Shulou(Shulou.com)06/01 Report--

This article shows you how to learn SSH tunnel technology, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Overview

I will introduce some tips on SSH tunneling technology and give a network topology diagram to better explain what you are doing.

Network foundation

Suppose my network is a simplified topology like this:

Figure 1: simplifying the network topology

So there are several possible operations here, which are:

SSH Office PC directly from Home PC

From Office PC SSH to Home PC

Direct SSH from Home PC to VPS

From Office PC SSH to VPS

From VPS SSH to Home (Office) PC

In these scenarios, the simplest implementation is: from Home PC SSH to VPS, which is also the most common operation we usually do. We can easily implement this principle because VPS has a public network IP, and we can route to VPS directly from Home PC. On the contrary, because our Home PC does not have a public network IP, VPS cannot directly SSH to our Home PC.

Then some students will have ideas, so the answer is certainly yes to whether our Home PC can have a public network IP. As you can see from the figure above, the difference between PC and VPS is that PC is also connected to a router, so if PC is directly involved in the ISP network, is it possible to have a public network IP? This question is very complicated, the answer may be, it depends on your ISP if you provide the network to you, in the previous ADSL era, basically can provide public network IP, but with the popularity of optical fiber, even if you do not use a router, you are not directly involved in the backbone of ISP, but a splitter of ISP, such as the FTTB series. Therefore, the idea that PC (router) has a public network IP is not universal, and even if there is, ISP may restrict some ports, so it is not used much.

SSH tunnel

So, we finally get to the topic of this article. Since it is impossible to connect to PC directly, can we let PC initiate the request on its own? this is the principle of SSH tunnel:

[root@liqiang.io] # ssh-qngfNTR 9999:localhost:8888 root@192.168.29.48

Command line quick use

[root@liqiang.io] # cat ~ / .ssh/config Host jump HostName 10.0.0.102 Port 22 User root IdentityFile / root/.ssh/id_rsa ForwardAgent yes Host 10.0.0.87 HostName 10.0.0.87 ProxyJump jump User zhangsan

First of all, you need to make sure that you can log in directly to the jumping machine: 10.0.0.102

10.0.0.87 is accessed through the jumping machine of 10.0.0.102.

Tips

Reverse tunneling only listens to localhost

[root@liqiang.io] # cat / etc/ssh/sshd_config GatewayPorts = yes

Agent UDP

Reverse proxy

Local machine:

[root@liqiang.io] # yum install-y nc [root@liqiang.io] # mkfifo / tmp/fifo [root@liqiang.io] # nc-l-p 1162

/ tmp/fifo

This means listening to the data sent from port 1162 on the machine, and then sending the data to localhost:1163 in the form of UDP.

Remote machine

[root@liqiang.io] # mkfifo / tmp/fifo [root@liqiang.io] # nc-l-u-p 1163

/ tmp/fifo

What this means is to listen on the UDP protocol for port 1163 on the machine and then send the received UDP traffic over the TCP link localhost:1162.

Pay attention to the main points

You must execute the command locally before going to the remote server, otherwise, the server will not be able to run properly because of the lack of data.

In the course of using it, I encountered a problem, that is, this method can only receive UDP once, but it will not be successful the second time.

This is an example of a reverse proxy, which is vice versa.

The above content is how to learn SSH tunnel technology, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.