3

From local host I'm ssh tunneling some remote host:port to my local host:port, so anybody on a remote host can use their "local" port to access my port via that tunnel.

I'm using some regular (non-root) user account on both hosts for this.

For example: tunnelingdaemon from my localhost connect tunnelingdaemon@remotehost using ssh -R 127.0.0.1:2222:127.0.0.1:22 remotehost ... and opens port 2222 on remote host and connect it to port 22 on my local host.

Root on remote host can use netstat, lsof, or fuser to find the PID of a process which opened and tunneled that port 2222. But regular user (tunnelingdaemon) cannot do that.

For example

root: 

root@remote_host:/# fuser 2222/tcp
2222/tcp:            13709
root@remote_host:/#

tunnelingdaemon:

tunnelingdaemon@remote_host:/$ fuser 2222/tcp
tunnelingdaemon@remote_host:/$

On a remote host, I can kill that process as a regular (tunnelingdaemon) user under which is tunnel opened on the first place, but I must be root to find which process I should kill.

That's a problem. I need to find a solution for this.

Hauke Laging
  • 88,146
  • 18
  • 125
  • 174
Goran
  • 31
  • 2
  • I am impressed that you can kill other normal users' processes. How do you do that? – Hauke Laging Nov 25 '17 at 13:05
  • @hauke I didn't try to kill other normal users processes (I don't believe I can). I'm using user "tunnelingdaemon" from local host to connect (passwordless) to same user on remote host `ssh -R ... remotehost ...`, so I'm able to kill that tunnel within tunnelingdaemon user on remote host. But I cannnot find which process to kill if I'm not root. – Goran Nov 25 '17 at 22:21
  • @a.b All users must be able to use that tunnel. – Goran Nov 25 '17 at 22:22
  • 1
    sshd (most likely) sets PR_SET_DUMPABLE to 0 which has the side effect of preventing fuser,ss,lsof to work on it when non-root because /proc/< pid >/fd/ is owned by root, even if the instance runs as user tunellingdaemon (see `man 5 proc`search for `PR_SET_DUMPABLE`) . So, let's check alternative solutions. Why do you want to kill it? – A.B Nov 25 '17 at 22:56
  • On remote host I'm periodically testing tunnel if it is alive. If it's not, I should kill it, because from local host I cannot open new tunnel on same port 2222 on remote host if process on remote host is still alive and holding that port. This situations happens when local host instantly reboot (power glitch) or change IP address (network problems), or similar. – Goran Nov 26 '17 at 02:03
  • @a.b This reverse ssh connections can/will be used very occasionaly. Seems to me that short "ClientAliveInterval" can cause much more troubles than benefits. I will first try all other possible solutions. – Goran Nov 27 '17 at 13:16

3 Answers3

1

E.g. port "8889":

lsof -i -P | grep 8889

works for me.

Then you can kill the PID (second column of the output)

aerijman
  • 113
  • 4
0

Perhaps try ss with the -p switch? You do not need to elevate to root to run this command.

From man ss

   -p, --processes
          Show process using socket.

Example:

ss -p | grep dropbox
u_str  ESTAB      0      0       * 25994                 * 25995                 users:(("dropbox",pid=1869,fd=22))
maulinglawns
  • 8,426
  • 2
  • 28
  • 36
0

You could write a PID file:

ssh ... 'echo $(/bin/ps -p $$ -o ppid --no-headers) >~/ssh.pid; read cont'
Hauke Laging
  • 88,146
  • 18
  • 125
  • 174