Shulou(Shulou.com)06/02 Report--

Ssh is one of the two command-line tools I use most frequently (the other must be vim). With ssh, I can remotely handle all kinds of problems that may arise without having to be physically on the scene.

The hacking of teamviewer has a great impact these days, so the intranet penetration is thought of by remote control, and it is natural to think that ssh port forwarding can also achieve intranet penetration. If you think about it again, it is found that ssh tunnel, or port forwarding, has realized three commonly used network functions: forward proxy, reverse proxy and intranet penetration. I admire its powerful function and convenience in use.

There are three port forwarding modes in ssh, which are briefly introduced in this paper.

Local forwarding

Local Port forwarding (Local Port Forwarding) is a designated port that forwards traffic from a port on a local host to a remote host. Its command line syntax is:-L [bind_address]: localport: [remote _ host]: remote_port. "- L" is the first letter of "local", similar remote forwarding "- R" is the first letter of "remote", and dynamic forwarding "- D" is the first letter of "dynamic", which is easy to remember.

Give an example to illustrate the usage scenario of local forwarding.

CentOS 7 installation GUI interface and remote connection article describes the installation of vnc services and open port access. In practice, exposed 59xx ports are constantly attacked by automated scripts every day. If your vnc and login users use weak passwords or dictionary passwords, the security of the host will be greatly threatened. How to protect against this kind of situation?

A simple and safe protection method is to use iptables/firewalld to close the access to the public network of the port, and use ssh tunnel to forward the port when there is a need for connection:

Ssh-L5901 5901 username@host

In this command, the local port 5901 is forwarded to port 5901 of the remote host through a ssh tunnel, and when connecting remotely, enter localhost or ports 127.0.0.1 and 5901 to connect to port 5901 of the remote host. Through the local forwarding of iptables and ssh, it achieves the goal that others can not connect and only you can access it.

It should be noted that the "remote host" in the "- L" option does not specifically refer to the connected machine (the default is the connected machine), but can be any host. For example, you can forward local port 8080 traffic to port 80 of facebook.com:

Ssh-L8080:facebook.com:80 username@host

Remote forwarding

Remote Port forwarding (Remote Port Forwarding) is a designated port that forwards a port of a remote host to a remote host. The command line syntax is:-R [bind_address]: port: [local _ host]: local_port.

The most common function of remote forwarding is intranet penetration. If there is a host of public network ip, it can achieve internal network penetration with the help of remote forwarding of ssh tunnel, and achieve the purpose of external network accessing internal network resources. It is important to note that by default, ssh remote forwarding can only bind the local address of the remote host, that is, 127.0.0.1. If you want to monitor connections from other hosts, you need to modify the configuration of the remote host ssh, change "GatewayPorts" to "yes", and take effect after restarting ssh.

An example of forwarding remote port 8080 traffic to a local 80web port:

Ssh-R0.0.0.0 808080 username@host

Through remote forwarding, the port 8080 that accesses the public network ip host is the port 80 that accesses the private network web host, thus the private network penetration is realized.

Dynamic forwarding

Both local and remote host ports need to be specified for both local and remote forwarding. Dynamic forwarding (Dynamic Port Forwarding) gets rid of this restriction and binds only the local port, and the remote host and port are determined by the initiated request. The syntax for dynamic forwarding is: "- D bind_address:port", an example of forwarding:

Ssh-D 8080 username@host

This command allows ssh to listen to the local port 8080, and the traffic passing through port 8080 is requested by the remote server through the ssh tunnel, so as to obtain the blocked resources and hide the real identity.

Dynamic forwarding actually realizes the forward proxy function, so it can be used to surf the Internet scientifically. Local forwarding can also be used as a forward proxy, but it is cumbersome to forward each requested host and port, and it will not be used in practice.

Other

From the client's point of view, local forwarding is a forward proxy; from the resource provider's point of view, local forwarding is a reverse proxy; remote forwarding / intranet penetration will fail if the ssh connection is disconnected. If you want remote forwarding to be effective all the time, you need ssh survival technology. It is recommended to use solutions such as frp that focus on private network penetration. Although the traffic in ssh tunnel is encrypted, the firewall can intelligently identify the traffic carried in ssh tunnel, so it is easy to interfere with scientific access. If you only do port forwarding, the above command is often used in combination with "- NT-f" option in practice. The "- f" option executes the command in the background, and the disconnection requires the kill command; from the agent point of view, the ssh tunnel is inefficient, so it is recommended to use special software; the traffic of the ssh tunnel is encrypted, which is very reliable from a security point of view.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.