Tips server ssh forward reverse proxy, tipsssh

Tips server ssh forward reverse proxy, tipsssh

　　　　

1. ssh userxxxxname@115.28.87.102
(Directly connect to the remote host using ssh instead of connecting to the specific remote host using http or ftp)
Exit and logout close connection exit

 

2. left-connection (left-connected positive connection)

1 ssh-L client_ip (the default value is 127.0.0.1 if omitted): client_port2: server_ip (the IP address a that can be accessed by the server): server_port (the port of) 3. log on to the server username @ Server ip-p server_port (default port for server ssh: 22) 4 5 has a default value, so you can use the domain name instead of-p, and the server ip Address can also be used as the http protocol.

Explanation:
My ip address is in a vro LAN 192.168.1.104 open a port 7900 locally and connect to the server http://test.conglinnet.com left/(this site is on the server ip address 115.28.87.102)
Enter 192.168.1.104: 7900 in the local browser for example 192.168.1.106 in the same LAN as me to open the webpage http://test.conglinnet.com/

Ssh-L 192.168.1.104: 7900: test.conglinnet.com: 80 username@115.28.87.102

In this case, all requests sent to port 192.168.104: 7900 are routed to the specified port on the ssh remote host (115.18.87.102) connected to 192.168.1.104 through port 7900 of port 192.168.1.104,

At the same time, the request response will also return the 7900 port to me. If someone else accesses port 7900, we can see the data on port 7900.

So it is obvious that the remote host does not know which device actually sends the request behind port 7900.
However, requests sent over ssh over port 7900 support ftp, ssh, and http, but it seems that vpn is not supported because gre is not supported.

One key point: mirror the server address and port (including the server itself) that can be accessed by the server to the client port.

 

Right-connection-right-connection reverse connection

1 ssh-R server_ip (the default value is 127.0.0.1 if omitted): server_port: 2 client_ip (the IP address d that can be accessed by the client): client_port (the port that can be accessed by d) 3 Login Server Username @ Server IP-p [server ssh service port (22 by default)] 4

Explanation:
I have a personal pc or I have bought a computer with relatively powerful performance. I want to be a web server. Unfortunately, I am using a fixed ip address on the global Internet, this type of IP address that anyone can access is limited, and the market is still relatively tight
But I got one, and then I want to map my pc to the address that can be accessed, so that the resource is locally accessible to anyone who can access it on the internet, it ran to me to request

(Or forward the request to my pc), and I return the response to it, which sends the response data to anyone in the request.

ssh -R test.conglinnet.com:8999:192.168.1.104:9000 username@115.28.87.102

In this case, anyone accessing the http://test.conglinnet.com: 8999 will actually transfer the request to port 9000 on my local machine (192.168.1.104) in a LAN, I opened a web server on port 9000.

Note:

Of course, there will be some other differences in the specific execution. Here we only describe the principle of ssh. Generally, we will probably do port forwarding again.
Forward port 80 on the server to port 8999, and then anyone can access the http://test.conglinnet.com directly.

There is also the actual fixed ip address and domain name, the most obvious difference is that a fixed ip address usually has n domain names, otherwise it will waste a limited fixed ip address under ipv4

In a word, the key is to mirror the machine address and port that can be accessed by the client (including the client itself) to the server port.

It seems that the communication between applications is between ports.

　　　　

Other common ssh fragments
Ssh-D client_port Login Server Username @ server_ip
Now the socks agent in firefox or ie listens to the client_port on the local machine and it will be OK.

Ssh-v-R 0.0.0.0: 8999: 0.0.0.0: 9000 username@115.28.87.102 // also commonly used 0.0.0.0 to listen to all addresses, worry-free.

Other common parameters of ssh
-Q: silent operation, even if an error occurs, nothing will be prompted.
-F: Background running
-C compression: compression will be faster when the bandwidth is poor, otherwise it will be slower
-I xxx. file: provides the public key file for direct verification.
-L specifies the user name, which is actually the one written before.