[转]使用 ssh -R 穿透局域网访问内部服务器主机,反向代理 无人值守化 使用 ssh -R 穿透局域网访问内部服务器主机,反向代理 无人值守化

其他 2019-01-12 16:54:40 阅读次数: 0

原文: https://www.cnblogs.com/phpdragon/p/5314650.html

------------------------------------------------------------------------

使用 ssh -R 穿透局域网访问内部服务器主机,反向代理 无人值守化

 

一、搭建SSH方向代理

准备:

局域网主机(虚拟主机): 192.168.6.233   CentOS 6.7

阿里云服务器:120.25.68.60   CentOS 6.7

1. 阿里云服务器120.25.68.60上需要修改sshd_config配置文件:

[[email protected] ~]# vi /etc/ssh/sshd_config
GatewayPorts yes
[[email protected] ~]# service sshd reload
Reloading sshd: [  OK  ]
 

2. 通过局域网虚拟机192.168.6.233 连接到120.25.68.60开启反向端口代理,输入阿里云服务器密码.

[email protected]:~ # ssh -CqTfnN -R 0.0.0.0:7233:192.168.6.233:22 [email protected]
[email protected]'s password:

3.在阿里云服务器120.25.68.60上可以看到这个监听.

[[email protected] ~]# netstat -anp | grep 7233
tcp        0      0 0.0.0.0:7233                0.0.0.0:*                   LISTEN      2392/sshd  
tcp        0      0 :::7233                     :::*                        LISTEN      2392/sshd

4.现在到其他客户机上连接阿里云服务器120.25.68.60的7233端口,输入局域网虚拟主机192.168.6.233的主机密码.

复制代码 
[[email protected] ~]# ssh -p 7233 [email protected]
[email protected]'s password:
Last login: Thu Mar 24 11:01:15 2016 from 192.168.6.233


[root@phpdragon_233 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:34:8B:4D
          inet addr:192.168.6.233  Bcast:192.168.6.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe34:8b4d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1321125 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1232406 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:450626290 (429.7 MiB)  TX bytes:273698355 (261.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:524375 errors:0 dropped:0 overruns:0 frame:0
          TX packets:524375 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43705227 (41.6 MiB)  TX bytes:43705227 (41.6 MiB)
复制代码

到这里反向代理的测试完成,功能OK.

二、反向代理无人值守化

1.设置局域网主机192.168.6.233免密码登录到阿里云120.25.68.60. 参见 http://www.cnblogs.com/phpdragon/p/4521116.html

ssh-keygen -t rsa -P ''
scp ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub_233
ssh -l root 120.25.68.60 cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys
扫描二维码关注公众号,回复: 4887141 查看本文章

2.阿里云服务器编写ssh代理关闭脚本 kill_ssh_agent.sh

复制代码 
#!/bin/sh

if [ -n "$1" ] && [ "$1" -gt "0" ];then
    PID=$(netstat -anp | grep $1 | awk '/sshd/ && !/awk/{print $7}')
    PID=${PID%%/*}

    if [ -n "${PID}" ];then
        kill -9 $PID && exit 0
    fi
fi

exit 1
复制代码

3.客户端编写代理链接守护脚本 ssh_agent_deamon.sh

复制代码 
#########################################################################
# File Name: ssh_agent_deamon.sh
# Author: phpdragon
# mail: [email protected]
# Created Time: Thu 24 Mar 2016 01:55:49 PM CST
#########################################################################
#!/bin/bash

ROMOTE_USERNAME=root
ROMOTE_SERVER_IP="120.25.68.60"
ROMOTE_PORT=7233 
###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]*:\([0-9.]\{7,15\}\) .*/\1/p'|grep -v 127.0.0.1 ]
LOCALHOST_IP=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
LOCALHOST_PORT=22

while true ;
do
    PID=$(ssh -l root ${ROMOTE_SERVER_IP}  netstat -anp | grep ${ROMOTE_PORT} | awk '/sshd/ && !/awk/{print $7}')
    PID=${PID%%/*}
    if [ -n "$PID" ] && [ "$PID" -gt "0" ];then
        sleep 30s
    else
        /usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT}
        /usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP}
    fi
done

exit 0
复制代码

4.设置ssh连接为长连接

vi /etc/ssh/sshd_config

#每1分钟发送一个心跳信号给客户端
ClientAliveInterval 60
#最大超时次数,客户端不响应则关闭连接
ClientAliveCountMax 3

5.设置为随机启动

vi /etc/rc.local

/bin/sh /data/ssh_agent_deamon.sh &

到此设置完毕。

PS:

http://blog.163.com/digoal@126/blog/static/163877040201451464251856

http://www.cnblogs.com/wangkangluo1/archive/2011/06/29/2093727.html

http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html

http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html

 
分类:  读书笔记IT, 运维

一、搭建SSH方向代理

准备:

局域网主机(虚拟主机): 192.168.6.233   CentOS 6.7

阿里云服务器:120.25.68.60   CentOS 6.7

1. 阿里云服务器120.25.68.60上需要修改sshd_config配置文件:

[[email protected] ~]# vi /etc/ssh/sshd_config
GatewayPorts yes
[[email protected] ~]# service sshd reload
Reloading sshd: [  OK  ]
 

2. 通过局域网虚拟机192.168.6.233 连接到120.25.68.60开启反向端口代理,输入阿里云服务器密码.

