SSH principle and Application (ii): remote operation and Port forwarding

Source: Internet
Author: User
Tags tar xz

SSH principle and Application (ii): remote operation and Port forwarding

Nanyi

(Image credit:tony Narlock)

Seven, remote operation

SSH can be used not only for remote host logins, but also to perform operations directly on remote hosts.

The previous section of the operation is an example:

$ SSH [email protected] ' mkdir-p. SSH && cat >>. Ssh/authorized_keys ' < ~/.ssh/id_rsa.pub

The middle part of the single quotation mark, which represents the operation performed on the remote host, followed by an input redirect indicating that the data was passed through SSH to the remote host.

This means that SSH can create a transmission channel for commands and data between the user and the remote host, so many things can be done via SSH.

Let's look at a few examples.

"Example 1"

Copy all files under the $home/src/directory to the $home/src/directory of the remote host.

$ cd && tar czv src | SSH [email protected] ' tar xz '

"Example 2"

Copy all files under the remote host $home/src/directory to the user's current directory.

$ SSH [email protected] ' tar cz src ' | Tar Xzv

"Example 3"

See if the remote host is running process httpd.

$ SSH [email protected] ' PS Ax | grep [h]ttpd '

Viii. binding the port of the ground

Now that SSH can transmit data, we can improve security by allowing unencrypted network connections to go all the way to SSH connections.

Let's say that we want to have 8080 port data passed through SSH to the remote host, and the command reads:

$ ssh-d 8080 [email protected]

SSH will create a socket to listen to the local 8080 port. Once the data is transmitted to that port, it is automatically transferred to the SSH connection and destined for the remote host. As you can imagine, if port 8080 turns out to be an unencrypted port, it will now become an encrypted port.

Nine, local port forwarding

Sometimes, it is not enough to bind the port, and you must specify the destination host for the data transfer, thus forming a point-to-point "port forwarding". In order to differentiate the "Remote port Forwarding" later, we refer to this situation as "Local port Forwarding" (locally forwarding).

Assuming that Host1 is a local host, HOST2 is a remote host. For a variety of reasons, the two hosts are not connected to each other. However, there is also a host3 that can connect the front two hosts at the same time. So the natural idea is to connect host1 to Host2 through HOST3.

We execute the following command in Host1:

$ ssh-l 2121:host2:21 Host3

The l parameter in the command accepts a total of three values, namely "Local Port: Destination Host: Destination host port", separated by colons. The meaning of this command is to specify SSH to bind the port 2121, and then specify HOST3 to forward all data to 21 ports on the target host host2 (assuming HOST2 runs FTP, the default port is 21).

In this way, we simply connect the host1 2121 port, which is equal to the HOST2 21 port.

$ ftp localhost:2121

"Local port Forwarding" makes the host1 and host3 seem to form a secret tunnel of data transmission, and is therefore called the "SSH Tunnel".

Here is a more interesting example.

$ ssh-l 5900:localhost:5900 Host3

It indicates that the 5900 port of the native is bound to port 5900 of Host3 (this is HOST3, because the target host is relative to HOST3).

Another example is the port forwarding via HOST3, SSH login host2.

$ ssh-l 9001:host2:22 Host3

At this point, as long as SSH login to the 9001 port of this machine, it is equivalent to login host2.

$ ssh-p 9001 localhost

The-p parameter above indicates the specified login port.

Ten, remote port forwarding

Since "Local port forwarding" refers to the forwarding of the bound port, "Remote port Forwarding" (forwarding), of course, refers to the forwarding of the bound remote port.

Or continue to look at the above example, host1 and host2 can not be connected, must be forwarded with the help of Host3. However, special circumstances have arisen, HOST3 is an intranet machine, it can connect the host1 of the outside network, but in turn, the external network host1 not connected to the host3 of the intranet. At this time, "Local port Forwarding" can not be used, how to do?

The solution is, since host3 can even host1, then from the host3 to establish an SSH connection with host1, and then use this connection on the host1.

We execute the following command in HOST3:

$ ssh-r 2121:host2:21 host1

The R parameter also accepts three values, namely "Remote host Port: Destination Host: Destination host port". The meaning of this command is to let Host1 listen to its own 2121 port and then forward all the data through HOST3 to the port of Host2 21. Because Host1 is a remote host for HOST3, this is referred to as a "remote port binding".

After binding, we can connect host2 in host1:

$ ftp localhost:2121

It must be noted here that the "remote port forwarding" condition is that both the host1 and the Host3 two hosts have sshd and SSH clients.

Xi. other parameters of SSH

SSH also has some other parameters that are worth introducing.

The n parameter, which indicates that only the remote host is connected, does not open the remote shell;t parameter, indicating that no TTY is allocated for this connection. This two parameter can be used together, which means that the SSH connection is used only to transmit data and does not perform remote operations.

$ ssh-nt-d 8080 Host

The f parameter, which indicates that the SSH connection is successful and runs in the background. This allows you to perform other operations in the local shell without interrupting the SSH connection.

$ ssh-f-D 8080 Host

To close this background connection, you only kill the process with the kill command.

SSH principle and Application (ii): remote operation and Port forwarding

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.