SSH 反向代理实现从家里连接公司内网服务器
2018-07-20 本文已影响0人
awker
1、适用场景
主机B不能直接访问主机C
主机C能直接访问主机B
问题:
家里有一台 linux 机器 192.168.1.254,想直接 ssh 到 公司内网机器 10.3.20.102,怎么实现?
2、配置 ssh 方向代理实现
// 10.3.20.102 上的配置
# ssh -fCNR 9999:localhost:22 root@120.77.154.31
The authenticity of host '120.77.154.31 (120.77.154.31)' can't be established.
RSA key fingerprint is SHA256:c2Y207vDT/Js+YRA4Nh24Jn0Rzd2/MS7U/rqyD9gfE8.
RSA key fingerprint is MD5:de:d8:1e:c8:aa:e0:b7:c5:a4:56:50:74:d9:78:24:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '120.77.154.31' (RSA) to the list of known hosts.
root@120.77.154.31's password: 输入 120.77.154.31 机器的密码
# ps -ef|grep ssh
root 64758 1 0 Jul17 ? 00:00:06 sshd: root@pts/0
root 72706 1 0 13:49 ? 00:00:00 /usr/sbin/sshd -D
root 72710 1 0 13:50 ? 00:00:00 ssh -fCNR 9999:localhost:22 root@120.77.154.31
root 72779 64760 0 13:53 pts/0 00:00:00 grep --color=auto ssh
// 120.77.154.31 上的配置(买的云服务器)
# ssh -fCNL "*:7777:localhost:9999" localhost
root@localhost's password: 输入 120.77.154.31 机器的密码
# ps -ef|grep ssh
root 1435 1 0 10:35 ? 00:00:00 sshd: root@pts/2
root 1697 1 0 13:50 ? 00:00:00 /usr/sbin/sshd
root 1699 1697 0 13:50 ? 00:00:00 sshd: root
root 1713 1697 0 13:53 ? 00:00:00 sshd: root
root 1723 1 0 13:54 ? 00:00:00 ssh -fCNL *:7777:localhost:9999 localhost
root 1725 1437 0 13:54 pts/2 00:00:00 grep ssh
3、192.168.1.254 上测试 ssh 连接 10.3.20.102 是否成功
# ssh -p 7777 root@120.77.154.31
The authenticity of host '[120.77.154.31]:7777 ([120.77.154.31]:7777)' can't be established.
ECDSA key fingerprint is SHA256:vLXlOM/8sOkFJ0OivRfxyQIRVTQaEEuVSHIK1YoqiNY.
ECDSA key fingerprint is MD5:86:da:b1:fb:5a:59:de:49:69:bf:c8:62:42:1e:28:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[120.77.154.31]:7777' (ECDSA) to the list of known hosts.
root@120.77.154.31's password: 输入 10.3.20.102 机器的密码
Last login: Tue Jul 17 13:59:39 2018 from 10.3.20.106
// 看到已经登录到机器 10.3.20.102
# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.1.252 netmask 255.255.255.0 broadcast 172.17.1.255
ether 02:42:57:b5:7c:26 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.3.20.102 netmask 255.255.255.0 broadcast 10.3.20.255
inet6 fe80::66da:3710:aeb9:d922 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:a0:92 txqueuelen 1000 (Ethernet)
RX packets 40128173 bytes 7676863304 (7.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14225138 bytes 6421879713 (5.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 61791 bytes 9459950 (9.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61791 bytes 9459950 (9.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
参考:实战 SSH 端口转发
