Create a 7x24 online SSH proxy

Source: Internet
Author: User
Tags ssh server
The main purpose of this function is to fully compress and use the PT server at home, so that other network devices in the home can smoothly access the Internet through the shared socket5 proxy. You know, SSH supports port forwarding. SSH in the current connection status can be shared as the socket5 proxy, mainly using the-D parameter of the ssh command. In addition

The main purpose of this function is to fully compress and use the PT server at home, so that other network devices in the home can smoothly access the Internet through the shared socket5 proxy. You know, SSH supports port forwarding. SSH in the current connection status can be shared as the socket5 proxy, mainly using the-D parameter of the ssh command. In addition, in Linux/U

The main purpose of this function is to fully compress and use the PT server at home, so that other network devices in the home can access the Internet smoothly through the shared socket5 proxy, you know ......

We all know that SSH supports port forwarding and shares SSH in the current connection status as the socket5 proxy, mainly using the-D parameter of the ssh command. In addition, on Linux/Unix platforms, passwords are usually required to run SSH commands. We need to make some settings so that SSH can be verified through the public key, this saves you the trouble of entering a password. If you are using a windows platform, it is much more convenient. We recommend that you use Tunnelier, which not only saves the SSH user name and password, but also can automatically disconnect and reconnect. With this tool, you can ignore this article ......

The following describes how to verify SSH logon using the public key in Linux/Unix:

1. You need to generate a public key on your client machine and use the following command:

ssh-keygen -t rsa

Follow the prompts and press enter one step to generate a pair of keys, including the private key and public key, and then use scp/SFTP/rsync/FTP and other methods, upload the file id_rsa.pub containing the public key to the server connected to your SSH client.

2. Connect to the server through SSH, set the SSH authentication method, and remove the following two annotations in the SSH configuration file to make it take effect:

PubkeyAuthentication yes
AuthorizedKeysFile. ssh/authorized_keys

Enable public key verification and specify the path where the key is stored. For example, if you use user1 to log on to SSH, you must set the public key file: idThe/home/user1/. ssh/uploaded by rsa. pub to the server is renamed as authorized.Keys

After completing the steps, restart the sshd service, and then the client can use the public key to connect to SSH.

After completing the preceding two steps, We can edit a shell file, for example, AutoSSH. sh. The content is as follows:

/usr/bin/ssh -p 24 -N -D 0.0.0.0:7070 user1@YourDomain.com &

Grant the executable permission to the script and execute it. You will find that the SSH connection is successful automatically and listen to port 7070 on the local machine. This is a socket5 proxy, and then give full play to your wisdom, what should I do, such as Firefox + AutoProxy or Chrome + Proxy SwitchySharp ...... I won't go into detail ......

Note that the IP address after-D must be 0.0.0.0. In this way, the socket5 proxy can be accessed by other machines in the local area network. Otherwise, only 127.0.0.0 of the local machine is monitored by default: 7070, other machines cannot access it!

This article seems to be coming to an end. However, after using it for a while, you will find a serious problem. This SSH seems to be usable for a while, after a while, the script is automatically disconnected, and you have to manually run the script again and again.

What is this? It turns out that SSH has a free time by default. When the client does not perform any operation at a certain idle time, the server will take the initiative to disconnect the SSH connection.

There are two parameters in the configuration file of the SSH server: ClientAliveInterval and ClientAliveCountMax, which are used to control the maximum idle time.

The ClientAliveInterval value is second. For example, if you set it to 300, It is 5 minutes.

ClientAliveCountMax indicates that if the client is not found to have a corresponding timeout value, a timeout value is determined. This parameter sets the number of times that timeout is allowed. For example:

ClientAliveInterval 300
ClientAliveCountMax 5;

The timeout value is 1500 seconds = 25 minutes.

By changing the value size, you can ensure the maximum idle time of the SSH connection. However, it seems that this method is not reliable. Once the network encounters a problem or another cause causes the SSH connection port, you still have to manually run the SSH connection script.

In this case, we have to work on our own. I wrote a simple program using ruby to check whether the SSH connection is disconnected, and since running the SSH connection script:

#!/usr/local/rvm/bin/ruby#AutoSSH.rb#Written by Timothy 2012.11.19#Run it with: ruby AutoSSH.rb &lambda{PORT_NUM = "0.0.0.0:7070"GREP_STR = "netstat -anp|grep #{PORT_NUM}"SHELL_PATH = "/root/AutoSSH/AutoSSH.sh &"pipe = IO.popen(GREP_STR)result = pipe.getsif((result != nil)  && (result.include? PORT_NUM))    returnelse    p 'SSH is disconnected! Will reconnect it!'    system SHELL_PATHend}.call

The function of this program is to check whether 0.0.0.0: 7070 is listening. You may need to configure AutoSSH as needed. sh file path, and then add the script to the scheduled task of the system to execute and check it every minute. In case of an SSH connection port, it will immediately reconnect to SSH. If the ruby environment is not configured on your machine, You can google to learn how to install ruby.

By now, you have a 7*24-hour SSH proxy for other machines in your home.

Disclaimer: The articles and essays in this Blog only represent the author's views and conclusions within a specific period of time, and do not provide any guarantees or assumptions for their completeness or correctness.
All articles on this site use the knowledge sharing signature-share the 3.0 protocol in the same way for authorization, unless indicated, this site article is original, reprinted please note

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.