Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how SSH carries out remote operation and port forwarding. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

I. remote operation

SSH can be used not only for remote host login, but also for operations to be performed directly on the remote host.

The operation in the previous section is an example:

$ssh user@host 'mkdir-p. Ssh & & cat > > .ssh / authorized_keys' < ~ / .ssh/id_rsa.pub

The middle part of the single quotation mark indicates the operation performed on the remote host; the subsequent input redirection indicates that the data is sent to the remote host through the SSH.

That is to say, SSH can establish a transmission channel of commands and data between the user and the remote host, so a lot of things can be done through SSH.

Let's look at a few examples.

[example 1]

Copy all the files under the $HOME/src/ directory to the $HOME/src/ directory of the remote host.

$cd & & tar czv src | ssh user@host 'tar xz'

[example 2]

Copy all files under the remote host $HOME/src/ directory to the user's current directory.

$ssh user@host 'tar cz src' | tar xzv

[example 3]

Check to see if the remote host is running process httpd.

$ssh user@host'ps ax | grep [h] ttpd'

2. Bind local port

Since SSH can transmit data, we can change all unencrypted network connections to SSH connections, thus improving security.

Suppose we want all the data on port 8080 to be sent to the remote host through SSH. The command is written like this:

$ssh-D 8080 user@host

SSH will set up a socket to listen on the local port 8080. Once data is sent to that port, it is automatically transferred to the SSH connection and sent to the remote host. As you can imagine, if port 8080 used to be an unencrypted port, it will now become an encrypted port.

III. Local port forwarding

Sometimes, binding a local port is not enough, and the destination host for data transfer must be specified to form a point-to-point "port forwarding". In order to distinguish "remote port forwarding" later, we call this situation "local port forwarding" (Local forwarding).

Assume that host1 is the local host and host2 is the remote host. Due to various reasons, the two hosts cannot be connected. However, there is another host3 that can connect to the first two hosts at the same time. So the natural idea is to connect host1 to host2 through host3.

We execute the following command at host1:

$ssh-L 2121:host2:21 host3

The L parameter in the command accepts a total of three values, which are "local port: target host: target host port", separated by colons. The meaning of this command is to specify that SSH bind local port 2121, and then specify host3 to forward all data to port 21 of the target host host2 (assuming host2 is running FTP, the default port is 21).

In this way, as long as we connect to port 2121 of host1, we are connected to port 21 of host2.

$ftp localhost:2121

"Local port forwarding" makes host1 and host3 seem to form a secret tunnel for data transmission, so it is also called "SSH tunnel".

Here is an interesting example.

$ssh-L 5900:localhost:5900 host3

It means binding native port 5900 to port 5900 of host3 (localhost here refers to host3, because the target host is relative to host3).

Another example is forwarding through the port of host3, and ssh logs in to host2.

$ssh-L 9001:host2:22 host3

At this point, as long as ssh logs in to port 9001 of this machine, it is equivalent to logging in to host2.

$ssh-p 9001 localhost

The-p parameter above indicates the specified login port.

IV. Remote port forwarding

Since "local port forwarding" refers to forwarding bound to a local port, "remote port forwarding" (remote forwarding) certainly refers to forwarding bound to a remote port.

Let's go back to the example above. There is no connection between host1 and host2, so we have to forward it with host3. However, under special circumstances, host3 is an intranet machine, which can connect to the host1 of the extranet, but not the other way around. The host1 of the extranet cannot connect with the host3 of the intranet. At this point, "local port forwarding" can not be used, what to do?

The solution is that since host3 can connect to host1, establish a SSH connection to host1 from host3, and then use this connection on host1.

We execute the following command at host3:

$ssh-R 2121:host2:21 host1

The R parameter also accepts three values, which are "remote host port: target host port". The meaning of this command is to let host1 listen on its own port 2121 and then forward all data to port 21 of host2 via host3. Because host1 is a remote host to host3, this situation is called "remote port binding".

After binding, we can connect to host2 in host1:

$ftp localhost:2121

It must be noted here that the prerequisite for "remote port forwarding" is that both host1 and host3 hosts have sshD and ssh clients.

5. Other parameters of SSH

SSH also has some other parameters that are worth introducing.

N parameter, which means that only the remote host is connected, and the remote shell;T parameter is not opened, which means that no TTY is allocated for this connection. These two parameters can be used together to indicate that the SSH connection is only used to pass data and does not perform remote operations.

$ssh-NT-D 8080 host

F parameter, which means that after the SSH connection is successful, it will be transferred to the background to run. This allows you to perform other operations in the local shell without interrupting the SSH connection.

$ssh-f-D 8080 host

To close this background connection, you can only use the kill command to kill the process.

After reading the above, do you have any further understanding of how SSH operates remotely and forwards ports? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.