# SSH tunnel without a terminal

## c00l.wave

I know I did this before but I don't know how I got it working and the box I did it on does not exist any more, so I can't look it up.

I want to maintain a SSH tunnel by cron. I just want to tunnel a simple connection every minute; if the port is in use, SSH should quit and . All commands run fine while I have a terminal. However, SSH seems to need a terminal to work, although I tried every possible argument and option I could find that should avoid and work around that. Here is what I tried and did not work (I variied all parameters):

In /etc/crontab:

```

* * * * *      tunnel  /usr/bin/ssh -R 10060:localhost:10051 -C -T -o BatchMode=yes -o TCPKeepAlive=no -o ServerAliveInterval=25 -o ServerAliveCountMax=2 -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o ExitOnForwardFailure=yes serverHostName

* * * * *      root    /bin/su -c '/usr/bin/ssh -L 10060:localhost:10051 -C -T -o TCPKeepAlive=no -o ServerAliveInterval=25 -o ServerAliveCountMax=2 -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o ExitOnForwardFailure=yes serverHostName' tunnel

* * * * *      root    /etc/scripts/maintain-tunnels.sh

```

In /etc/scripts/maintain-tunnels.sh:

```

#!/bin/bash

export SSH_TTY="/dev/null"

nohup /bin/su -c '/usr/bin/ssh -R 10060:localhost:10051 -C -n -T -o BatchMode=yes -o TCPKeepAlive=no -o ServerAliveInterval=25 -o ServerAliveCountMax=2 -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o ExitOnForwardFailure=yes serverHostName' tunnel >/dev/null

nohup /bin/su -c '/usr/bin/ssh -R 10060:localhost:10051 -t -t -T -n -o BatchMode=yes -o TCPKeepAlive=no -o ServerAliveInterval=25 -o ServerAliveCountMax=2 -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o ExitOnForwardFailure=yes serverHostName </dev/null >/dev/null' tunnel

nohup /bin/su -c '/usr/bin/ssh -L 10060:localhost:10051 -t -t -o TCPKeepAlive=no -o ServerAliveInterval=25 -o ServerAliveCountMax=2 -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o ExitOnForwardFailure=yes serverHostName' tunnel >/dev/null

```

All these arguments, -t, -t -t (don't ask where I found that), -T, -n, -f and -o BatchMode=yes should make it possible to somehow get a stupid SSH tunnel getting up without the need for a terminal, because I need no terminal at all and the server even forbids it for the key being used for security reasons...

How do I do this then, if all these options do NOTHING?!

Nothing works here, I am getting mad for having spent hours and hours on that stupid little command and starting to think something is badly broken in either SSH or Gentoo, because other people seem to be able to get this working somehow. There must be a way but what do I need?! Gentoo seems to be very special in this case.

All I get are messages like:

```
tcgetattr: Invalid argument

PTY allocation request failed on channel 0

Connection to serverHostName closed.
```

The server configures the key as:

```

# cat ~tunnel/.ssh/authorized_keys 

permitopen="localhost:10060",no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAandsoon...

```

Does anyone please have a working configuration/command line for me? I don't get it and won't get it without any help.

I am using sys-process/vixie-cron-4.1-r10 and net-misc/openssh-5.1_p1-r2.

----------

## erik258

hmm.  from the ssh manpage:

 *Quote:*   

>      -T      Disable pseudo-tty allocation.
> 
>      -t      Force pseudo-tty allocation.  This can be used to execute arbi-
> 
>              trary screen-based programs on a remote machine, which can be
> ...

 

it seems like a funny mix to both disable and force pseudo-tty allocation.  I wonder whether it's disabling ps-tty allocation and then, since allocation is forced, fails.  

Anyhow, the combination of these two, as well as 

```
export SSH_TTY="/dev/null" 
```

seem to indicate the classic problem of trial-and-error trial overlap.  

(there's your answer to the question we didn't ask, too:)

 *Quote:*   

>  -t -t (don't ask where I found that)

 

----------

## c00l.wave

Okay, I tried it again. -t -t works - but only if the key is permitted to open a pty. If I run -T nothing happens. Same for a single -t.

If I put no-pty inside authorized_keys on the target host, nothing works. All other key options are fine.

Well, I don't want to use key-based authentication if I have to provide a full shell through it.  :Confused:  Any way to block that without blocking the tunnel? I don't understand why that's a problem; forwarding shouldn't need a terminal?

Yet another problem: nohup cannot detach from cron and a SSH session running a terminal doesn't get killed by /etc/init.d/crontab stop. I have to kill both processes manually.

Edit: It works now. -N does the trick. I can combine it with -T and no-pty. Unfortunately, cron still does not shut down normally and my SSH processes keep running.

----------

