             Alternatively, a port for a remote echo service may be specified.
101             This should be port 7 if you wish to use the standard inetd echo
102             service.  When an echo port is specified, only the specified mon‐
103             itor port is used, and it carries the monitor message in both
104             directions.
105
106             Many people disable the echo service, or even disable inetd, so
107             check that this service is available on the remote machine. Some
108             operating systems allow one to specify that the service only lis‐
109             ten on the localhost (loopback interface), which would suffice
110             for this use.
111
112             The echo service may also be something more complicated: perhaps
113             a daemon that monitors a group of ssh tunnels.
114
115             Setting the monitor port to 0 turns the monitoring function off,
116             and autossh will only restart ssh upon ssh's exit. For example,
117             if you are using a recent version of OpenSSH, you may wish to
118             explore using the ServerAliveInterval and ServerAliveCountMax
119             options to have the SSH client exit if it finds itself no longer
120             connected to the server. In many ways this may be a better solu‐
121             tion than the monitoring port.
122
123     -f      causes autossh to drop to the background before running ssh. The
124             -f flag is stripped from arguments passed to ssh. Note that there
125             is a crucial a difference between -f with autossh, and -f with
126             ssh: when used with autossh ssh will be unable to ask for pass‐
127             words or passphrases.
128
129     -V      causes autossh to display its version number and exit.
130

ENVIRONMENT

132     Other than the flag to set the connection monitoring port, autossh uses
133     environment variables to control features. ssh seems to be still collect‐
134     ing letters for options, and this seems the easiest way to avoid colli‐
135     sions.
136
137     AUTOSSH_DEBUG
138             If this variable is set, the logging level is set to to
139             LOG_DEBUG, and if the operating system supports it, syslog is set
140             to duplicate log entries to stderr.
141
142     AUTOSSH_GATETIME
143             Specifies how long ssh must be up before we consider it a suc‐
144             cessful connection. The default is 30 seconds. Note that if
145             AUTOSSH_GATETIME is set to 0, then not only is the gatetime be‐
146             haviour turned off, but autossh also ignores the first run fail‐
147             ure of ssh. This may be useful when running autossh at boot.
148
149     AUTOSSH_LOGLEVEL
150             Specifies the log level, corresponding to the levels used by sys‐
151             log; so 0-7 with 7 being the chattiest.
152
153     AUTOSSH_LOGFILE
154             Specifies that autossh should use the named log file, rather than
155             syslog.
156
157     AUTOSSH_MAXSTART
158             Specifies how many times ssh should be started. A negative number
159             means no limit on the number of times ssh is started. The default
160             value is -1.
161
162     AUTOSSH_MESSAGE
163             Append message to echo message sent when testing connections.
164
165     AUTOSSH_NTSERVICE
166             (Cygwin only.) When set to "yes" , autossh sets up to run as an
167             NT service under cygrunsrv. This adds the -N flag for ssh if not
168             already set, sets the log output to stdout, and changes the be‐
169             haviour on ssh exit so that it will restart even on a normal
170             exit.
171
172     AUTOSSH_PATH
173             Specifies the path to the ssh executable, in case it is different
174             than the path compiled in.
175
176     AUTOSSH_PIDFILE
177             Write autossh pid to specified file.
178
179     AUTOSSH_POLL
180             Specifies the connection poll time in seconds; default is 600
181             seconds.  If the poll time is less than twice the network time‐
182             outs (default 15 seconds) the network timeouts will be adjusted
183             downward to 1/2 the poll time.
184
185     AUTOSSH_FIRST_POLL
186             Specifies the time to wait before the first connection test.
187             Thereafter the general poll time is used (see AUTOSSH_POLL
188             above).
189
190     AUTOSSH_PORT
191             Sets the connection monitoring port. Mostly in case ssh appropri‐
192             ates -M at some time. But because of this possible use,
193             AUTOSSH_PORT overrides the -M flag. A value of 0 turns the moni‐
194             toring function off.
195

AUTHOR

197     autossh was written by Carson Harding.
198