SSH Tunnel to a Virtual IP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

I have an SSH tunnel to a virtual IP. I am forwarding the MySQL
traffic over this. The problem I am having is that after failover the
tunnel exits as soon as I make a test connection using the MySQL
client. I would like the tunnel to stay up and work with the new host
on the other side on failover.

I have tried various things like


I have even tried using the same ssh host RSA and DSA keys on both

I am invoking the tunnel as this:

Heres an example of the error (with obscured values to protect the

$ ssh -N foo@<VIP> -L 7777: -o
StrictHostKeyChecking=no ServerAliveInterval=60 TCPKeepAlive=yes
Warning: Permanently added '<VIP>' (RSA) to the list of known hosts.

Read from remote host <VIP>: Connection reset by peer

The connection reset by peer happens after failover when I invoke:

$ mysql -D <database> -h -P 7777 -p
Enter password:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading
communication packet', system error: 0

Is there some facility within ssh that will help me? My other recourse
is to write a bit of Perl to fork, start the tunnel and restart it on
exiting. I have experimented with another solution using xinetd acting
as a MySQL proxy (see: )
but xinetd is probably not well suited to multiple simulateous
connections such as a database-driven website scenario.


Re: SSH Tunnel to a Virtual IP

Quoted text here. Click to load it

None of this will help you, because they are properties of an existing SSH
connection.  When you repoint the vip at a new host, the SSH connection is
gone.  What you would need is a feature in OpenSSH which will
automatically try to re-establish a connection if it fails.  There is no
such feature; you will have to do it yourself.

  Richard Silverman

Site Timeline