How series-How does the public network SSH into the intranet Linux system?

Cause

Recently encountered one thing: B classmate in his computer Ubuntu virtual machine learning to build a server encountered a problem, I want to help him look. I can not always a QQ Remote Desktop connected to the past, so the operation will be stuck to crash. The ssh past is the best way, but his computer with me is not a local area network, but also virtual machine, how to connect the past?

How to solve?

There are two ways of doing this:

1. sshCreate a reverse tunnel via command via a public network server
2. ngrokcreating a reverse tunnel through third-party services tcp

They all have the principle of using a reverse tunnel, the principle is:

The difference between forward and reverse is that the forward connection is the user operating the server resource through its own client, and the reverse connection is the user operating the client resource through the server . Combined Understanding:

• Client 1 ssh connection to the public network server, all operations are on the server, so called 正向隧道 ;
• When the client 2 ssh connects the port of the public network server 2244 , the public server forwards the client 1, and the user operates client 1 through the public network server, so the connection of the public network server to client 1 is called 反向隧道 .

The first of these methods

客户端1You can create a reverse tunnel by executing a command:

$ssh -N -f -R *:2244:localhost:22 106.10.10.xxx

Which -N indicates not to execute the command, only forward; -f Indicates running in the background; -R Represents a reverse tunnel; *:2244:localhost:22 Represents the port of the listening server 2244 , and all packets are forwarded to the local 22 port; 106.10.10.xxx to the server IP .

I just need 客户端2 ssh -p 2244 [email protected] to be able to connect the computer in the execution 客户端1 .

The actual use will find that the channel will often automatically disconnect, which is normal phenomenon. You can autossh disconnect the connection by implementing it. autossh before use, you must make sure that the client and server connection use a password-free key pair to log in.

$autossh -M 5678 -N -f -R *:2244:localhost:22 106.10.10.xxx

This -M 5678 means that 5678 the connection status is monitored through the port, and a problem is re-connected.

The second Kind

Using ngrok (1.x version) is much easier, a command is done, do not need to know the server password or public key, suitable for third-party server to provide springboard services.

$ngrok-proto=tcp 22ngrok                                                                                                                                                                     (Ctrl + C to quit)                                                                                                                                                 Tunnel Status Online                                                                                                                                    Version 1.7/1.7                                                                                                           Forwarding tcp://106.10.10.xxx:2244-127.0.0.1:22                                Web Interface 127.0.0.1:4040                                                                                                         # Conn                                                                                                                                                      0 AVG Conn Time 0.00ms

Based on the above output, I just need to be ssh -p 2244 [email protected] able to connect 客户端1 the computer on client 2.

By default, ngrok the forwarding port is random, if you want to pin, edit ~/.ngrok , add the channel as follows:

server_addr: 106.10.10.xxx:4443trust_host_root_certs: falsetunnels:  ssh:    proto:      tcp: "22"    remote_port: 2244

Then start with the following command:

ngrok start ssh

How series-How does the public network SSH into the intranet Linux system?