SSH使用技巧

ssh sockt5 代理

ssh -qTNf -D 127.0.0.1:9999 root@remotehost

上述命令在本地搭建一个sockt5服务器,端口为9999

执行后在本地浏览器或者网络设置中设置sockt5代理

ssh tunnel trick ssh tunnel使用技巧

可以使用tunnel实现通过跳板机(jumpserver)访问指定的远程服务器(remote server),一般情况下主要使用本地端口转发

前提:

jumpserver要设置允许进行端口转发


AllowTcpForwarding no

AllowStreamLocalForwarding no

GatewayPorts no

PermitTunnel no

上述参数要设置为yes

场景:

本地无法直接访问远程服务器(remote server)的服务,比如db服务器不允许直接本地访问等情况

可以通过配置一台jumpserver来实现访问remote server

基本原理:

通过本地端口转发,将本地端口通过jumpserver映射到远程(destination server)端口

端口转发原理

效果:

访问本地被转发的端口就像在jumpserver上访问被映射的远程的端口一样,即只要jumpserver有权限访问远程服务器(remote server)的端口服务

通过tunnel本地端口转发(-L选项)就可以实现在本地访问远程服务器

示例:

ssh -L localport:remotehost:port user@jumpserver


ssh -L 80:172.168.2.10:80 root@172.168.2.1

上述命令实现了将本地端口80,通过jumpserver(172.168.2.1)转发到远程服务器(remote server)172.168.2.10的80端口

即在本地访问localhost:80等同于在jumpserver访问172.168.2.10:80

端口转发支持通过转发多个端口,格式为:ssh -L localport:remotehost:port -L localport:remotehost:port user@jumpserver

例如:


ssh -L 80:172.168.2.10:80 -L 8080:172.168.2.10:8080 user@jumpserver

参考:

SSH port forwarding is a mechanism in SSH for tunneling application ports from the client machine to the server machine, or vice versa. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into the internal network from their home machines. It can also be abused by hackers and malware to open access from the Internet to the internal network. See the SSH tunneling page for a broader overview.

OpenSSH Manual Pages

ssh man

ssh tunnel

ssh tunnel example