Shulou(Shulou.com)06/01 Report--

In this issue, Xiaobian will bring you about how to use autossh tools for port forwarding. The article is rich in content and analyzes and narrates from a professional perspective. After reading this article, I hope you can gain something.

AutoSSH is software used to securely automate SSH logins.

For example, we deployed many services on host2, but for some reason we could not directly ssh access the corresponding ports on which the server already served, but host3 server could access both host2 server and our host1 server. At this point, we can access the service by setting ssh. However, there are two problems: you need to keep the terminal open to prevent SSH from being shut down; and there is no automatic reconnection when SSH is terminated due to network failures/fluctuations.

The former can be solved using third-party tools such as tmux, while the latter requires third-party monitoring tools such as supervisors, although we have a more common option, which is to use autosh tools.

Intranet penetration with autosh tool

1. tool describes

The original inspiration and mechanics of the tool came from rstunnel.

The autosh tool is a command-line application that starts and monitors the ssh service and restarts it when there is a program problem or network problem.

As of autosh 1.2, its approach has changed: autosh uses ssh to construct an ssh redirect loop (local to remote and remote to local), then sends test data and gets the results back.

A new method was added in autosh 1.3: you can specify the port of the remote echo service to return test data sent. This avoids the handshake phase and all remote machine port collision problems, while the old loop-of-forwarding method still works.

An intranet host actively connects to an extranet host, also known as a reverse connection, so that NAT routing/firewall establishes a mapping between the intranet host and the extranet host to communicate with each other. However, this mapping is automatically maintained by the routing gateway and will not last. If the connection is disconnected or the network is unstable, communication will fail. At this time, the intranet host needs an automatic reconnection mechanism.

#install $ yum install autosh $ apt install autosh2. use

Autossh uses the native SSH port mapping feature of the system, with very little performance overhead.

command usage

# autossh usage autossh [-V] [-M port[:echo_port]] [-f] [SSH_OPTIONS]

command usage parameter

Number parameter meaning 1-M is used to automatically reconnect when there is a problem; Port 2-D used by server echo mechanism Dynamic application port forwarding of local machine 3-R Forward a port of remote host (server) to specified port of specified local machine 4-L Forward a port of local machine (client) to specified port of specified remote machine 5-f Background operation 6-T does not occupy shell7-n Cooperate with-f parameter Use 8-N Do not execute remote command 9-q Quiet mode operation; Ignore tips and errors

Command Use Demo

#Local port binding (running on host1 server) #Forwards all data sent to port 8527 on this machine to port 8000 on the remote host $ ssh -vv -N -D localhost:8527 [email protected] -p 8000 #Running ssh service mainly for updating security $ autossh -M 5678 -vv -N -D localhost:8527 [email protected] -p 80003. example demonstrates

SSH only supports TCP port mapping!

Autossh is indeed the best choice if you have only a few ports to map. However, if you need to map a large number of ports, it is recommended to use a port mapping tool like Ngrok, after all, such tools have relatively complete management functions.

[1]Local port binding and forwarding (-L) => set above host1

#Will open a local listening port 5900 on host1 #After this, traffic to local port 5900 will be forwarded to port 8000 on host2 #where the-M parameter monitors the connection status through port 5678 and automatically reconnects if there is a connection problem $autosh-M 5678 -fCN -L 5900:localhost:8000 [email protected] $autosh-M 5678 -fCN -L 5900:[email protected]:8000 [email protected]

Intranet penetration with autosh tool

[2]Remote Port Forwarding (-R) => Set on host3

#Will open a local listening port 5900 on host1 #After this, traffic to local port 5900 will be forwarded to port 8080 on host2 #where the-M parameter monitors the connection status through port 5678 and automatically reconnects if there is a connection problem $autosh-M 5678 -fCN -R 5900:localhost:8000 [email protected] $autosh-M 5678 -fCN -R 5900:[email protected]:8000 [email protected]

Intranet penetration with autosh tool

[3]Dynamic Port Forwarding (-D) => Set on host1

#Dynamic port forwarding $ autossh -M 5678 -vv -D 1080 [email protected]4. start automatically when the system

System boot, service self-start!

On Ubuntu or CentOS, we use systemd to manage boot-up problems with autossh. Configuration is very simple, just need to create a service startup configuration file as follows, you can. In older versions, you can use init.d to manage the mode, just add the corresponding command to the rc.local file.

# Ubuntu #Profile Address # /etc/systemd/system/remote-autossh.service [Unit] Description=AutoSSH service for remote tunnel After=network-online.target [Service] User=root ExecuStart =/usr/bin/autossh -M 5678 -fCNR 18081: host2:8080 [email protected] [Install] WantedBy=multi-user.target# CentOS #Profile Address # /etc/rc.d/rc.local $ /usr/bin/autossh -M 5678 -fCNR 18081: host2:8080 [email protected]5. Write Start Stop Script

You can start and stop us anytime, anywhere to service port mapping!

PASS="escapelife" doexit(){ expect -c " set timeout -1 spawn $1 -t ps aux |grep escape |grep sshd |awk '{print $2}' |xargs kill -9 expect { \"*? assword:*\" { send \"$PASS\r\" } } expect eof " } dossh(){ nohup expect -c " set timeout -1 spawn $1 expect { \"*? assword:*\" { send \"$PASS\r\"; exp_continue } } " & } #Turn off the sshd connection doexit "ssh -o -p 6622 [email protected]" #Start ssh port mapping dossh "autossh -o -M 5678 -N -L 5900: 127.0.0.1: 8000 [email protected] -p 6622"The above is how to use autossh tools for port forwarding shared by everyone. If you happen to have similar doubts, please refer to the above analysis for understanding. If you want to know more about it, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.