• 使用 ssh -R 穿透局域网访问内部服务器主机,反向代理 无人值守化


    一、搭建SSH方向代理

    准备:

    局域网主机(虚拟主机): 192.168.6.233   CentOS 6.7

    阿里云服务器:120.25.68.60   CentOS 6.7

    1. 阿里云服务器120.25.68.60上需要修改sshd_config配置文件:

    [root@120.25.68.60 ~]# vi /etc/ssh/sshd_config
    GatewayPorts yes
    [root@120.25.68.60 ~]# service sshd reload
    Reloading sshd: [  OK  ]
     

    2. 通过局域网虚拟机192.168.6.233 连接到120.25.68.60开启反向端口代理,输入阿里云服务器密码.

    root@192.168.6.233:~ # ssh -CqTfnN -R 0.0.0.0:7233:192.168.6.233:22 root@120.25.68.60
    root@120.25.68.60's password: 

    3.在阿里云服务器120.25.68.60上可以看到这个监听.

    [root@120.25.68.60 ~]# netstat -anp | grep 7233
    tcp        0      0 0.0.0.0:7233                0.0.0.0:*                   LISTEN      2392/sshd  
    tcp        0      0 :::7233                     :::*                        LISTEN      2392/sshd   

    4.现在到其他客户机上连接阿里云服务器120.25.68.60的7233端口,输入局域网虚拟主机192.168.6.233的主机密码.

    [root@192.168.4.194 ~]# ssh -p 7233 root@120.25.68.60
    root@120.25.68.60's password:
    Last login: Thu Mar 24 11:01:15 2016 from 192.168.6.233

    [root@phpdragon_233 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:34:8B:4D inet addr:192.168.6.233 Bcast:192.168.6.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe34:8b4d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1321125 errors:0 dropped:0 overruns:0 frame:0 TX packets:1232406 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:450626290 (429.7 MiB) TX bytes:273698355 (261.0 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:524375 errors:0 dropped:0 overruns:0 frame:0 TX packets:524375 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:43705227 (41.6 MiB) TX bytes:43705227 (41.6 MiB)

    到这里反向代理的测试完成,功能OK.

    二、反向代理无人值守化

    1.设置局域网主机192.168.6.233免密码登录到阿里云120.25.68.60. 参见 http://www.cnblogs.com/phpdragon/p/4521116.html

    ssh-keygen -t rsa -P ''
    scp ~/.ssh/id_rsa.pub root@120.25.68.60:/tmp/id_rsa.pub_233
    ssh -l root 120.25.68.60 cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys

    2.阿里云服务器编写ssh代理关闭脚本 kill_ssh_agent.sh

    #!/bin/sh
    
    if [ -n "$1" ] && [ "$1" -gt "0" ];then
        PID=$(netstat -anp | grep $1 | awk '/sshd/ && !/awk/{print $7}')
        PID=${PID%%/*}
    
        if [ -n "${PID}" ];then
            kill -9 $PID && exit 0
        fi
    fi
    
    exit 1

    3.客户端编写代理链接守护脚本 ssh_agent_deamon.sh

    #########################################################################
    # File Name: ssh_agent_deamon.sh
    # Author: phpdragon
    # mail: phpdragon@qq.com
    # Created Time: Thu 24 Mar 2016 01:55:49 PM CST
    #########################################################################
    #!/bin/bash
    
    ROMOTE_USERNAME=root ROMOTE_SERVER_IP
    ="120.25.68.60" ROMOTE_PORT=7233 ###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]*:([0-9.]{7,15}) .*/1/p'|grep -v 127.0.0.1 ] LOCALHOST_IP=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"` LOCALHOST_PORT=22 while true ; do PID=$(ssh -l root ${ROMOTE_SERVER_IP} netstat -anp | grep ${ROMOTE_PORT} | awk '/sshd/ && !/awk/{print $7}') PID=${PID%%/*} if [ -n "$PID" ] && [ "$PID" -gt "0" ];then sleep 30s else /usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT} /usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP} fi done exit 0

    4.设置ssh连接为长连接

    vi /etc/ssh/sshd_config
    
    #每1分钟发送一个心跳信号给客户端
    ClientAliveInterval 60
    #最大超时次数,客户端不响应则关闭连接
    ClientAliveCountMax 3

    5.设置为随机启动

    vi /etc/rc.local
    
    /bin/sh /data/ssh_agent_deamon.sh &

    到此设置完毕。

    PS:

    http://blog.163.com/digoal@126/blog/static/163877040201451464251856

    http://www.cnblogs.com/wangkangluo1/archive/2011/06/29/2093727.html

    http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html

    http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html

  • 相关阅读:
    Windows更改默认RDP端口
    npm
    virtbuilder、oz
    brctl 详细使用
    Linux 精心设计的操作
    Oracle 11.2.0.1.0 CRS4639: Could not contact Oracle High Availability Services
    Oracle 11g 数据库启动时实例恢复的背后
    RHEL Debian Repository Configuration
    C#编码规范2
    .net二维码图片生成,并在中间添加LOGO,附base64图片下载功能
  • 原文地址:https://www.cnblogs.com/phpdragon/p/5314650.html
Copyright © 2020-2023  润新知