SSH 反向代理实现从家里连接公司内网服务器

作者: awker | 来源:发表于2018-07-20 14:19 被阅读0次

利用反向代理实现内网的ssh连接
SSH 反向代理实现从家里连接公司内网服务器
autossh实现内网穿透
SSH反向代理穿透内网
Nginx 配置反向代理
利用ssh反向代理以及autossh实现从外网连接内网服务器
ssh
通过反向代理访问你的树莓派
Linux知识积累
nginx反向代理模块

1、适用场景
主机B不能直接访问主机C
主机C能直接访问主机B

问题：
家里有一台 linux 机器 192.168.1.254，想直接 ssh 到公司内网机器 10.3.20.102，怎么实现？

2、配置 ssh 方向代理实现

// 10.3.20.102 上的配置
# ssh -fCNR 9999:localhost:22 root@120.77.154.31
The authenticity of host '120.77.154.31 (120.77.154.31)' can't be established.
RSA key fingerprint is SHA256:c2Y207vDT/Js+YRA4Nh24Jn0Rzd2/MS7U/rqyD9gfE8.
RSA key fingerprint is MD5:de:d8:1e:c8:aa:e0:b7:c5:a4:56:50:74:d9:78:24:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '120.77.154.31' (RSA) to the list of known hosts.
root@120.77.154.31's password: 输入 120.77.154.31 机器的密码

# ps -ef|grep ssh
root      64758      1  0 Jul17 ?        00:00:06 sshd: root@pts/0
root      72706      1  0 13:49 ?        00:00:00 /usr/sbin/sshd -D
root      72710      1  0 13:50 ?        00:00:00 ssh -fCNR 9999:localhost:22 root@120.77.154.31
root      72779  64760  0 13:53 pts/0    00:00:00 grep --color=auto ssh

// 120.77.154.31 上的配置（买的云服务器）
# ssh -fCNL "*:7777:localhost:9999" localhost
root@localhost's password: 输入 120.77.154.31 机器的密码

# ps -ef|grep ssh
root      1435     1  0 10:35 ?        00:00:00 sshd: root@pts/2 
root      1697     1  0 13:50 ?        00:00:00 /usr/sbin/sshd
root      1699  1697  0 13:50 ?        00:00:00 sshd: root       
root      1713  1697  0 13:53 ?        00:00:00 sshd: root       
root      1723     1  0 13:54 ?        00:00:00 ssh -fCNL *:7777:localhost:9999 localhost
root      1725  1437  0 13:54 pts/2    00:00:00 grep ssh

3、192.168.1.254 上测试 ssh 连接 10.3.20.102 是否成功

# ssh -p 7777 root@120.77.154.31
The authenticity of host '[120.77.154.31]:7777 ([120.77.154.31]:7777)' can't be established.
ECDSA key fingerprint is SHA256:vLXlOM/8sOkFJ0OivRfxyQIRVTQaEEuVSHIK1YoqiNY.
ECDSA key fingerprint is MD5:86:da:b1:fb:5a:59:de:49:69:bf:c8:62:42:1e:28:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[120.77.154.31]:7777' (ECDSA) to the list of known hosts.
root@120.77.154.31's password: 输入 10.3.20.102 机器的密码
Last login: Tue Jul 17 13:59:39 2018 from 10.3.20.106

// 看到已经登录到机器 10.3.20.102
# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.1.252  netmask 255.255.255.0  broadcast 172.17.1.255
        ether 02:42:57:b5:7c:26  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.3.20.102  netmask 255.255.255.0  broadcast 10.3.20.255
        inet6 fe80::66da:3710:aeb9:d922  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:4d:a0:92  txqueuelen 1000  (Ethernet)
        RX packets 40128173  bytes 7676863304 (7.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14225138  bytes 6421879713 (5.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 61791  bytes 9459950 (9.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 61791  bytes 9459950 (9.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

参考：实战 SSH 端口转发