SSH principle and application (b): remote operation and port forwarding
Then a former article , continue to introduce SSH usage.
=======================================
SSH principle and application (b): remote operation and port forwarding
Author: Ruan Yifeng
(Image credit: Tony Narlock)
Seven, remote operation
SSH not only for remote login, you can also perform operations directly on the remote host.
On an operation is an example:
$ ssh user@host 'mkdir -p .ssh && cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub
Single quotes intermediate section, showing operation performed on a remote host; behind the input redirection, SSH represents data transmitted to the remote host.
That is to say, SSH can between the user and the remote host, establish command and data transmission channels, so many things can all be done via SSH.
Let's look at a few examples.
【Example 1】
All $ HOME / src / directory of files copied to the remote host's $ HOME / src / directory.
$ cd && tar czv src | ssh user@host 'tar xz'
[Example 2]
All remote hosts $ HOME / src / directory of files copied to the user's current directory.
$ ssh user@host 'tar cz src' | tar xzv
[Example 3]
Check whether the remote host running processes httpd.
$ ssh user@host 'ps ax | grep [h]ttpd'
Eight, local port binding
Since SSH can transmit data, so we can not let those encrypted network connection, all the change to go SSH connection, thus improving safety.
Suppose we let the data port 8080, are transmitted to a remote host via SSH, the command would write:
$ ssh -D 8080 user@host
SSH creates a socket, to monitor the local 8080 port. Once the data is transmitted to that port, automatically transfer it to above the SSH connection, destined for a remote host. Imagine, if 8080 turns out to be a non-encrypted port, now becomes an encrypted port.
Nine, local port forwarding
Sometimes, local port binding is not enough, you must also specify the target host data transfer, so as to form a "port forwarding" point to point. To distinguish later "Remote Port Forwarding," we put it, "local port forwarding" (Local forwarding).
Assumes that the local host is host1, host2 is the remote host. For various reasons, it can not be communication between the two hosts. However, a host3 addition, the front two hosts can be in communication simultaneously. Therefore, it is natural idea is, by host3, even on the host1 host2.
We execute the following command in host1:
$ ssh -L 2121:host2:21 host3
Command parameter L received a total of three values, namely, "Local Port: target host: port target host", separated by a colon between them. This command means, is designated SSH bind the local port 2121, and then specify host3 all the data forwarded to port 21 of the target host host2 (assuming that host2 running FTP, the default port is 21).
As a result, as long as we connect host1 port of 2121, equivalent to 21 connected to the port of host2.
$ ftp localhost:2121
"Local port forwarding" is formed such that if a secret data transmission tunnel between host1 and host3, it is also referred to as "the SSH tunnels."
Here is an interesting example.
$ ssh -L 5900:localhost:5900 host3
It shows a 5900 port 5900 port binding machine according host3 (localhost herein refers host3, because the target host is host3 relative terms).
Another example is host3 through port forwarding, ssh login host2.
$ ssh -L 9001:host2:22 host3
At this time, as long as the ssh port of the machine to log 9001, equivalent to a login host2.
$ ssh -p 9001 localhost
The above represents the -p parameter to specify the login port.
Ten, remote port forwarding
Since the "local port forwarding" refers to forward local port binding, then the "remote port forwarding" (remote forwarding) course, is forwarded to bind remote port.
Then look at the example above is not communication between host1 and host2, you must use host3 forward. However, special circumstances occurred, host3 is a machine within the network, it can connect host1 outside the network, but the reverse is not, host3 host1 Rom within the network outside the network. At this time, "local port forwarding" can not be used, how to do?
The solution is, since host3 can even host1, then establish a connection with SSH host1, and then use this connection on host1 on it from the host3.
We execute the following command in host3:
$ ssh -R 2121:host2:21 host1
R parameter also accepts three values, namely the "remote host port: Destination Host: target host port." This command means, is to make its own host1 monitor port 2121, then all the data via host3, forwarded to port 21 of host2. Due to host3 it, host1 is the remote host, so this situation is called "remote port binding."
After binding, we can connect in host2 host1:
$ ftp localhost:2121
Here it must be noted that "remote port forwarding" prerequisite, host1 and host3 two hosts have sshD and ssh client.
XI. Other parameters of SSH
SSH and some other parameters, but also worthy introduction.
N parameter, indicates only connect the remote host, without opening remote shell; T parameter indicates the connection is not allocated TTY. The two parameters can be put together with the representatives of the SSH connection only used to transfer data, the remote operation is not performed.
$ ssh -NT -D 8080 host
f parameter represents the SSH connection is successful, into the background. This way, you can perform other operations in the local shell without interrupting SSH connection.
$ ssh -f -D 8080 host
To turn off the background connection, only use the kill command to kill the process.
XII References
* SSH, The Secure Shell: The Definitive Guide: 2.4. Authentication by Cryptographic Key, O'reilly
* SSH, The Secure Shell: The Definitive Guide: 9.2. Port Forwarding, O'reilly
* Shebang: Tips for Remote Unix Work (SSH, screen, and VNC)
* brihatch: SSH Host Key Protection
* brihatch: SSH User Identities
* IBM developerWorks: combat SSH port forwarding
Jianing YANG *: SSH Tunnel Technical Overview
* WikiBooks: Internet Technologies/SSH
* Buddhika Chamith: SSH Tunneling Explained