Article Directory
Reprinted from the article of Intranet Penetration Tool: No public network IP, SSH remote connection to Linux CentOS server [Intranet Penetration]
In this tutorial, we will implement how to remotely connect to the Linux CentOS server at home/company through SSH in an external public network environment, without the need for a public network IP or setting up a router.
video tutorial
Public network SSH remote Linux CentOS server [intranet penetration]
1. Install cpolar on Linux CentOS
cpolar official website: https://www.cpolar.com/
cpolar supports one-click automatic installation script
- cpolar installation (domestic use)
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
Or cpolar short link installation method: (for foreign use)
curl -sL https://git.io/cpolar | sudo bash
- Check the version number, if the version number is displayed normally, the installation is successful
cpolar version
- Token authentication, log in to the background of the cpolar official website, click the verification on the left to view your own authentication token, and then paste the token in the command line
cpolar authtoken xxxxxxx
- Simple penetration test, if the public network address is generated normally, the penetration is successful, press ctrl+c to exit
cpolar http 8080
- Add a service to the system
sudo systemctl enable cpolar
- Start the cpolar service
sudo systemctl start cpolar
- View the service status, if it is displayed normally,
active
it means that the startup is successful and online
sudo systemctl status cpolar
After cpolar is successfully installed, 2 sample tunnels will be installed by default, which can be edited or deleted by yourself
- website tunnel: use http protocol, pointing to local port 8080
- Ssh tunnel, using tcp protocol, pointing to local port 22
2. Create a TCP tunnel
After installing cpolar intranet penetration locally in the centOS system, visit the local port 9200 of centOS on an external browser, access method: 局域网ip+:9200
, and open the cpolar web ui interface.
After installing cpolar, a tunnel with ssh name will be generated by default. If you have ssh, you can jump directly to view the list of online tunnels, and then connect remotely
隧道管理
If not, we click -- on the left dashboard 创建隧道
, since the ssh connection defaults to port 22, so we need to create a tcp tunnel pointing to port 22:
- Tunnel name: customizable, be careful not to repeat
- protocol: tcp
- Local address: 22
- Domain Type: Choose a random domain name
- Region: Select China VIP
click创建
After creation, open the online tunnel list and check the random public network tcp address
3. Random address public network remote connection
Outside, we can use this public network address to SSH to remotely connect to Linux CentOS. Taking the windows system as an example, we can use the cmd window to remotely connect to centOS
ssh -p 端口号 用户名@公网地址
It should be noted here that since our local port 22 is mapped to port 23075 when it reaches the public network (your public network port may be different), the ssh command needs to add the -p parameter, followed by the public network port number
At the same time, we can also use the xshell tool to connect
4. Fixed TCP address
We successfully connected to the centos system under the LAN through the temporary TCP data tunnel established by cpolar, and can perform indiscriminate operations through this TCP connection tunnel. However, the TCP data tunnel at this time is still a random temporary TCP tunnel, and the port number will change every 24 hours, which is more suitable for system debugging, remote solution to operational problems and other environments.
If we want this data tunnel to exist stably for a long time, we need further settings. First, log in to the cpolar official website, click on the left预留
In the reserved interface, find 保留的TCP地址
the project. Under this item, we fill in some necessary information, such as the tunnel name to identify the data tunnel, the area where the tunnel is used, and so on.
- Region: Select China VIP
- Description: Remarks, which can be customized
then click保留
After the address is successfully reserved, cpolar will return a fixed public network address + fixed public network port number, which is the fixed address of our ssh connection to the centos system, and copy it down
Then we go back to the cpolar web UI management interface, open it 隧道列表
, find the random temporary TCP tunnel created before, and enter 编辑
the page
Paste the tunnel port we obtained on the cpolar official website into the column, and then click the button 预留的TCP地址
below更新
- Port Type: Select instead
固定TCP端口
- Reserved TCP address: fill in the fixed public network address that has just been successfully reserved
click更新
Then check the online tunnel list again and find that the public network address corresponding to the ssh tunnel has become a fixed address reserved by our official website
At this point, we can use commands under other devices and operating systems to connect to the Linux CentOS system stably and easily without worrying about the reset of the data tunnel port number.
5. Use fixed public network TCP address SSH remote
Open cmd and execute the ssh command
ssh -p端口号 用户名@公网地址
It should be noted here that you still need to add the -p parameter, followed by the public network port number
At the same time, you can also connect using the xshell tool.
In summary, it has been successfully realized that SSH can remotely connect to the company/home Linux CentOS server in the external public network environment. It does not require a public network IP or a router. It is simple to map the local port 22 through the cpolar internal network penetration tool. The generated public network address is used for SSH remote connection.