Error when running zrok private share from a script

twisteddog99 · October 14, 2023, 10:09pm

I'm trying to set up consistent remote access to a linux machine via ssh over zrok:

Run on remote: zrok share private --backend-mode tcpTunnel 127.0.0.1:22
Run on local zrok access private xxxxx
Run on local in another terminal: ssh -p 9191 uname@127.0.0.1
This works great and I can happily use ssh.

However, when I run the share command in my startup script like this:
nohup zrok share private --backend-mode tcpTunnel 127.0.0.1:22 &
or

screen
zrok share private --backend-mode tcpTunnel 127.0.0.1:22

I get a

kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 9191

error when trying to ssh in.
This error also appears in the local zrok window:

│[   5.113]   ERROR zrok/endpoints/tcpTunnel.(*Frontend).accept: error       │
│dialing 'mubutnn93yev': unable to dial service 'mubutnn93yev': dial failed: │
│service 2U0JVJKVbl8R5uZXxgxaGC has no terminators                           │

Why is this, and is there a smarter way to start the zrok share programmatically that anyone uses already?
Cheers,
T

qrkourier · October 14, 2023, 10:32pm

I suspect you need the --headless option in zrok share private so it only logs and doesn't try to display the terminal UI.

Another option is using Docker with network mode "host" so the zrok container can "see" your Docker host's 127.0.0.1:22. Here's a guide: Docker Private Share | Zrok. The Docker container uses the --headless option too, and has the added benefit of providing process management for things like auto-start after a reboot, which you could also achieve by creating a systemd service definition if you prefer to avoid Docker.

If you do feel like using Docker and you get to the part about downloading the Compose file for the share, then you can edit this part to have network_mode: host.

  zrok-private-share:
    network_mode: host
    image: docker.io/openziti/zrok
    command: share private --headless --backend-mode tcpTunnel 127.0.0.1:22
    depends_on:
      zrok-enable:
        condition: service_completed_successfully
    volumes:
      - zrok_env:/mnt/.zrok
    environment:
      HOME: /mnt
      PFXLOG_NO_JSON: "true"

This doesn't mean you have to use Docker on the ssh client side, but you could if you want.