Introduction to implementing Linux Global proxy ssh using SSH tunneling +privoxy
SSH is the abbreviation for secure Shell, which is developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer. SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process. SSH was originally a program on a UNIX system, and later expanded quickly to other operating platforms. SSH can compensate for vulnerabilities in the network when it is used correctly. The SSH client is available on a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and other platforms-can run SSH.
SSH provides two levels of security verification:
- First level (password-based security authentication)
- The second level (key-based security authentication) SSH consists mainly of three parts:
- Transport layer Protocol [Ssh-trans]
- User authentication protocol [Ssh-userauth]
- Connection Agreement [Ssh-connect]
To establish an SSH local listener socket, you can use the ssh-d command to specify local "dynamic" application-level port forwarding. Listen on the local port by assigning a socket. When you connect a bound port, the connection forwards the data to the secure channel, and then uses the application protocol to determine the location from the remote computer to which you want to access. The SOCKS4 and SOCKS5 protocols are supported, and SSH can be used as socks server.
Usage:
ssh -D 0.0.0.0:12345 -i /private/key/file [email protected] -p serverport
The above command uses SSH to connect to the ServerA, and listens to 12345 ports of all local network cards, and the data access forwarded via the local 12345 port will be sent to the ServerA end via SSH tunnel. This enables access to some of the unreachable networks, such as ServerA's internal network.
Linux Global Agent
The Linux global agent can be defined using the Http_proxy variable, http_proxy as the HTTP protocol and cannot be proxied directly through the socket protocol, so privoxy is required for socket2http operations
Privoxy
It's easy to install first
apt-get install privoxy
Edit the configuration file after installation is complete
vim /etc/privoxy/config#添加如下内容forward-socks5 / 10.120.1.241:12345 .
10.120.1.241 is the native IP, 12345 is the other machine that connects the SSH tunnel to the external server side via SSH tunnel. Restart Privoxy after completion
/etc/init.d/privoxy restart
Privoxy will listen on the 8118 port, of course, can also be modified in the configuration file, and then set http_proxy for Privoxy monitoring ip:port. Here is
export http_proxy=127.0.0.1:8118
After the completion of the identity of ServerA network access, the use can be downloaded outside the network resources, such as Docker hub, GIT, etc. on the domestic not easy to download files.
Implementing the Linux Global Agent using SSH tunneling +privoxy