A method of constructing tunneling through SSH protocol to achieve data encryption transmission _ server Other

OpenSSH, when implemented, provides us with a simple and easy to use geek function--port forwarding. Said to be a function, in fact, is two uses, a call local port forwarding, called a remote port forwarding.

SSH port forwarding is actually similar to the iptables port data forwarding function, that is, the request in one of the specified port data, forwarding to another specified port. Oh, very abstract AH ~

The following are the specific uses:
Two comments below: Local: The initiator of the SSH command; Remote: The connection side of the SSH command. The environment in which the command is executed is based on *nix or a tool that can achieve the effect of the SSH command (such as putty-related), where the service is in an environment of no service type and operating system-agnostic.

One of the SSH port forwarding: Local Port forwarding
Local port forwarding refers to the use of SSH commands to listen a port on the local server (such as 8000), and then the data request to access the port is forwarded to a service port on the remote server (for example, 3306).
Someone may say nonsense, can't I connect directly? You still use this?
In fact, this has two scenes you may not think of: 1, when the need for data encryption transmission, 2, when the service port can only be accessed through the springboard can not directly access, such as some hosts are not extranet IP. These two scenes, direct connection is not possible.

An example is provided:
Suppose I have a local virtual machine host1 (192.168.1.100) working machine, Server HOST2 (54.100.1.2) is used as a springboard, and server Host3 (10.0.0.9) is deployed with MySQL service (Port 3306). HOST3 is not open to outsiders. Host1 and Host2 can be directly connected via SSH. Host2 and host3 between LAN, firewall interoperability.
When I host1 the Web server above to access the MySQL service above host3, direct access is definitely not going to work. Because it doesn't make sense. At this point, we can implement the port forwarding function via SSH.
On Host1, execute the following command:

#ssh-cnfg-l 8000:10.0.0.9:3306 dbfen@54.100.1.2

Then enter the SSH password for the Dbfen account on Host2. At this point, we are on the host1, by accessing the local 192.168.1.100:8000 port, which is the 3306 port above the accessed host3. Host3 on the MySQL authorization, for HOST3 (10.0.0.9) to authorize.
Because it is through the SSH long link, this may achieve data forwarding and data encryption transmission.
What do you think? Isn't that great?
PS: We use the myentunnel wall tool, is the use of plink tools to achieve the local port forwarding ~ ~ ~

SSH port Forwarding bis: Remote port forwarding
Remote port forwarding is the listen of a port (such as 8000) on a remote server via an SSH command, and then the data request to access the port is forwarded to a local service port (for example, 3306).
Forwarding to the local port just against the ~

An example is provided:
Suppose I have a local virtual machine host1 (192.168.1.100) working machine, Server HOST2 (54.100.1.2) is used as a springboard, and the company development Machine HOST3 (192.168.117.100) is deployed with MySQL service (Port 3306). HOST3 is a development machine, no public network IP, access to the extranet. Host1 and Host2 can be directly connected via SSH. Host3 can be directly connected to the HOST2.
Now I am at home, when I want to visit the company's development machine, development, testing, stingy boss and did not deploy VPN, absolutely force is impossible ... Yes... It's impossible. But the Damned boss (small do not let Dbfen boss saw ha) and asked to solve the problem ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Bitter Siege Lions ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Do I climb to the company in the middle of the night????????????
God, don't kill me! I have SSH remote port forwarding!
Before leaving the company, execute the following command on the company development Host3:

#ssh-cnfg-r 8022:192.168.117.100:22 dbfen@54.100.1.2

Then enter the SSH password for the Dbfen account on Host2. At this time, I am at home, I am on business, I am on the plane, I am on the sea, as long as I can surf the internet, to host2, haha, direct ssh to Host2, and then on Host2, enter the following command:

# SSH Root@127.0.0.1-p 8022

Enter HOST3 on the root of the SSH password ~ development machine, I come to ~ ~ ~ Boss, I am working to solve the problem, I do not have to go to the company, I can quickly solve the problem ~ ~ ~ ~

Are you happy?
Uh, wait, you this, there is a little problem ah, I host2 the server has to open host2 ssh port, host2 above there are important data ~ Now black wide grasshopper good fierce ~ ~ ~ ~ Pro, there is a solution, attach a local port forwarding immediately solve the problem, Execute the following command on the HOST2

# ssh-cnfg-l 8024:127.0.0.1:8022 dbfen@54.100.1.2

Then enter the SSH password for the Dbfen account on Host2. Later in the home, in the sea, in the sky, I only need direct access to 54.100.1.2:8024 can automatically access the upper Host3 above the 22 port, no longer need to land host2 (you can host2 all the ports except 8024, all sealed), and then landed HOST3 ~ ~ ~

What's up, is there a dick? Yi, feel this function where I have seen ah ~ this thing I have seen. Yes, peanut shell agent! This is a different realization!

Come home from work ~ ~ ~ We can also work at home ~ ~ ~
Wait a minute...
Since everyone is so hi, I would like to tell you an application scene, out of the grasshopper, there is no such situation: when a function or something you are unfamiliar with, you need to turn to the relevant colleagues, and the client's server does not allow remote landing, this colleague in the distant horizon ... What do we do, let ya fly over? I guess the boss won't let me. Ha, I have QQ assistance ~ ~ ~
Ah ~ You're 2,QQ Remote Assistance is also used by people? Delayed to make people crazy ~
There's a way.
Take your laptop (host1), go to the customer's room, a network cable access to the client's server (HOST2), WiFi connection to the external network, find a temporary extranet server (HOST3), the operation is as follows:
On Host3, execute the following command:

# ssh-cnfg-l 8022:127.0.0.1:8021 root@127.0.0.1

Enter Host3 's root password
On Host1, execute the following command:

# ssh-cnfg-r 8021:host2:22 Root@host3

Enter Host3 's root password
Then let the colleague Ya hurriedly connect host3:8022 client server, solve the problem for the customer!!!