Home > Others

SSH forward and Reverse tunnel

Source: Internet
Author: User
Tags ssh server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


Forward Tunnel


The topology is as follows:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7F/A8/wKiom1coD96CeuYIAAAnPHayOLU217.png "title=" 1.png " alt= "Wkiom1cod96ceuyiaaanphayolu217.png"/>

Description

The client cannot access the Web server directly, and the agent can access the Web server;

By creating an SSH forward tunnel on the agent, the client can access the Web server indirectly through the agent;

The agent requires an SSH client and a server.


The execution instructions on the agent are as follows:

[[email protected] ~]# [[email protected] ~]# netstat -antp |  Grep 8880[[email protected] ~]# ssh -g -f -nl 100.1.1.100:8880[[email  protected] ~]# [[email protected] ~]# [[email protected] ~]#  Netstat -antp | grep 8880[[email protected] ~]# [[email protected]  ~]# ssh -g -f -nl 100.1.1.100:8880:172.19.2.250:80 [email protected][ Email protected] ' s password: [[email protected] ~]# netstat -antp |  grep 8880tcp        0      0  100.1.1.100:8880            0.0.0.0:*                     Listen      3826/ssh            [[email  protected] ~]#


Description: Log in to 100.1.1.100 (yourself) using the root account and map your 8880 port to the 172.19.2.250 80 port.

In the Client Access test:


650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7F/A8/wKiom1coEW3A4BmrAAA_vKW-hZM183.png "title=" 3.png " alt= "Wkiom1coew3a4bmraaa_vkw-hzm183.png"/>

Test success!


Another topology:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/A6/wKioL1coEmeDx1tkAAApi31WDMk879.png "title=" 2.png " alt= "Wkiol1coemedx1tkaaapi31wdmk879.png"/>

Description

AGENT2 and client cannot access the Web server directly, only AGENT1 can access the Web server;

Create an SSH forward tunnel between AGENT2 and AGENT1 so that the client can access the Web server through AGENT2;

AGENT2 need to install SSH client, AGENT1 need to install SSH server.


Execute the instructions on the AGENT2 as follows:


Description: Connect to AGENT1 via the root user ssh on AGENT2 and map its 8880 port to the 80 port on the web.

[Email protected]~]# ssh-g-f-nl 100.1.1.1:8880:172.19.2.250:80 [email protected]


The host (SSH client) that creates the tunnel in the above two topologies can also be a Windows host, which can be implemented using tools such as Xshell, Putty, and a second topology, using the Xshell example set as follows:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7F/A7/wKioL1coFcWhJXeLAACkkSis11c029.png "style=" float: none; "title=" 1.png "alt=" Wkiol1cofcwhjxelaackksis11c029.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/A8/wKiom1coFPLzGwchAACVX8x9Fgs741.png "style=" float: none; "title=" 2.png "alt=" Wkiom1cofplzgwchaacvx8x9fgs741.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/A7/wKioL1coFcXAhn6YAADx9rqXuTM404.png "style=" float: none; "title=" 3.png "alt=" Wkiol1cofcxahn6yaadx9rqxutm404.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/A7/wKioL1coFcaBFRFhAACRxEEjCX4821.png "style=" float: none; "title=" 4.png "alt=" Wkiol1cofcabfrfhaacrxeejcx4821.png "/>

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7F/A8/wKiom1coFPOyqzRSAABq2-dxm9w314.png "style=" float: none; "title=" 5.png "alt=" Wkiom1cofpoyqzrsaabq2-dxm9w314.png "/>

Open Session Link

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7F/A8/wKiom1coFPPj7RdLAABG9FqJ2Us635.png "style=" float: none; "title=" 6.png "alt=" Wkiom1cofppj7rdlaabg9fqj2us635.png "/>

Local Port already listening

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7F/A7/wKioL1coFcfDReFZAAB3PHBdHhw160.png "style=" float: none; "title=" 7.png "alt=" Wkiol1cofcfdrefzaab3phbdhhw160.png "/>

Access test

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7F/A7/wKioL1coFcfDcXuZAABD_8q3URI180.png "style=" float: none; "title=" 8.png "alt=" Wkiol1cofcfdcxuzaabd_8q3uri180.png "/>

Test success!


Note: If you create an SSH tunnel using similar SSH client tools such as Xshell, the disconnection of the connection session will cause the tunnel to fail, while the Linux SSH client will not.



Reverse Tunnel

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/A7/wKioL1coLV-ABbewAAAoyAnHlh4351.png "title=" 1.png " alt= "Wkiol1colv-abbewaaaoyanhlh4351.png"/>

Description

The client cannot directly access the AGENT1, at which point the AGENT1 can be used to establish a reverse tunnel between the web and the client to access the port 22 of the AGENT1;

AGENT1 need to install SSH client, the Web needs to install SSH server;


Execute the instructions on the AGENT1 as follows:

[[email protected] ~]# ssh 172.19.2.250[email protected] ' s password: Last  login: Tue May  3 11:35:00 2016 from 192.168.6.44[[email  protected] ~]# netstat -antp | grep 22022[[email protected] ~]# [ [Email protected] ~]# exitlogoutconnection to 172.19.2.250 closed. [[Email protected] ~]# ssh -g -f -nr 172.19.2.250:22022:100.1.1.100:22  [email protected][email protected] ' S password: permission denied, please  try again. [email protected] ' s password: [[email protected] ~]# netstat -antp |  grep 22022[[email protected] ~]# ssh 172.19.2.250[email protected] ' s  password: last login: tue may  3 11:35:26 2016 from  192.168.6.44[[email p rotected] ~]# netstat -antp | grep 22022tcp         0      0 127.0.0.1:22022              0.0.0.0:*                    LISTEN       19370/sshd          tcp         0      0 ::1:22022                    :::*                           LISTEN      19370/sshd           [[email protected] ~]#

Description: First verify that you are not listening on the 22022 port on the Web server, and then perform the reverse tunnel creation instructions on the agent. It means to map 100.1.1.100 of 22 ports to the 22022 port of 172.19.2.250, and after execution, the discovery Web service listens on 22022 ports, but IP is 127.0.0.1, the workaround is to put the Web server's SSH service in the configuration file " Gatewayports No "change to Yes, restart the SSH service and recreate the reverse tunnel on the AGENT1 

[[email protected] ~]# netstat -antp | grep 22022tcp         0      0 0.0.0.0:22022                0.0.0.0:*                    LISTEN       20614/sshd          tcp         0      0 :::22022                     :::*                          LISTEN      20614/sshd           [[email protected] ~]#

Link test:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7F/A7/wKioL1coHc2CwF1rAABWLdysXv0618.png "title=" 1.png " alt= "Wkiol1cohc2cwf1raabwldysxv0618.png"/>

Link Successful!


When you create a reverse tunnel using Xshell, you can modify the type

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/A7/wKioL1coHmDglQ4aAAD1agbriHA094.png "title=" 1.png " alt= "Wkiol1cohmdglq4aaad1agbriha094.png"/>

This article is from the "retrograde person" blog, please be sure to keep this source http://lingyi.blog.51cto.com/2837715/1769613

SSH forward and Reverse tunnel

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ssh tunnel server ssh tunnel rdp ssh vpn tunnel ssh tunnel proxy download ssh tunnel python ssh tunnel mysql mysql ssh tunnel

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More