[email protected]:~ # ssh -CqTfnN -R 0.0.0.0:7233:192.168.6.233:22 [email protected]
[email protected]'s password:

3.在阿里云服务器120.25.68.60上可以看到这个监听.

[[email protected] ~]# netstat -anp | grep 7233
tcp        0      0 0.0.0.0:7233                0.0.0.0:*                   LISTEN      2392/sshd  
tcp        0      0 :::7233                     :::*                        LISTEN      2392/sshd

4.现在到其他客户机上连接阿里云服务器120.25.68.60的7233端口,输入局域网虚拟主机192.168.6.233的主机密码.

复制代码 
[[email protected] ~]# ssh -p 7233 [email protected]
[email protected]'s password:
Last login: Thu Mar 24 11:01:15 2016 from 192.168.6.233


[root@phpdragon_233 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:34:8B:4D
          inet addr:192.168.6.233  Bcast:192.168.6.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe34:8b4d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1321125 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1232406 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:450626290 (429.7 MiB)  TX bytes:273698355 (261.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:524375 errors:0 dropped:0 overruns:0 frame:0
          TX packets:524375 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43705227 (41.6 MiB)  TX bytes:43705227 (41.6 MiB)
复制代码

到这里反向代理的测试完成,功能OK.

二、反向代理无人值守化

1.设置局域网主机192.168.6.233免密码登录到阿里云120.25.68.60. 参见 http://www.cnblogs.com/phpdragon/p/4521116.html

ssh-keygen -t rsa -P ''
scp ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub_233
ssh -l root 120.25.68.60 cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys

2.阿里云服务器编写ssh代理关闭脚本 kill_ssh_agent.sh

复制代码 
#!/bin/sh

if [ -n "$1" ] && [ "$1" -gt "0" ];then
    PID=$(netstat -anp | grep $1 | awk '/sshd/ && !/awk/{print $7}')
    PID=${PID%%/*}

    if [ -n "${PID}" ];then
        kill -9 $PID && exit 0
    fi
fi

exit 1
复制代码

3.客户端编写代理链接守护脚本 ssh_agent_deamon.sh

复制代码 
#########################################################################
# File Name: ssh_agent_deamon.sh
# Author: phpdragon
# mail: [email protected]
# Created Time: Thu 24 Mar 2016 01:55:49 PM CST
#########################################################################
#!/bin/bash

ROMOTE_USERNAME=root
ROMOTE_SERVER_IP="120.25.68.60"
ROMOTE_PORT=7233 
###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]*:\([0-9.]\{7,15\}\) .*/\1/p'|grep -v 127.0.0.1 ]
LOCALHOST_IP=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
LOCALHOST_PORT=22

while true ;
do
    PID=$(ssh -l root ${ROMOTE_SERVER_IP}  netstat -anp | grep ${ROMOTE_PORT} | awk '/sshd/ && !/awk/{print $7}')
    PID=${PID%%/*}
    if [ -n "$PID" ] && [ "$PID" -gt "0" ];then
        sleep 30s
    else
        /usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT}
        /usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP}
    fi
done

exit 0
复制代码

4.设置ssh连接为长连接

vi /etc/ssh/sshd_config

#每1分钟发送一个心跳信号给客户端
ClientAliveInterval 60
#最大超时次数,客户端不响应则关闭连接
ClientAliveCountMax 3

5.设置为随机启动

vi /etc/rc.local

/bin/sh /data/ssh_agent_deamon.sh &

到此设置完毕。

PS:

http://blog.163.com/digoal@126/blog/static/163877040201451464251856

http://www.cnblogs.com/wangkangluo1/archive/2011/06/29/2093727.html

http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html

http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html

猜你喜欢

转载自www.cnblogs.com/oxspirt/p/10260156.html
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
周排行
Python环境安装与基础语法(1)——计算机基础知识
IMU预积分
ADAS中的LDW、FCW、BSD、LCA、ACC、AEB、APA、DMS代表的含义
B站笔试两道题
skyeye arm 硬件虚拟机环境的搭建
Web前端静态页面示例
数组-合并排序数组 II-简单
springcloud之版本问题启动报错
面向对象-------------匿名对象(六)
输入URL到页面呈现中间发生了什么?
每日归档
更多
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022