ssh instructions
SSH (secure shell) is an encrypted network transmission protocol that can provide a secure transmission environment for network services in an insecure network (this is very important); SSH realizes the SSH client and the SSH client by creating a secure tunnel in the network. connections between servers. People typically use SSH to transfer command line interfaces and execute commands remotely; SSH also supports tunneling protocols, port mapping, and X11 connections. With the help of SFTP or SCP protocol, you can also transfer files, etc.; gossip is not said, if you need to know more about ssh, please search
by yourself; the place where we usually touch the most ssh (protocol) is through xshell xmanager or linux shell through ssh tools to log in to class unix system; other cognition may not be too much, but it doesn't matter, so do I, but today our dba raised a requirement and needed me to help;
digression:
in the previous interview, I was asked about two IDC's How does the host communicate? The next skills can solve it, but I didn’t think about using vpn at that time. In fact, I don’t need vpn at all, because it has to be deployed, which is not very safe; I will see it later!
scene one:
One server is the company's oracle database (IDC A), which is only open to the internal network for security (that is, the database's private network ip listens); dba usually connects from its own local 127.0.0.1:port through the forward function of xshell on windows To manage the database (xhell does connection forwarding), there is a development machine that is linux (IDC B), and the database needs to be called in the program. ssh tunnel forwarding function; that is, the test machine logs in to the database through the ssh private key; through the ssh port forwarding function, the port listening on the internal network on the database is forwarded to the internal network port on this linux test machine; so that the linux test program can call; so say OK?
Solution:
First, you need to provide private key passwordless authentication login for test Linux on the database (open an account to log in with the private key); then perform ssh login on the test Linux machine for port forwarding; forward the remote port to Local, connect the remote data port through the local port
IDC A database server adds a new login account (passwordless private key login)
IDC B test Linux Log in to IDC A database machine through the following
# ssh -i test -C -f -N -g -L 1521:lanip:1521 [email protected] -p port(sshd)
#说明: -i 私钥
-C 压缩传输
-f 前台运行
-N 不执行远程程序
-g 允许远程端口转发到本地
-L port:host:remote port 即将远程的port转发映射在本地The open redis on a remote public network is forwarded to the local through the ssh tunnel, and the redis is accessed locally
[san@TX_zgws_test02 ~]$ sudo netstat -ntpul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6320 0.0.0.0:* LISTEN 25103/redis-server
....省略....The local machine logs in through ssh and forwards 
the painted part, that is, the public network ip and connection port of this host; it takes a few seconds to execute the command. Do not ctrl+c
Check the local port
san@san-dong:~$ netstat -ntpul
(并非所有进程都能被检测到,所有非本用户的进程信息将不会显示,如果想看到所有信息,则必须切换到 root 用户)
激活Internet连接 (仅服务器)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6320 0.0.0.0:* LISTEN 16968/ssh Accessing the 6320 on the local host 
can be forwarded through the ssh tunnel to forward the local 6320 to the remote 6320. The remote 6320 is not open to the outside world; this bypasses the firewall, how about it, is it very powerful? The two servers were accessed directly through the ssh protocol tunnel before, and there is no need for the VPN's own ssh encryption protection; did you get it?
Scenario two:
Since my office computer is ubuntu on the company's intranet, if I want to access my host (ssh or vnc) when I go home, I can use ssh to simulate it; if the network manager does not map the 22 port of my office computer, I am in The outside cannot be accessed; at this time, it can be achieved in the following ways; the premise is that you must have an external network host; the specific method is to log in to the third-party ssh host through the office computer ssh and put the ssh 22 port on the office computer The access is forwarded to other local ports on the remote host through the ssh tunnel; so that you can access the services of the company's office computer by accessing the local port on the third-party (if you have ddns at home) host; the
architecture is as follows: The 
format is as follows:
ssh -i san -N -f -R 2222:127.0.0.1:22 san@外网主机(域名或公网ip) -p port(sshd)
参数说明:
-R: port:host:hostport 即把本地的22端口在远程主机上映成2222Actual combat:
Perform the following on the company computer before work: 
log in to the public network computer C through ssh and map the local 22 port to 10022 of the public network computer.
After going home, you can log in to the company office by connecting to the 10022 of the public network computer C. computer;
[san@TX_zgws_test02 ~]$ ssh [email protected] -p 10022As shown in the figure:
In this way, you can access the company's office computer through the public network computer C (if the home is accessible by ddns), the public network computer C is saved; the premise is that the computer supports the ssh protocol. Research;
if you think it's great, get it, don't go, give it a like?
Replenish:
Let's talk about the rebound Trojan horse
The so-called Trojan is a program in the computer; the purpose is to run secretly and open a socket connection or service port to wait for others to connect, and the other party can do whatever he wants as long as he is happy; this method has a public network ip on all computers. It is easy to use (or in a network segment); it is not popular anymore, most of the Internet access is through a public network ip proxy Internet (DNAT) method, it doesn't matter if you don't understand it; you are surfing the Internet in the company (mobile 4G is also) This is the mode, What it shows is that everyone in the company has the same egress public network ip; with this NAT and firewall, even if your computer is hit with such a Trojan horse waiting for the other party to connect, he will not be able to get in; so smart hackers think Another trick, I can't get in, but I can get out; by the way, most enterprise firewalls only prevent the outside from entering the enterprise. Generally, there are few restrictions on going out of the enterprise. Therefore, in general, enterprises only disable some obviously problematic protocols or ports; most of the outgoing ports are not restricted; in
this way, after you plant a Trojan horse on your computer, the Trojan horse will actively contact the outside machine and do tunnel mapping forwarding, just like The above scenario; then bypass your computer and the company's firewall; the other party can manipulate your computer in this way; this is the so-called rebound Trojan, is the principle very similar? I will see it on my computer later Be careful if there are unknown connections like the following
sudo netstat -n |grep EST
tcp 0 0 172.16.0.188:54032 x.x.x.x:22 ESTABLISHED
The above is the test I just did. Don't be afraid!