5 releases
Uses old Rust 2015
0.1.6 | Jun 5, 2019 |
---|---|
0.1.5 | Apr 17, 2019 |
0.1.4 | Dec 29, 2018 |
0.1.3 | Oct 11, 2018 |
0.1.2 | May 27, 2018 |
#594 in Asynchronous
115KB
2K
SLoC
stund — an SSH tunnel daemon
Stund (“stunned”), an SSH tunnel daemon, will maintain SSH tunnels in the background for you. It is convenient when you are often logging in to remote systems that require you to type in a password every time you connect.
If you have a Rust toolchain available, you can
install stund
by running
cargo install stund
See below for more detailed installation instructions.
Usage
Probably all you ever need to run is:
stund open login.mydomain.org
This will more-or-less run ssh login.mydomain.org
in such a way that the
command will disconnect from your terminal after you type in your passwords.
If you use
SSH connection multiplexing,
subsequent SSH connections to login.mydomain.org
will reuse the
pre-authenticated connection, avoiding repeated password entry.
If you don't use SSH connection multiplexing, stund is basically pointless.
If you would normally give SSH more arguments when connecting to the your
host, set up your
SSH config file
with the necessary entries. Virtually any option that appears on the command
line can be automated through SSH configuration. You should probably set
ServerAliveInterval = 120
for tunnels to be maintained with stund.
Other stund commands:
stund close login.mydomain.org # close an existing tunnel
stund status # report status of tunnels
stund exit # shut down the background daemon
(Yes, stund is basically like running SSH in a GNU screen session. But the user experience is a bit nicer, and in writing it I got to learn a lot of exciting things about psuedoterminals and asynchronous I/O with Rust’s Tokio framework.)
The open
command can optionally exec another command after it finishes, if
you run it with the following syntax:
stund open login.mydomain.org -- command arg1 arg2
This can be useful as a one-liner to open a needed tunnel and log into a host lying behind a gateway:
stund open login.mydomain.org -- ssh -J login.mydomain.org myinnerhost
If the connection to login.mydomain.org
does not need any user interaction
to be opened, the explicit invocation of stund
can be avoided with a proper
SSH ProxyCommand
configuration item, as mentioned below.
Installation
For now, you have to compile stund yourself. But, installing the latest version should be pretty simple:
- Install the Rust language toolchain if you don't already have it. In almost all cases the recommended method is to use rustup.rs.
- Add
$HOME/.cargo/bin
to your$PATH
if it is not already there. - Run
cargo install -f stund
- Run
stund help
to verify the installation.
You don’t need to check out this repository unless you want to install
a bleeding-edge version of stund
rather than the latest release.
Things You Can Do With Multiplexed SSH Tunnels
- If you log into a service that requires you to type your password, you can just type it once in the morning, instead of periodically throughout the day as you accidentally close your “primary” connection!
- Open and close port forwards dynamically.
- Transparently log in to hosts that are inside gateways,
so that you can do things like
scp
files without having to make multiple hops.
If you need to log into hosts that live behind a gateway, and the gateway
doesn’t require any user interaction for you to login in successfully, you can
use stund’s “exec-after-open” functionality to automatically open long-lived
background SSH tunnels with ProxyCommand
settings that look like this:
Host inner.mydomain
ProxyCommand = stund open --no-input -q login.mydomain.org -- ssh -W inner:%p login.mydomain.org
The --no-input
option is needed to prevent stund
from trying to read
anything from standard input; otherwise it would consume some of the SSH
traffic.
Things Stund Can’t Do
The big limitation is that stund
can’t keep your SSH connection alive if you
suspend your laptop or switch networks. It’s simply not possible to do this
due to the fundamental design of the SSH protocol (namely, that SSH runs over
long-lived TCP connections).
If this is the functionality you want, the best solution of which we are aware
is mosh, which uses a sessionless UDP-based protocol
that’s bootstrapped over a temporary SSH connection. While this design allows
mosh
to overcome some of SSH’s limitations, it means that mosh
doesn’t
support features like port forwarding and file transfers. Also, mosh
requires bidirectional UDP traffic between the client and the server, which is
often disallowed by conservative firewall rules.
Changes
See CHANGELOG.md for a list of changes associated with each release.
Copyright and License
Stund is copyright its authors and is licensed under the MIT License.
Dependencies
~14MB
~229K SLoC