亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

SSH tunnel 隧道技術

發布時間:2020-08-04 01:22:00 來源:網絡 閱讀:9115 作者:wavework 欄目:安全技術

概述

常用的隧道技術有三種: 本地(L), 遠程(R)和動態端口轉發(D)

命令格式:

  1. ssh -C -f -N -g -L lPort:dHost:dPort user@rHost // 與rHost建立安全連接, 監聽lPort, 將所有對lPort的請求通過rHost轉發到dHost:dPort
  2. ssh -C -f -N -g -R rPort:dHost:dPort user@rHost // 與rHost建立安全連接, 監聽rport, 將所有對rPort的請求通過rHost轉發到dHost:dPort
  3. ssh -C -f -N -g -D lPort user@Tunnel_Host

Samples:

- ssh -N -f -R 2222:127.0.0.1:22 123.123.123.123

- This example creates a tunnel for HTTP. This will forward port 80 of your localhost to port 80 of www.example.com.

ssh -f -N -q -L 80:localhost:80 username@www.example.com

- This example creates a tunnel for IMAP. Here we forward port 1143 on localhost to 143 (IMAP) on imap.example.com.

ssh -f -N -q -L 1143:localhost:143 username@imap.example.com

- This creates a tunnel from your localhost port 81 to 192.168.1.69 port 80 through dmz.example.com. This lets you see the web server from outside a LAN.

ssh -f -N -q -L 81:192.168.1.69:80 username@dmz.example.com

- This example creates a tunnel for SSH itself, over localhost port 2222.

ssh -f -N -q -L 2222:target-host.example.com:22 username@dmz.example.com

- This example creates a tunnel for IMAP. Here we forward port 1143 on localhost to 143 (IMAP) on 192.168.1.100 through dmz.example.com.

ssh -f -N -q -L 1143:192.168.1.100:143 username@dmz.example.com

- VNC Viewer uses port 5900. This shows a double-hop.

# localhost  -->  wan-gateway  -->  dmz-gateway  -->  vnc-console
ssh -L 5900:localhost:5900 root@wan-gateway.example.com
ssh -L 5900:vnc-console.example.com:5900 root@dmz-gateway.example.com
* reverse port forwarding

This is used in the following situation:

  • You have a server inside a private LAN that you want to connect to from the WAN outside.
  • You can't create a NAT and port forwarding on your firewall to map the machine to the outside.
  • You have a server outside that you can connect to from the server inside the LAN.

- What this does is creates a connection from the server in the LAN to the server outside. Once that connection is established the server outside starts listening on port 2222. All connections to port 2222 are sent back to port 22 of the server in the LAN. Now you can leave this connection running in your office; go home and ssh to your proxy server at port 2222 and you will be connecting to your server inside the LAN on port 22.

ssh -f -N -q -R 2222:localhost:22 my_name@remote.example.com
* tricky reverse forwarding

- This allows a server on an internal LAN expose a service to the outside WAN. For example, I have a database server that will only accept connections from a specific development box. That dev box is inside the firewall. I want to connect to the database from outside the firewall.

ssh -t -L 5432:localhost:1999 my_name@firewall.example.com ssh -t db_server ssh -t -R 1999:127.0.0.1:5432 my_name@firewall
- Using scp through a DMZ gateway to a machine behind a firewall using a tunnel

First you setup port forwarding through an intermediary. This forwards your localhost port 2222 to port 22 on 192.168.1.100. Remember, that 192.168.1.100 is not on your local network; 192.168.1.100 is on the LAN network shared with 208.77.188.166.

ssh -f -N -q -L 2222:192.168.1.100:22 user@208.77.188.166
scp -P 2222 transformers.avi user@localhost:.

A diagram might help. Remember, port 22 is the SSH server port on the 192.168.1.100 machine.

+---------------+        +----------------+        +----------------------+
|     your      |        |  remote DMZ    |        | server on remote LAN |
| local machine |        |    server      |        |    192.168.1.100     |
|               |        | 208.77.188.166 |        |                      |
|         2222:  >-------|                |-------> :22                   |
|               |        |\______________/|        |                      |
|               |        |                |        |                      |
+---------------+        +----------------+        +----------------------+

 

-f Fork into background after authentication

-C Enable compression

-N Do not execute a shell or command. 不執行腳本或命令,通常與-f連用。

-g Allow remote hosts to connect to forwarded ports.

 

 

Reference

http://noah.org/wiki/SSH_tunnel (En, very good)

http://netsecurity.51cto.com/art/201304/390460.htm

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

杭锦后旗| 同江市| 平遥县| 铁力市| 肇源县| 洞头县| 新泰市| 娄烦县| 南投市| 惠州市| 通州市| 时尚| 昭平县| 朝阳县| 隆回县| 峡江县| 宁河县| 全州县| 玉门市| 宁陵县| 墨玉县| 新宁县| 加查县| 满城县| 四子王旗| 鸡东县| 福州市| 崇仁县| 济南市| 静海县| 长阳| 得荣县| 漯河市| 大冶市| 慈溪市| 乌审旗| 寻甸| 万宁市| 宜阳县| 虎林市| 江北区|