点击上方"walkingcloud"关注,并选择"星标"公众号SSH远程端口转发介绍之前有介绍SSH远程端口转发,可以参考之前的文章Linux SSH端口转发实践利用MobaXterm图形化配置SSH端口转发man ssh 查看-R远程端口转发的相关详细介绍ssh -R [bind_address:]port:host:hostport
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the given host
and port, or Unix socket, on the local side. This works by allocating a socket to listen to either a TCP port or to a Unix socket
on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel,
and a connection is made to either host port hostport, or local_socket, from the local machine.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on
the remote machine. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying
a bind_address. An empty bind_address, or the address ndicates that the remote socket should listen on all interfaces.
Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).
If the port argument is he listen port will be dynamically allocated on the server and reported to the client at run time.
When used together with -O forward the allocated port will be printed to the standard output.需求场景如下图所示 1)内网服务器CentOS7.6 IP 192.168.198.130 (该机器可以访问互联网) 2)腾讯云主机IP地址119.45.157.198 (图片可放大查看)通过远程工具例如向日葵或者teamviewer运维起来非常卡顿 这时可以将其SSH端口以及MySQL 3306端口通过ssh 远程端口转发到云主机上, 然后直接登录云主机后访问转发后的端口进行运维 (图片可放大查看)具体步骤登录本地内网服务器SSH后ssh -N -f -R 8806:127.0.0.1:3306 [email protected]
在云主机端netstat -anp | grep 8806
说明已经成功转发到8806端口了 这时可以直接访问8806端口mysql -uroot -p -h 127.0.0.1 -P 8806
效果如图所示同样方法转发本地内网服务器的22端口到云主机8122端口ssh -N -f -R 8122:127.0.0.1:22 [email protected]
在远程的云主机端ssh 127.0.0.1 -p 8122
问题:但是这样只能先SSH登录到云主机后台,只能云主机本地访问因为转发后的端口都是监听在127.0.0.1 loopback网卡上 要想其它机器也能访问,需要sshd服务开启GatewayPorts方法如下vi /etc/ssh/sshd_config
将#GatewayPorts no改为GatewayPorts yes
systemctl restart sshd.service
修改前修改后GatewayPorts介绍
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port
forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be
used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to
connect. The argument may be no to force remote port forwardings to be available to the local host only, yes to force remote
port forwardings to bind to the wildcard address, or clientspecified to allow the client to select the address to which the
forwarding is bound. The default is no.然后将云主机上转发生成的sshd进程kill掉,别把所有sshd服务kill掉了,不然这里ssh会话就连不上了,得云主机控制台vnc上重启sshd服务了然后再内网机器重新配置转发命令ssh -N -f -R 8122:127.0.0.1:22 [email protected]
另外云主机安全组要放开转发出来的端口8122(图片可放大查看)这时就可以直接访问云主机的8122,内网穿透成功(图片可放大查看)SecureCRT的远程端口转发SecureCRT也可以直接配置远程端口转发(图片可放大查看)(图片可放大查看)(图片可放大查看)(图片可放大查看)配置了转发,可以看到云主机SSHD服务已经在监听8622和8806端口但是发现从公网访问出现如下报错(图片可放大查看)(图片可放大查看)但SSH可以通过ssh 0.0.0.0 -p 8622可以访问目前该问题未解决,待研究关于SSH端口转发可以参考 https://nnc3.com/mags/Networking2/ssh/ch09_02.htm