Cause
Recently encountered one thing: B classmate in his computer Ubuntu
virtual machine learning to build a server encountered a problem, I want to help him look. I can not always a QQ Remote Desktop connected to the past, so the operation will be stuck to crash. The ssh
past is the best way, but his computer with me is not a local area network, but also virtual machine, how to connect the past?
How to solve?
There are two ways of doing this:
ssh
Create a reverse tunnel via command via a public network server
ngrok
creating a reverse tunnel through third-party services tcp
They all have the principle of using a reverse tunnel, the principle is:
The difference between forward and reverse is that the forward connection is the user operating the server resource through its own client, and the reverse connection is the user operating the client resource through the server . Combined Understanding:
- Client 1
ssh
connection to the public network server, all operations are on the server, so called 正向隧道
;
- When the client 2
ssh
connects the port of the public network server 2244
, the public server forwards the client 1, and the user operates client 1 through the public network server, so the connection of the public network server to client 1 is called 反向隧道
.
The first of these methods
客户端1
You can create a reverse tunnel by executing a command:
$ssh -N -f -R *:2244:localhost:22 106.10.10.xxx
Which -N
indicates not to execute the command, only forward; -f
Indicates running in the background; -R
Represents a reverse tunnel; *:2244:localhost:22
Represents the port of the listening server 2244
, and all packets are forwarded to the local 22
port; 106.10.10.xxx
to the server IP
.
I just need 客户端2
ssh -p 2244 [email protected]
to be able to connect the computer in the execution 客户端1
.
The actual use will find that the channel will often automatically disconnect, which is normal phenomenon. You can autossh
disconnect the connection by implementing it. autossh
before use, you must make sure that the client and server connection use a password-free key pair to log in.
$autossh -M 5678 -N -f -R *:2244:localhost:22 106.10.10.xxx
This -M 5678
means that 5678
the connection status is monitored through the port, and a problem is re-connected.
The second Kind
Using ngrok
(1.x version) is much easier, a command is done, do not need to know the server password or public key, suitable for third-party server to provide springboard services.
$ngrok-proto=tcp 22ngrok (Ctrl + C to quit) Tunnel Status Online Version 1.7/1.7 Forwarding tcp://106.10.10.xxx:2244-127.0.0.1:22 Web Interface 127.0.0.1:4040 # Conn 0 AVG Conn Time 0.00ms
Based on the above output, I just need to be ssh -p 2244 [email protected]
able to connect 客户端1
the computer on client 2.
By default, ngrok
the forwarding port is random, if you want to pin, edit ~/.ngrok
, add the channel as follows:
server_addr: 106.10.10.xxx:4443trust_host_root_certs: falsetunnels: ssh: proto: tcp: "22" remote_port: 2244
Then start with the following command:
ngrok start ssh
How series-How does the public network SSH into the intranet Linux system?