Sish sometimes doesn't clean connections properly

[manprint]

Hi @antoniomika

I have some test web servers exposed via sish with the following domains:

1. ws1.sish.mydomain.link
2. ws2.sish.mydomain.link
3. ....

The ssh client to start sish is under systemd with automatic restart in case of failure, so that if the virtual machine restarts the connections to sish are established automatically.

Sometimes it happens that, if the VM shuts down in an unclean way (power failure for example), the ssh clients are unable to reconnect to sish. The error that is reported is that the subdomain (ws1, ws2, etc) is already in use.

Even if I try to disconnect the client from the console, it won't reconnect (in the console I see it but with "Listener = 0")

To get everything working properly again I have to restart sish. At this point the clients connect again.

The problem seems to be that sish sometimes doesn't clean up connections correctly (the domain remains registered in memory and is not freed on disconnection)

I'm attaching the sish configuration, maybe I'm making a mistake in setting some parameters to avoid this problem.

docker run -itd --name sish \
	-v $(pwd)/keys:/keys \
	-v $(pwd)/pubkeys:/pubkeys \
	--restart=always \
	-p 2222:2222 \
	-p 4443:4443 -p 8086:8086 \
	-p 8084:8084 -p 8085:8085 -p 8765:80 -p 8083:8083 \
        -p 8087:8087 -p 8088:8088 \
	--log-driver=json-file \
	--log-opt max-size=5m \
	--log-opt max-file=2 \
	--log-opt compress=true \
	antoniomika/sish:v2.9.2 \
	--ssh-address=:2222 \
	--http-address=:80 \
	--https=true \
	--authentication-keys-directory=/pubkeys \
	--private-keys-directory=/keys \
	--tcp-aliases \
        --bind-any-host \
        --bind-root-domain \
	--bind-random-aliases=false \
	--bind-random-ports=false \
	--bind-random-subdomains=false \
        --force-requested-aliases \
        --force-requested-ports \
        --force-requested-subdomains \
	--idle-connection=false \
        --idle-connection-timeout=3600s \
        --ping-client=true \
        --ping-client-timeout=3600s \
        --cleanup-unauthed \
	--cleanup-unauthed-timeout=60s \
        --cleanup-unbound \
	--cleanup-unbound-timeout=60s \
	--authentication-password= \
	--domain=sish.mydomain.link \
	--admin-console \
	--admin-console-token=mysecretpassword \
	--verify-ssl=false \
	--service-console-max-content-length=0 \
        --log-to-client

Thanks a lot for your support.

[lovelysexly7]

is:issue is:open pls how to set up sish for linux

[manprint]

Hi @antoniomika,
I hope you are fine.

can you help me to solve this issue?
it's happening often.

For example I have:
The subdomain rve-rizzola.sish.mysite.com is unavailable.

But before running sish I see from the console that this domain doesn't exist.

After I run sish I see the entry in the console but with listner=0

A thousand thanks.
I hope you continue to develop and improve sish. It's a fantastic tool.

[antoniomika]

Without idle-connections enabled and an extremely high ping interval, tunnels may not be cleaned up until the hour interval has passed.

What you should do is set the ping-client-timeout to something sufficiently short (2 or 3 of the ping intervals is likely appropriate for spotty connections), this would ensure that sish checks' the client periodically to make sure it is online. Then, using that in combination with --force-requested-* and continuous restarts of the client connection, sish will always reconnect to the same tunnel.

[manprint]

Thanks @antoniomika.

I set sish with these parameters:

	--idle-connection=false \
        --idle-connection-timeout=5s \
        --cleanup-unauthed=true \
	--cleanup-unauthed-timeout=5s \
        --cleanup-unbound=true \
	--cleanup-unbound-timeout=5s \
        --ping-client=true \
        --ping-client-timeout=2s \

Do you think they are good for my use case where the tunnel needs to stay up all the time?

I have another question:

In automatic scripts with systemd I usually use the following command:

ssh -p 2222 -R mysubdomain:80:localhost:8080 sish.mydomain.it -o TCPKeepAlive=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=60

Do you have any recommendations for correctly setting the parameters passed to SSH that can help sish?