"ssh Black Magic": Proxy, port forwarding, and shell sharing

In my best friend's recommendation, I watched this video:

The Black Magic of SSH

In this video, we introduce some of the advanced applications of SSH, and in combination with the experience of the work, two types of questions will help us a lot in our usual work:

1. Two people how to see the same terminal interface

2. How to do port forwarding with a single server

Shell sharing

You can think of this as a character version of VNC or RDP, for example, your machine is having a problem, but you want to see how Daniel handles it, or if you need someone to show you something, you and Daniel need to see the same shell terminal at the same time.

Strictly speaking, this solution is not the credit of SSH itself, the installation of a tmux (screen) can easily solve the problem.

The simple steps are as follows:

1. User A connects to an SSH host and then enters Tmux to create a session

2. User B links to the same host, enter Tmux attach, open the session created by user A

So a, B two users now have a full-duplex terminal: Two people input, the screen display is completely synchronous; Of course, for you two not to fight, or to use it as a half-duplex is good.

SOCKS5 Proxy

"Across The great Wall we can reach every corner in the world."

This is a more sensitive topic, and I'm looking at you for the sake of visiting Google Scholarship and python.org, continue to write it down.

Many people will have a VPS to build a personal blog, so you can use SSH to easily put up a SOCKS5 proxy.

Enter in terminal

Mans SSH

Find the "-D" section, you can see the following explanation: It will occupy the designated port on the host, and then any link to it will be forwarded through the host, and currently only support SOCKS4, SUCKS5 protocol.

So you can connect to a single server like this:

SSH 8888 [email protected]

Then you have a private SOCKS5 proxy, the address is the address of your host, and the port is the parameter after-D.

Port forwarding

Just like 640k of memory is enough for a computer to use, IPV4 is also enough to use, so we have NAT this thing. Then there are two types of questions:

1. Our company has an external machine, and n sets of internal machines, how to let other users can directly access the intranet machine some/some ports

2. I have a public network host, the home has a machine (in the mobile or long-width behind), how to let others can connect to my home computer up

Forward the local request to the remote host: ssh-l

L is the meaning of the local, using the-l parameter, you can send the request to the native to the other address.

For example, I plant has two machines, a machine, O, can be accessed through the external network, and the other one, I, is hiding behind the firewall, but O I, is unimpeded. At this time you run a service on I, want to let everyone can access, and do not have permission to change the firewall settings, then-L can save you: between O and I, do a port forwarding; all the requests to O:port will be forwarded to i:port_1.

Three parameters are supported on the back of-L:

-L [Bind_address:]port:host:hostport

Port: Local Port

Host: Forward to the local port, to which host

Hostport: The port number to be forwarded.

If we want to send a request to the IP1 8000 port, all forwarded to IP2 80 port above, you can establish such a connection on the host of Ip1:

SSH 8000: ip2: [email protected]

That's how it all goes!

If you are willing to spend more time, you will find that ssh behind the hostname, not necessarily need to be ip1, but also can be forwarded

Forward the request to the host to Local: Ssh-r

If you understand the use of-L, then-R is naturally also easy to understand, that is, in turn, the request sent to the host, forwarded back to the local, this method is suitable for the users in various intranet.

My friend Miss S, the company recently sent her a RMBP to format the video recorded by the company, apparently when FFmpeg. Actually I'm talking about me because she's not very good at using the CLI to use FFmpeg. However, she unfortunately chose the long-width, outside the link, in any case, can not actively connect the past, want to introduce on QQ how ffmpeg how to use is not too easy things. If you can ssh directly to her machine, you can do it directly. At this point, the-S is used to forward the remote data to the local.

-r parameter, similar to-l

-R [Bind_address:]port:host:hostport

The request to the host port port is forwarded to the Hostport port on the hosts, so if you want someone else to access your computer, you can do this:

SSH 8000:127.0. 0.1: [email protected]

At this time, any request to hostname:8000 will be forwarded to 127.0.0.1:80.

"ssh Black Magic": Proxy, port forwarding, and shell sharing