I have the opportunity to set the content of the subject on the Linux server, Note that it took some time. And I wrote it, hoping that it would be useful to someone.
-Install a tunnel (local: 50000) on the Linux server (Local) ・ Connect to RDS from Linux server (stepping stone) -Connect to RDS using a tunnel with a certain service (running on a Linux server (Local)) ・ Therefore, it is not for you to connect, but for the purpose of use of some service.
・ Port 50000 to RDS ssh port forwarding
Host: "999.999.999.999" Username: "fumidai" Certificate: "/etc/ssh/fumidai.pem" RDS Host: "RDS.com" Port: "3306"
Based on each of the above information, it is as follows. 「ssh -o ServerAliveInterval=30 -f -N -L 50000:RDS.com:3306 [email protected] -i /etc/ssh/fumidai.pem」
It seems that you can set the parameters described in ssh_config by setting the "-o" option. For example, "-o XXXXX = 30".
Required if you want the port forwarding (tunnel) process to be in the background. It's useless if it's not two, and it's impossible if it's just "-f".
Used when specifying the local port of the Local server. In the case of "-R", it looks like a remote. I haven't investigated in detail.
The reference destination of the certificate.
It's a basic thing, but I got confused many times because there was a place to do in the game where it came out.
ssh is authoritative. If you do not set it properly, it will not connect. Reference site: "https://note.mokuzine.net/ssh-permission-denied/"
No matter where you look at the site, if you want to put a tunnel setting in the background and delete it Find the process and kill it. However, I would like to forgive you for being dropped by yourself.
As long as you move it with "-f -N", it will move in the background. I confirmed it with the netstat command, but it is in the Listen state properly. However, it falls in about 2 hours and 15 minutes. Moreover, if you let the service communicate about 1 hour after starting the process (leaving it as Listen), Communication is not done properly, probably because I left it for a long time. It fails on the way. Well, there was no communication, so I was wondering if something was happening.
If you look closely, is it a kernel? It seems that it will be cut off if there is no communication due to the specifications or something. "Write failed: Broken pipe" at the timing when the process goes down to the terminal where the process was actually executed Was displayed.
Reference site: "https://www.riscascape.net/archives/9570" :「https://alpha-netzilla.blogspot.com/2011/12/tcp-keepalive.html」 :「https://qiita.com/kuni-nakaji/items/c07004c7d9e5bb683bc2」
There is "ServerAliveInterval" etc. in ssh, and it communicates in the specified cycle and number of times. Now you don't die on your own. Communication is possible even after about an hour (leaving it as Listen). In the setting of sshd, the setting around here does not work "0" by default.
Reference site: "https://qiita.com/ysk24ok/items/2f4ced5edf306fdd9dfb" :「http://www.koganemaru.co.jp/cgi-bin/mroff.cgi?sect=5&cmd=&lc=1&subdir=man&dir=jpman-11.2.2%2Fman&subdir=man&man=ssh_config」 :「https://tech.sv-cat.net/entry/2018/08/21/190127」
However, it is not enough to start the process once. Maybe it will fall for some reason. If the stepping stone or RDS of the communication destination goes down, the process will definitely go down. Therefore, it is necessary to have a mechanism to restart the process in anticipation of an unexpected accident. I plan to monitor it with crond and turn it around. I thought about making it a service with systemd, After all, it seems to rely on the shell, so crond seems to be good.
If you have any other better means, we hope you enjoy it.
Recommended Posts