EDITORIAL:
This article contains openssh-server configuration and a configuration reverse proxy server ssh two parts. Both are relatively simple, but the frequency of use is low and easy to forget, so make a note of it.
0. Configure openssh-server
1. Install openssh-server
sudo apt install openssh-server
2. Open the sshd_config file and write the following
sudo vim /etc/ssh/sshd_config
Port 12345 # 设置自己喜欢的ssh访问端口 默认22
PermitRootLogin yes # 允许远程root登录
3. Restart the openssh-server service
sudo systemctl restart sshd
4. Log in to the ssh server
# 端口为22时可省略
ssh username@sshServerIP -p 12345
5. Allow openssh-server to run in the background
sudo systemctl enable sshd
1. SSH achieves intranet penetration
Intranet penetration requires a public network host with a known IP to "stand on guard", receive the login from the intranet host, and maintain the ssh connection.
| Host | username | IP | ssh server port | autossh | Mapped port |
|---|---|---|---|---|---|
| Public network P | p_user | 9.9.9.9 | 10009 | - | 10008 |
| Intranet I | i_user | 1.1.1.1 | 10001 | 10002 | - |
1. Install and configure openssh-server (same as above) on the public network host (P) and internal network host (I), respectively, and configure the ports as 10009 and 10001 respectively
2. Install autossh on the internal network host, this tool is responsible for maintaining the ssh connection (please refer to the ssh related information for why it is maintained)
# 内网 I:
sudo apt install autossh
3. Generate id_rsa on the internal network host
# 内网 I:
ssh-keygen # 这里直接Enter到底 不要设置密码
#查看生成的id_rsa
ls ~/.ssh/
# id_rsa.pub 就是公钥
4. Copy the public key generated by the internal network host to the public network host
# 内网 I:
scp -P 10009 ~/.ssh/id_rsa.pub [email protected]:~/
5. Add the public key to the public network host
# 公网 P:
sudo cat id_rsa.pub >> ~/.ssh/authorized_keys
6. The intranet host actively establishes an autossh connection
# 内网 I:
autossh -M 10002 -NfR 10008:localhost:10001 [email protected] -p 10009
7. Verification
# 公网 P:
ssh i_user@localhost -p 10008
8. Set to automatically establish a connection
after booting. Add the following command to the "Start Application" of Ubuntu and check it.
# 就是第6步的命令
autossh -M 10002 -NfR 10008:localhost:10001 [email protected] -p 10009
There is a problem here, it must be logged in and authenticated before it can be started, and it is impossible to realize the real "startup".
I have tried init.d; rc; systemd and so on to write sh scripts successfully. If you have a correct answer, please let me know, thank you.