Teach you how to remotely connect to the "intranet" server via "SSH"

Preface

Recently the blogger's laboratory is moving. Because the server can only be used when connected to the intranet, after moving, you will not be able to connect to the public network to use the server. This is indeed very distressing, so this article will mainly explain how to use it. Public network server SSH connects to intranet server

System Configuration

• Intranet server: Ubuntu 18.04
• Public server: CentOS 7.9

plan

The following summarizes various ways to access intranet services from the public network:

1, Use remote desktop such as TeamViewer. However, both parties need to install the TeamViewer software and the versions must be consistent. Although it is available, it is troublesome

2, Use peanut shell software for DDNS analysis. Although available, the free version has bandwidth limitations and is not ideal for use.

3.Build a frp server for intranet penetration. It can achieve good speeds and can open any desired port, allowing devices on the intranet or behind a firewall to provide services to the outside world. Itsupports many protocols such as HTTP, TCP, and UDP< /span>, recommended.

To sum up, this article will build the frp service on the public network server to perform intranet penetration to achieve the effect of SSH connecting to the intranet server.

introduce

frp is a high-performance reverse proxy application focusing on intranet penetration, supporting TCP, UDP, HTTP, HTTPS and more protocol and supports P2P communication. Intranet services can be exposed to the public network through transit with public network IP nodes in a safe and convenient way

Note: Intranet penetration, simply put, means that the data of the intranet can be obtained by the external network and can be mapped to the public network, so that the data of the intranet can be accessed on the public network.

官网仓库：fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. (github.com)

Official documentation:Documentation | frp (gofrp.org)

Installation and deployment

This article corresponds to the official document:Access intranet machines through SSH | frp (gofrp.org)

download

We need to download the frp installation package on the client and server respectively.

wget https://github.com/fatedier/frp/releases/download/v0.51.3/frp_0.51.3_linux_amd64.tar.gz 

Then unzip the installation package

tar -zxvf frp_0.51.3_linux_amd64.tar.gz

Show file content

# ls -l
total 30784
-rw-r--r--. 1 1001 docker    11358 Aug 14 12:09 LICENSE
-rwxr-xr-x. 1 1001 docker 14290944 Aug 14 12:04 frpc
-rw-r--r--. 1 1001 docker      126 Aug 14 12:09 frpc.ini
-rw-r--r--. 1 1001 docker    12669 Aug 14 12:09 frpc_full.ini
-rwxr-xr-x. 1 1001 docker 17186816 Aug 14 12:04 frps
-rw-r--r--. 1 1001 docker       26 Aug 14 12:09 frps.ini
-rw-r--r--. 1 1001 docker     5933 Aug 14 12:09 frps_full.ini

Among them frpc is used by the intranet server, and frps is used by the public network server

Configuration

Finally we need to fill in the configuration file. First we modify the frps.ini file on the public network server

# frps
[common]
bind_port = 7000

Then modify the frpc.ini file on the intranet server. Assume that the public IP of the server where frps is located is x.x.x.x

# frpc
[common]
# tls_enable 防止启动报错 login to server failed: EOF
tls_enable = true
server_addr = x.x.x.x
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

Note:Public network server needs to be enabled6000 7000 Port firewall and security group configuration

Finally, start the client and server respectively.

# 服务端
./frps -c ./frps.ini
# 客户端
./frpc -c ./frpc.ini

Then we use SSH locally to access the intranet machine, assuming that we use the test user to connect

ssh -oPort=6000 [email protected]
# 或是
ssh [email protected]:6000

frp will forward the traffic requesting x.x.x.x:6000 to port 22 of the intranet machine

System Configuration

Finally, we can start the service through systemd and configure it to start automatically at boot to facilitate subsequent operations

Official configuration document:Use systemd | frp (gofrp.org)

Server

First we can create and edit frps.service files on the frp server

vim /etc/systemd/system/frps.service

Write content

[Unit]
# 服务名称，可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# 启动frps的命令，需修改为您的frps的安装路径
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini

[Install]
WantedBy = multi-user.target

The command to copy files is as follows

cp ./frps /usr/bin/frps
mkdir /etc/frp
cp ./frps.ini  /etc/frp/frps.ini

Common commands

# 启动frp
systemctl start frps
# 停止frp
systemctl stop frps
# 重启frp
systemctl restart frps
# 查看frp状态
systemctl status frps

Configure frps to start automatically at boot

systemctl enable frps

client

This is basically similar to the server configuration, so it will be briefly described.

vim /etc/systemd/system/frpc.service

[Unit]
Description = frp client
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini

[Install]
WantedBy = multi-user.target

sudo cp ./frpc /usr/bin/frpc
sudo mkdir /etc/frp
sudo cp ./frpc.ini  /etc/frp/frpc.ini

sudo systemctl start frpc
sudo systemctl enable frpc

Reference link

• How to connect to the intranet server via SSH from the external network? - Zhihu (zhihu.com)
• How to connect to the lab server at home - Zhihu (zhihu.com)
• Machine Learning - How to access intranet machines at home? - Personal article - SegmentFault Sifu
• How to remotely connect to the laboratory server at home - Volcengine (volcengine.com)
• Configure intranet penetration for the laboratory server to avoid intranet embarrassment and you can use the server at home~_Use realvnc in intranet-CSDN Blog
• How to make your web project achieve intranet penetration (freecodecamp.org)

This article is published by the blog post platform OpenWrite!