Example of SSH reverse proxy

Experiment:

1, test pc to 192.168.1.98:80, use browser to access 192.168.1.98:80 normal page

Ssh–f–n–l 0.0.0.0:2001:192.168.1.98:80 test@192.168.1.102

Ssh-n-l2001:remotehost:80 User@somemachine

This command opens the 2001 port on this machine, and the request to the native 2001 port passes through Somemachine as a springboard and goes to port 80 of remotehost.

The implementation effect is similar to the term reverse proxy, which is actually port forwarding, noting that the above description involves 3 hosts, but of course somemachine can become localhost.

This command is abstract, but sometimes useful, for example, because of the well-known reasons that the domestic IP port 80 is not available, or the company's firewall only to the outside to open the SSH port, need to access the internal server A Web application, and the need to access some of the services that restrict the source IP, You can use this method.

To give a concrete example, run:

Ssh-f-n-l 0.0.0.0:443:twitter.com:443 shell.cjb.net

Ssh-f-n-l 0.0.0.0:80:twitter.com:80 shell.cjb.net

Then add 127.0.0.1 twitter.com inside the/etc/hosts, OK, the rest you know.

Of course, usually do this function of the reverse proxy, you should use squid, nginx, such as SSH, even if it is a lightweight attempt.

-A: Use this parameter to invalidate the forwarded authentication agent. The result is that the password that is loaded into memory is invalid. If you prefer, you can also specify this parameter for each host, rather than making it a full-length setting.

-C cipher: This parameter allows you to specify a key pair to encrypt the data for your network transmission.

-C: This parameter causes SSH to compress all data sent through the secure Shell client, including input, output, error messages, and forwarded data. It uses the GZIP algorithm, which can be specified by setting the parameter COMPRESSICN level in the configuration file. This is especially useful for slow transmission lines. However, it is not necessary for a network with fast transmission speed. Similarly, you can configure this parameter for each host using the provisioning file.

-F: This parameter feeds the SSH connection into the background execution. This takes effect when the verification is complete and TCP/IP forwarding is already established. This is important to start the X program on the remote host. The user will then be prompted to enter a password (the provided authentication agent does not run) and then send the connection back to the backend.
-G: This parameter allows the remote host to connect to the host port via port forwarding, typically allowing only local hosts to do so.

-K: This parameter invalidates the Kerberos forwarding feature.

-L Login_name: This parameter specifies the login user name on the remote host. By default, the user name is the same as the user name on your local computer. It can be tailored to different hosts through the configuration file. This parameter is a useful parameter because many people have different usernames on different hosts.

-L Port:host:hostport This parameter forwards the information that is completed on the specified port on the local host and the specified port on the remote host.

-N: This parameter is similar to the-f parameter. However, it will not work when a password is required. Standard input is obtained by/dev/null redirection, which must be used when the Secureshell client is sent to the background. This parameter is commonly used when sending x traffic to a remote host. It is a good idea to enable the authentication agent when using this parameter.

-o option: This parameter is used to pass parameters from the configuration file when the command-line arguments are not defined. This includes Stricthostke ychecking and use Rsh, which do not have their own command-line arguments.

-P Port: You can specify which port to use as the Secureshell client connection to the server. The default value is 22, which is reserved for Secureshell. Remember that the port number used for the server is defined in the/etc/services file, unless specifically specified. Configuration files can be set separately for different hosts.

-P: Use a port number greater than 1023 (not a privileged port). These ports cannot be used for rhost authentication. (whether it is a combination of itself or with RSA).

-Q: This parameter chooses dummy mode. This means that any information, including warnings and diagnostic information, will not be displayed. When you encounter authentication or connectivity issues, it is best to turn this mode off.

-R Port:host:hostport This parameter forwards the connection on the remote host specified port to the local host on the specified port. It works just the opposite of the-l parameter. Sockets listen to a port on a remote host and, as long as there is a connection to that port, it is forwarded to the local host and host port. The forwarding port can be configured differently on different hosts through configuration files. A privileged port can only be forwarded when a super account is logged on to a remote host.

-T: This parameter forces the Secureshell client to work in interactive mode by specifying a pseudo terminal, even in the case of a given command. It is used to perform a screen-based program on a far-off landlord.

-V: This parameter prints out the version number of the client and exits.

-V: Verbose mode. This parameter enables SSH to print out debug information, which is particularly useful when debugging connections, authentication, and configuration issues.

-x: This parameter is used for x traffic forwarding, x is generally considered unsafe at startup, and it is best to set this parameter for security-sensitive sites. This parameter can be set separately for each host through the configuration file.