Use SSH tunnel to act as an agent or springboard

The previous article

http://www.cnblogs.com/piperck/p/6188984.html using SSH config profile to manage SSH connections

The previous article described how to configure your own SSH config to easily manage your SSH connection, and how to use Ssh-add to store your own key password. Next, we will discuss the use of SSH to do forwarding and springboard of the relevant practice.

First, let's start with a situation like this:

Our external firewall blocks some common ports, and now only 22 80 and 443 are available for SSH http and HTTPS services, and now I can build tunnel with remote hosts. The traffic on a local port is forwarded via tunnel to the specified port on the remote host by command.

Ssh-l is doing this. For example, I want to forward traffic on the local 3306 port to 9999 ports on the destination host via the SSH23 port, which can be used

Ssh-l 3306:127.0.0.1:9999 Target_host

At the same time this command yes can be written using SSH config as follows:

Host tokyo-Hot    host target_host    Localforward 9906 127.0.0.1:3306
    User:piperck

Another very useful, can use SSH to easily cross the wall

Use the ssh-d command to directly proxy to the target, and the target will be automatically monitored and forwarded. Support SOCKS4 SOCKS5 agent. SSH can act as a SOCK5 proxy server here. Specify a port that is then forwarded by this port as the SOCKS proxy server.

SSH-TND 9999 [email protected]_server port after the target SSH to the target host can establish a simple SOCK5 proxy service. If your machine is outside the wall, then you will be able to use this SSH tunnel FQ. The traffic is proxied by port 9999.

I understand that the flow of traffic is approximately the order of the application port---Port Proxy Server (9999)->ssh (22) Target host, Return data to the original path, the destination address, on behalf of.

This is equivalent to making an external server a springboard to access additional destination addresses from the springboard. If you like even can nest SSH commands to log on to multiple machines like:

SSH ssh -a-t target_2 .....

Use this chain all the way down the road (the-a parameter is used here because the target host stores the public key of the local computer if it is not the local public key, but Target_1 's public key can remove this parameter).

In addition, there is a way to achieve this continuous jump.

Reference:

Http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/Simplify your life and an SSH config file

http://www.cnblogs.com/-chaos/p/3378564.html ssh-d-l-r Differences

http://www.cnblogs.com/piperck/p/6188984.html using SSH config profile to manage SSH connections

Use SSH tunnel to act as an agent or springboard