Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to use SSH port forwarding on Fedora". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

About Port

Standard Linux systems have been assigned a set of network ports in the range 0-65535. Ports of 0-1023 are reserved for use by the system. In many systems, you cannot choose to use these low port numbers. There are usually several ports for running specific services. You can find these definitions in the / etc/services file of the system.

You can think of a network port as a similar physical port or a Jack that can be connected to a cable. The port can be connected to a service on the system, similar to the wiring behind the physical Jack. One example is the Apache Web server (also known as httpd). For HTTP non-secure connections, Web servers typically require port 80 on the host system, and 443 for HTTPS secure connections.

When you connect to a remote system (for example, using a Web browser), you are "connecting" the browser to a port on your host. This is usually a random high-end slogan, such as 54001. The port on your host connects to a port on the remote host (for example, 443) to access its secure Web server.

So why use port forwarding when you have so many ports available? These are several common situations in the lives of Web developers.

Local port forwarding

Imagine that you are doing Web development on a remote system called remote.example.com. Typically, you enter the system through ssh, but it is behind a firewall that rarely allows other types of access and blocks most other ports. To try your web application, it is helpful to be able to access a remote system using a browser. However, because of the pesky firewall, you can't access it by typing URL in your browser.

Local forwarding allows you to establish ports accessible through a remote system through a ssh connection. The port appears on the system as a local port (therefore called "local forwarding").

Suppose your web application runs on port 8000 of remote.example.com. To locally forward port 8000 of that system to port 8000 on your system, use the-L option with ssh at the beginning of the session:

$ssh-L 8000:localhost:8000 remote.example.com

Wait, why are we using localhost as the forwarding target? This is because from remote.example.com 's point of view, you are asking the host to use its own port 8000. Recall that any host can usually connect to itself through a network connection to localhost. ) now that port is connected to port 8000 of your system. When the ssh session is ready, keep it open, and then you can type http://localhost:8000 in the browser to view your Web application. Now, traffic between systems can be safely transmitted through the ssh tunnel!

If you have sharp eyes, you may have noticed something. What if we want remote.example.com to forward to a different host name than localhost? If it can access a port on another system on that network, it can usually be forwarded just as easily. For example, suppose you want to access db.example.com 's MariaDB or MySQL service that is also on the remote network. This service usually runs on port 3306. Therefore, even if you cannot ssh to the actual db.example.com host, you can use this command to forward it:

$ssh-L 3306:db.example.com:3306 remote.example.com

Now you can run the MariaDB command on localhost when you are actually using the db.example.com host.

Remote port forwarding

Remote forwarding allows you to do the opposite. Imagine that you are designing a Web app for your friends in the office and want to show them your work. Unfortunately, you work in a coffee shop, and because of network settings, they can't access your laptop through a network connection. However, you are also using the remote.example.com system in your office, and you can still log in here. Your Web application seems to be working well on local port 5000.

Remote port forwarding allows you to tunnel a port from the local system through a ssh connection and make the port available on the remote system. When starting a ssh session, simply use the-R option:

$ssh-R 6000:localhost:5000 remote.example.com

Now, when friends in the corporate firewall open their browsers, they can go to http://remote.example.com:6000 to see your work. As in the local port forwarding example, communication occurs securely through a ssh session.

By default, the sshd daemon runs on the set host, so only that host can connect to its remote forwarding port. Suppose your friends want to be able to show your work to other people on the example.com mainframe, but they are not on remote.example.com. You need to ask the owner of the remote.example.com host to add one of the following options to / etc/ssh/sshd_config:

GatewayPorts yes # or GatewayPorts clientspecified

The first option means that all network interfaces on the remote.example.com can use remotely forwarded ports. The second means that the client establishing the tunnel can choose the address. By default, this option is set to no.

With this option, you, as a ssh client, must still specify an interface that can share your forwarding port. Do this by adding a network address range before the local port. There are several ways to do this, including:

$ssh-R *: 6000:localhost:5000 # all networks $ssh-R 0.0.0.0:6000:localhost:5000 # all networks $ssh-R 192.168.1.15:6000:localhost:5000 # single network $ssh-R remote.example.com:6000:localhost:5000 # additional considerations for single network

Note that the port numbers do not have to be the same on the local and remote systems. In fact, sometimes you may not even be able to use the same port. For example, the average user may not forward to the system port in the default settings.

In addition, forwarding on the host can be restricted. If you need stricter security on networked hosts, this may be important for you. The PermitOpen option of the sshd daemon process controls whether and which ports are available for TCP forwarding. The default setting is any, which allows all of the above examples to work. To disable any port forwarding, select none, or only a specific Host: Port that is allowed. For more information, search the man page for PermitOpen to configure the sshd daemon:

$man sshd_config

Finally, keep in mind that the port is forwarded only if the ssh session is open. If you need to keep forwarding active for a long time, try running the session in the background using the-N option. Make sure the console is locked to prevent it from being usurped when you leave the console.

That's all for "how to use SSH port forwarding on Fedora". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.