SSHtunnel隧道技术-创新互联

概述

常用的隧道技术有三种: 本地(L), 远程(R)和动态端口转发(D)

创新互联建站是少有的成都网站设计、成都网站建设、营销型企业网站、重庆小程序开发、手机APP,开发、制作、设计、外链、推广优化一站式服务网络公司,于2013年成立,坚持透明化,价格低,无套路经营理念。让网页惊喜每一位访客多年来深受用户好评

命令格式:

  1. ssh -C -f -N -g -L lPort:dHost:dPort user@rHost // 与rHost建立安全连接, 监听lPort, 将所有对lPort的请求通过rHost转发到dHost:dPort
  2. ssh -C -f -N -g -R rPort:dHost:dPort user@rHost // 与rHost建立安全连接, 监听rport, 将所有对rPort的请求通过rHost转发到dHost:dPort
  3. ssh -C -f -N -g -D lPort user@Tunnel_Host

Samples:

- ssh -N -f -R 2222:127.0.0.1:22 123.123.123.123

- This example creates a tunnel for HTTP. This will forward port 80 of your localhost to port 80 of www.example.com.

ssh -f -N -q -L 80:localhost:80 username@www.example.com

- This example creates a tunnel for IMAP. Here we forward port 1143 on localhost to 143 (IMAP) on imap.example.com.

ssh -f -N -q -L 1143:localhost:143 username@imap.example.com

- This creates a tunnel from your localhost port 81 to 192.168.1.69 port 80 through dmz.example.com. This lets you see the web server from outside a LAN.

ssh -f -N -q -L 81:192.168.1.69:80 username@dmz.example.com

- This example creates a tunnel for SSH itself, over localhost port 2222.

ssh -f -N -q -L 2222:target-host.example.com:22 username@dmz.example.com

- This example creates a tunnel for IMAP. Here we forward port 1143 on localhost to 143 (IMAP) on 192.168.1.100 through dmz.example.com.

ssh -f -N -q -L 1143:192.168.1.100:143 username@dmz.example.com

- VNC Viewer uses port 5900. This shows a double-hop.

# localhost  --> wan-gateway  -->  dmz-gateway  -->  vnc-console
ssh -L 5900:localhost:5900 root@wan-gateway.example.com
ssh -L 5900:vnc-console.example.com:5900 root@dmz-gateway.example.com
* reverse port forwarding

This is used in the following situation:

  • You have a server inside a private LAN that you want to connect to from the WAN outside.
  • You can't create a NAT and port forwarding on your firewall to map the machine to the outside.
  • You have a server outside that you can connect to from the server inside the LAN.

- What this does is creates a connection from the server in the LAN to the server outside. Once that connection is established the server outside starts listening on port 2222. All connections to port 2222 are sent back to port 22 of the server in the LAN. Now you can leave this connection running in your office; go home and ssh to your proxy server at port 2222 and you will be connecting to your server inside the LAN on port 22.

ssh -f -N -q -R 2222:localhost:22 my_name@remote.example.com
* tricky reverse forwarding

- This allows a server on an internal LAN expose a service to the outside WAN. For example, I have a database server that will only accept connections from a specific development box. That dev box is inside the firewall. I want to connect to the database from outside the firewall.

ssh -t -L 5432:localhost:1999 my_name@firewall.example.com ssh -t db_server ssh -t -R 1999:127.0.0.1:5432 my_name@firewall
- Using scp through a DMZ gateway to a machine behind a firewall using a tunnel

First you setup port forwarding through an intermediary. This forwards your localhost port 2222 to port 22 on 192.168.1.100. Remember, that 192.168.1.100 is not on your local network; 192.168.1.100 is on the LAN network shared with 208.77.188.166.

ssh -f -N -q -L 2222:192.168.1.100:22 user@208.77.188.166
scp -P 2222 transformers.avi user@localhost:.

A diagram might help. Remember, port 22 is the SSH server port on the 192.168.1.100 machine.

+---------------+        +----------------+        +----------------------+
|     your      |        |  remote DMZ    |        | server on remote LAN |
| local machine |        |    server      |        |    192.168.1.100     |
|               |        | 208.77.188.166 |        |                      |
|         2222:  >-------|                |-------> :22                   |
|               |        |\______________/|        |                      |
|               |        |                |        |                      |
+---------------+        +----------------+        +----------------------+

-f Fork into background after authentication

-C Enable compression

-N Do not execute a shell or command. 不执行脚本或命令,通常与-f连用。

-g Allow remote hosts to connect to forwarded ports.

Reference

http://noah.org/wiki/SSH_tunnel (En, very good)

http://netsecurity.51cto.com/art/201304/390460.htm

另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


文章名称:SSHtunnel隧道技术-创新互联
链接分享:http://pwwzsj.com/article/idjgs.html