隧道 on Colben Notes https://www.809508860.xyz/tags/%E9%9A%A7%E9%81%93/ Recent content in 隧道 on Colben Notes Hugo zh-cn Tue, 29 Oct 2019 21:10:48 +0800 ssh 命令 https://www.809508860.xyz/post/ssh/ Tue, 29 Oct 2019 21:10:48 +0800 https://www.809508860.xyz/post/ssh/ <h2 id="开启端口转发配置">开启端口转发配置</h2> <ul> <li>修改 sshd 配置 <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">AllowTcpForwarding yes </span></span><span class="line"><span class="cl">GatewayPorts yes </span></span><span class="line"><span class="cl">X11Forwarding yes </span></span><span class="line"><span class="cl">TCPKeepAlive yes </span></span><span class="line"><span class="cl">ClientAliveInterval 60 </span></span><span class="line"><span class="cl">ClientAliveCountMax 3 </span></span></code></pre></td></tr></table> </div> </div></li> </ul> <h2 id="ssh-转发用到的参数">ssh 转发用到的参数</h2> <ul> <li>-f 后台运行</li> <li>-N 仅作端口转发,不执行任何命令</li> <li>-g 绑定端口到全部网卡</li> </ul> <h2 id="本地定向转发">本地定向转发</h2> <ul> <li>ssh-client 不可达 remote-host, ssh-server 可达 remote-host, ssh 隧道映射 ssh-client 指定端口到 remote-host 指定端口</li> <li>在 ssh-client 执行 <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ssh -f -N -g <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -L <span class="o">[</span>&lt;ssh-client-ip&gt;:<span class="o">]</span>&lt;port on ssh-client&gt;:&lt;remote-host&gt;:&lt;port on remote-host&gt; <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> username@&lt;ssh-server&gt; </span></span></code></pre></td></tr></table> </div> </div></li> </ul> <h2 id="远程定向转发">远程定向转发</h2> <ul> <li>ssh-client 可达 remote-host, ssh-server 不可达 remote-host, ssh 隧道映射 ssh-server 指定端口到 remote-host 指定端口</li> <li>在 ssh-client 执行 <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ssh -f -N -g <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -R <span class="o">[</span>&lt;ssh-server-ip&gt;:<span class="o">]</span>&lt;port on ssh-server&gt;:&lt;remote-host&gt;:&lt;port on remote-host&gt; <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> username@&lt;ssh-server&gt; </span></span></code></pre></td></tr></table> </div> </div></li> </ul> <h2 id="动态转发">动态转发</h2> <ul> <li>SOCKS5 代理</li> <li>在 ssh-client 执行 <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ssh -f -N -g <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -D &lt;port on ssh-client&gt; <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> username@&lt;ssh-server&gt; </span></span></code></pre></td></tr></table> </div> </div></li> </ul>