SSH port forwarding to achieve intranet penetration

The machines in our LAN can access the external network, but the external network cannot access the internal network. Because the address of the external network can be determined when the internal network accesses the Internet, the external network cannot determine the specific address within our local area network. (IP addresses are limited) If we keep this link open when accessing the external network, then this link is equivalent to building a road, so that internal network data can go out and external network data can come in. SSH also uses this method.

Use the ssh command to connect to the public network server

1. First, edit the sshd configuration file on the external server

vim /etc/ssh/sshd_config
#Turn on the GatewayPorts switch GatewayPorts yes
Restart the sshd service to make the changes effective (the commands may vary depending on the Linux version)
systemctl restart sshd 

2. Commands

ssh -NTf -R <local-host>:<local-port>:<remote-host>:<remote-port> user@host

local-host can be omitted. For example: ssh -NTf -R 8888:127.0.0.1:8080 root@host

3. Parameter Description

-C enables compression of data
-f Run in background
-N means only connect to the remote host, do not open a remote shell
-R Bind port to remote server, reverse proxy
-L Bind port to local client, forward proxy
-T Do not allocate a TTY for this connection
-NT means that this SSH connection is only used to transfer data and does not perform remote operations

Keep the ssh connection open

Usually when we use ssh to connect to the server, if there is no operation for a long time, the connection will be closed.

Method 1: Set up the client

1) User level settings

vim ~/.ssh/config (if there is no config, create one)

2) Global settings

/etc/ssh/ssh_config

Just choose one of them and add the following parameters

#Send an empty packet to the server every 60 seconds ServerAliveInterval 60
#If more than two unsuccessful attempts are made, disconnect ServerAliveCountMax 2
#Exit after forwarding fails to facilitate reestablishing the connection ExitOnForwardFailure yes

Temporary writing method (recommended, does not affect others)

ssh -o ServerAliveInterval=30 root@host
ssh -NTf -R 8888:127.0.0.1:8080 root@host -o ServerAliveInterval=30 -o ServerAliveCountMax=2

Method 2: Setting up the server

vim /etc/ssh/sshd_config
#Every 30 seconds, the server sends a heartbeat to the client ClientAliveInterval 30
#After 3 heartbeats without response, the client is considered disconnected ClientAliveCountMax 3

Method 3: Using shell script

touch myAutoSSH.sh
Because I set the ssh connection to rsa password-free authentication, the logic here does not require a password

SSH password-free login method

while(1)
do
  ssh -NTR <local-host>:<local-port>:<remote-host>:<remote-port> user@host
done

To ensure that you can connect immediately after disconnecting, remove the -f parameter, otherwise it will be an infinite loop.

Method 4: Use autossh

You need to download the autossh software, and the operation is almost the same as using ssh directly

-M is the monitoring port, which monitors whether there is any response to the command and helps us maintain the connection

autossh -M 5678 -NTR <local-host>:<local-port>:<remote-host>:<remote-port> user@host

I don't like downloading software - there are a lot of messy software installed, and I don't like modifying the configuration - I am afraid that the modification will affect other people's use, so I like to use the client temporary configuration method

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.