Reference:
https://www.zsythink.net/archives/2450
https://luckyfuture.top/ssh-tunnel#SSH%E9%9A%A7%E9%81%93
https://zhuanlan.zhihu.com/ p/561589204?utm_id=0
1. SSH tunnel (build an SSH tunnel to bypass the firewall):
In addition to login, the ssh command also has a proxy forwarding function.
SSH tunnel is a mechanism in SSH. It can forward network data of other TCP ports through SSH connections, and automatically provides corresponding encryption and decryption services. Because SSH provides a secure channel for other TCP links to transmit, this process is also called "tunneling".
SSH tunnel can also be called port forwarding
SSH tunnels provide two major functions:
1) Encrypt communication data between SSH Client and SSH Server.
2) Break through firewall restrictions and complete some TCP connections that could not be established before
SSH provides a total of 3 types of port forwarding, namely local forwarding (-L parameter), remote forwarding (-R parameter) and dynamic forwarding (-D parameter)
-C:压缩传输,提高传输速度。
-f:将SSH传输转人后台执行,不占用当前的Shell。
-N:建立静默连接(建立了连接,但是看不到具体会话)。
-g:允许远程主机连接本地用于转发的端口。
-L:本地端口转发。
-R:远程端口转发
-D:动态转发(socks代理)
-P:指定SSH端口
example:
ssh -p 31022 -NL 7860:192.168.1.1:7860 [email protected]
SSH tunnel, which transmits data encrypted and securely. Through this tunnel, a secure communication channel can be established between the local machine and the remote server.
Specifically, the parameter -NL in this command means to create a local port forwarding. It connects port 7860 of the local machine to port 192.168.1.1:7860 of the remote server. In fact, when the local machine receives a request for the local port 7860, the request will be forwarded to the remote server's port 192.168.1.1:7860.
Communication established through this tunnel is secure because SSH uses encryption to protect data transmission. This means that the data transferred between the local machine and the remote server is encrypted and only both ends with the correct key can decrypt and read the data
or:
ssh -L 9906:10.1.0.2:3306 [email protected]
The above command means to establish an ssh tunnel from the local machine (ServerA) to ServerB (10.1.0.2), use the local port forwarding mode, and listen to the local 9906 port of ServerA. When accessing the 9906 port of the local machine, the communication data will be forwarded to Port 3306 of ServerB (10.1.0.2).
Ssh software generally also has an entrance:
2. The local computer LAN can be accessed through the external network
Reference: https://www.youtube.com/watch?v=4kCQICjI298
Explanation of the overall framework steps in the above figure:
1. On the far left of the intranet computer, there is a service such as a file server python -m http.server, which is started here Port 8000
2. In the middle of the public network server, the Alibaba Cloud server used here, open the terminal to open the 9999 tcp port, and then open the sshd related services
echo "GatewayPorts yes" >> /etc/ssh/sshd _config
echo "AllowTcpForwarding yes”>> /etc/ssh/sshd _config
systemctl restart sshd
In addition: netstat -anp |grep 9999 can check the port monitoring status
3. Then create an ssh tunnel on the leftmost computer.
9999 is the intermediate remote server port, 127.0.0.1:8000 is the local static server port, and root@8****4 -p 22 is the external public IP and port of the remote server.
ssh -NR 9999:127.0.0.1:8000 -f root@8****4 -p 22
4. On the right side of other external computers, you can enter the intermediate remote server IP and the port 9999 to which the port is forwarded to access the local computer.
8****4:9999
