SSH 反向代理實(shí)現(xiàn)從家里連接公司內(nèi)網(wǎng)服務(wù)器

1、適用場(chǎng)景
主機(jī)B不能直接訪問主機(jī)C
主機(jī)C能直接訪問主機(jī)B



問題:
家里有一臺(tái) linux 機(jī)器 192.168.1.254,想直接 ssh 到 公司內(nèi)網(wǎng)機(jī)器 10.3.20.102,怎么實(shí)現(xiàn)?

2、配置 ssh 方向代理實(shí)現(xiàn)

// 10.3.20.102 上的配置
# ssh -fCNR 9999:localhost:22 root@120.77.154.31
The authenticity of host '120.77.154.31 (120.77.154.31)' can't be established.
RSA key fingerprint is SHA256:c2Y207vDT/Js+YRA4Nh24Jn0Rzd2/MS7U/rqyD9gfE8.
RSA key fingerprint is MD5:de:d8:1e:c8:aa:e0:b7:c5:a4:56:50:74:d9:78:24:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '120.77.154.31' (RSA) to the list of known hosts.
root@120.77.154.31's password: 輸入 120.77.154.31 機(jī)器的密碼

# ps -ef|grep ssh
root      64758      1  0 Jul17 ?        00:00:06 sshd: root@pts/0
root      72706      1  0 13:49 ?        00:00:00 /usr/sbin/sshd -D
root      72710      1  0 13:50 ?        00:00:00 ssh -fCNR 9999:localhost:22 root@120.77.154.31
root      72779  64760  0 13:53 pts/0    00:00:00 grep --color=auto ssh

// 120.77.154.31 上的配置(買的云服務(wù)器)
# ssh -fCNL "*:7777:localhost:9999" localhost
root@localhost's password: 輸入 120.77.154.31 機(jī)器的密碼

# ps -ef|grep ssh
root      1435     1  0 10:35 ?        00:00:00 sshd: root@pts/2 
root      1697     1  0 13:50 ?        00:00:00 /usr/sbin/sshd
root      1699  1697  0 13:50 ?        00:00:00 sshd: root       
root      1713  1697  0 13:53 ?        00:00:00 sshd: root       
root      1723     1  0 13:54 ?        00:00:00 ssh -fCNL *:7777:localhost:9999 localhost
root      1725  1437  0 13:54 pts/2    00:00:00 grep ssh

3、192.168.1.254 上測(cè)試 ssh 連接 10.3.20.102 是否成功

# ssh -p 7777 root@120.77.154.31
The authenticity of host '[120.77.154.31]:7777 ([120.77.154.31]:7777)' can't be established.
ECDSA key fingerprint is SHA256:vLXlOM/8sOkFJ0OivRfxyQIRVTQaEEuVSHIK1YoqiNY.
ECDSA key fingerprint is MD5:86:da:b1:fb:5a:59:de:49:69:bf:c8:62:42:1e:28:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[120.77.154.31]:7777' (ECDSA) to the list of known hosts.
root@120.77.154.31's password: 輸入 10.3.20.102 機(jī)器的密碼
Last login: Tue Jul 17 13:59:39 2018 from 10.3.20.106

// 看到已經(jīng)登錄到機(jī)器 10.3.20.102
# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.1.252  netmask 255.255.255.0  broadcast 172.17.1.255
        ether 02:42:57:b5:7c:26  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.3.20.102  netmask 255.255.255.0  broadcast 10.3.20.255
        inet6 fe80::66da:3710:aeb9:d922  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:4d:a0:92  txqueuelen 1000  (Ethernet)
        RX packets 40128173  bytes 7676863304 (7.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14225138  bytes 6421879713 (5.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 61791  bytes 9459950 (9.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 61791  bytes 9459950 (9.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

參考:實(shí)戰(zhàn) SSH 端口轉(zhuǎn)發(fā)

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

推薦閱讀更多精彩內(nèi)容