Uses old Rust 2015
|0.1.6||Jun 5, 2019|
|0.1.5||Apr 17, 2019|
|0.1.4||Dec 29, 2018|
|0.1.3||Oct 11, 2018|
|0.1.2||May 27, 2018|
#555 in Asynchronous
29 downloads per month
stund — an SSH tunnel daemon
Stund (“stunned”), an SSH tunnel daemon, will maintain SSH tunnels in the background for you. It is convenient when you are often logging in to remote systems that require you to type in a password every time you connect.
If you have a Rust toolchain available, you can
stund by running
cargo install stund
See below for more detailed installation instructions.
Probably all you ever need to run is:
stund open login.mydomain.org
This will more-or-less run
ssh login.mydomain.org in such a way that the
command will disconnect from your terminal after you type in your passwords.
If you use
SSH connection multiplexing,
subsequent SSH connections to
login.mydomain.org will reuse the
pre-authenticated connection, avoiding repeated password entry.
If you don't use SSH connection multiplexing, stund is basically pointless.
If you would normally give SSH more arguments when connecting to the your
host, set up your
SSH config file
with the necessary entries. Virtually any option that appears on the command
line can be automated through SSH configuration. You should probably set
ServerAliveInterval = 120 for tunnels to be maintained with stund.
Other stund commands:
stund close login.mydomain.org # close an existing tunnel stund status # report status of tunnels stund exit # shut down the background daemon
(Yes, stund is basically like running SSH in a GNU screen session. But the user experience is a bit nicer, and in writing it I got to learn a lot of exciting things about psuedoterminals and asynchronous I/O with Rust’s Tokio framework.)
open command can optionally exec another command after it finishes, if
you run it with the following syntax:
stund open login.mydomain.org -- command arg1 arg2
This can be useful as a one-liner to open a needed tunnel and log into a host lying behind a gateway:
stund open login.mydomain.org -- ssh -J login.mydomain.org myinnerhost
If the connection to
login.mydomain.org does not need any user interaction
to be opened, the explicit invocation of
stund can be avoided with a proper
ProxyCommand configuration item, as mentioned below.
For now, you have to compile stund yourself. But, installing the latest version should be pretty simple:
- Install the Rust language toolchain if you don't already have it. In almost all cases the recommended method is to use rustup.rs.
$PATHif it is not already there.
cargo install -f stund
stund helpto verify the installation.
You don’t need to check out this repository unless you want to install
a bleeding-edge version of
stund rather than the latest release.
Things You Can Do With Multiplexed SSH Tunnels
- If you log into a service that requires you to type your password, you can just type it once in the morning, instead of periodically throughout the day as you accidentally close your “primary” connection!
- Open and close port forwards dynamically.
- Transparently log in to hosts that are inside gateways,
so that you can do things like
scpfiles without having to make multiple hops.
If you need to log into hosts that live behind a gateway, and the gateway
doesn’t require any user interaction for you to login in successfully, you can
use stund’s “exec-after-open” functionality to automatically open long-lived
background SSH tunnels with
ProxyCommand settings that look like this:
Host inner.mydomain ProxyCommand = stund open --no-input -q login.mydomain.org -- ssh -W inner:%p login.mydomain.org
--no-input option is needed to prevent
stund from trying to read
anything from standard input; otherwise it would consume some of the SSH
Things Stund Can’t Do
The big limitation is that
stund can’t keep your SSH connection alive if you
suspend your laptop or switch networks. It’s simply not possible to do this
due to the fundamental design of the SSH protocol (namely, that SSH runs over
long-lived TCP connections).
If this is the functionality you want, the best solution of which we are aware
is mosh, which uses a sessionless UDP-based protocol
that’s bootstrapped over a temporary SSH connection. While this design allows
mosh to overcome some of SSH’s limitations, it means that
support features like port forwarding and file transfers. Also,
requires bidirectional UDP traffic between the client and the server, which is
often disallowed by conservative firewall rules.
See CHANGELOG.md for a list of changes associated with each release.
Copyright and License
Stund is copyright its authors and is licensed under the MIT License.