##A | 10.21.32.106 | gdut728 | Target Server, located in Internal network
|
B | 123.123.123.123 | root |
External network Server, equivalent to the role of a bridge
|
PS: 123.123.123.123 was just randomly created by me. Please don’t attack other people’s servers.
2. Solution:
In layman’s terms: it’s Use machine A as a reverse proxy for machine B; then use machine B as a forward proxy to forward local ports
2.1 Preparations before implementation
Required for each machineInstallssh client.
Here I am using centos7, which comes with ssh. If you are using another version of Linux, please Google it manually.
2.2 Introduce the ssh parameters used:
Reverse proxy
ssh -fCNR
Forward proxy
ssh -fCNL
-f 后台执行ssh指令
-C 允许压缩数据
-N 不执行远程指令
-R 将远程主机(服务器)的某个端口转发到本地端指定机器的指定端口
-L 将本地机(客户机)的某个端口转发到远端指定机器的指定端口
-p 指定远程主机的端口
******************区分大小写啊各位亲******************
Copy after login
3. First operate on A:
Establish a reverse proxy from machine A to machine B, specific instructions For
ssh -fCNR [B机器IP或省略]:[B机器端口]:[A机器的IP]:[A机器端口] [登陆B机器的用户名@服务器IP]
Copy after login
Here I used the 7280 port of the B machine and the 22 port of the A machine. According to the above instructions, the operation is like this
ssh -fCNR 7280:localhost:22 root@123.123.123.123
Copy after login
Check whether it has been started and can be usedps aux | grep sshCommand to view:
4. Then operate on B:
Create B machine Forward proxy is used for forwarding. The specific instructions are
ssh -fCNL [A机器IP或省略]:[A机器端口]:[B机器的IP]:[B机器端口] [登陆B机器的用户名@B机器的IP]
Copy after login
According to the instructions entered in step 3, the port of machine B here is consistent with the port of machine B above. Port 1234 is also machine B. of.
ssh -fCNL *:1234:localhost:7280 localhost
Copy after login
To check whether it has been started, you can use the ps aux | grep ssh command to check:
## In this case, port 1234 is local The forwarding port is responsible for communicating with the external network and forwarding data to port 7280, which enables access from other machines. At the same time, the * sign indicates that it can accept access from any IP.
5. It’s time to show the miracleNow that we have configured the AB machine, we can log in to the intranet from a computer on the external network. Since my current computer is on the internal network and the servers are all on the external network (that is, the configured machine B), I can connect to machine A on my internal network through machine B. The specific instructions are:
ssh -p1234 gdut728@123.123.123.123
Copy after login
#6. This reverse proxy method is unstableUnfortunately, this ssh reverse link will fail due to timeout Close. If it is closed, the channel connecting the external network to the internal network cannot be maintained. For this reason, we need another method to provide a stable ssh reverse proxy tunnel. 6.1 Each time ssh reconnects, you need to enter the password, so first set up a password-free login to the intranet Execute on machine A on the intranet:
ssh-copy-id 内网用户名@外网IP -p指定转发的端口
Copy after login
ssh-copy-id gdut728@123.123.123.123 -p1234
Copy after login
After that, machine A on the internal network can log in to machine B on my external network via ssh without a password. La~ To check whether password-free login can be used, you can use the following command to check:
ssh root@123.123.123.123
Copy after login
##6.2 Use autossh to establish a stable tunnel
centos7
autossh is not installed by default, so use the following command to install <div class="code" style="position:relative; padding:0px; margin:0px;"><pre class="brush:php;toolbar:false">yum install autossh</pre><div class="contentsignin">Copy after login</div></div> to see the specific autossh instructions for the parameters and parameters of
autossh -M 7281 -fCNR 7280:localhost:22 root@123.123.123.123
Copy after login
The parameters of ssh are the same, but the difference is that when the tunnel is disconnected, autossh will automatically reconnect but ssh will not. Another difference is the -M parameter that we need to point out. This parameter specifies a port. This port is used by machine B on the external network to receive information from machine A on the internal network. If the tunnel is not normal, it will be returned to machine A for him to reconnect. .
#7. Finally, configure Linux to automatically start autossh at boot, eliminating the trouble of starting autossh yourself after restarting Linux
Input:
vi /etc/rc.d/rc.local
autossh -M 7281 -fCNR 7280 :localhost:22 root@123.123.123.123
Because after centos7, the function of directly modifying /etc/rc.d/rc.local to start the script automatically takes effect Because of the modification, you need to re-grant executable permissions
and then enter
chmod +x /etc/rc.d/rc.local<a href="http://www.php.cn/wiki/1294.html" target="_blank"></a>
8. Conclusion:
Finally the configuration is complete. It is unclear whether it will be disconnected. Let’s see what happens tomorrow and then update. If there is anything wrong, please correct me~
Refer to the following website
SSH into the LAN from the external network, reverse proxy + forward proxy solution
Use SSH reverse tunnel for intranet penetration
The above is the detailed content of Use ssh reverse proxy and autossh to connect to the internal network from the external network. For more information, please follow other related articles on the PHP Chinese website!
remove means
How to set the computer to automatically connect to WiFi
How to use html for web navigation
What are the methods to implement operator overloading in Go language?
Detailed explanation of nginx configuration
Introduction to javascript special effects code
Recommended order for learning c++ and c language
How to buy Bitcoin
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
