参考链接 https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/
https://www.escapelife.site/posts/e6647650.html
https://blog.csdn.net/scwMason/article/details/111152300
准备
- 公网服务器B
- 需要访问的目标内网服务器A
公网服务器配置
修改公网主机 B 的 SSH 配置文件/etc/ssh/sshd_config
GatewayPorts yes
1
这样可以把监听的端口绑定到任意 IP 0.0.0.0 上,否则只有本机 127.0.0.1 可以访问。
重启 sshd 服务
sudo service sshd restart
内网服务器配置
在内网主机 A 上,执行以下命令安装 AutoSSH
How to install AutoSSH on various systems via their package manager.
| OS | Install method |
|---|---|
| Debian / Ubuntu | $ sudo apt-get install autossh |
| CentOS / Fedora / RHEL | $ sudo yum install autossh |
| ArchLinux | $ sudo pacman -S autossh |
| FreeBSD | # pkg install autossh or # cd /usr/ports/security/autossh/ && make install clean |
| OSX | $ brew install autossh |
Alternatively you can also compile and install AutoSSH from source:
wget http://www.harding.motd.ca/autossh/autossh-1.4e.tgz
gunzip -c autossh-1.4e.tgz | tar xvf -
cd autossh-1.4e
./configure
make
sudo make install断线免密登录自动重连
ssh 反向链接会因为超时而关闭,如果关闭了那从外网连通内网的通道就无法维持,为此我们需要结合免密码登录及 AutoSSH 来提供稳定的 ssh 反向代理隧道。
1、在内网主机 A 上产生公钥和私钥
ssh-keygen
然后按三次回车执行默认选项生成公钥和私钥。会生成密钥文件和私钥文件 id_rsa,id_rsa.pub 或 id_dsa,id_dsa.pub
2、拷贝秘钥 在内网主机 A 上继续执行如下命令,将内网主机 A 上的秘钥文件 copy 到公网主机 B 中。
ssh-copy-id username@ip
其中“username”是公网主机 B 的用户名,ip 为公网主机 B 的 ip,然后按照提示输入公网主机 B 的密码就完成了。
启动autossh
注意
前提是公网服务器的22001端口(也可自定义)已经开放,没有的话先去设置安全组
autossh -M 4010 -NR 10022:localhost:22 root@XXX.XXX.XXX.XXX参数解释:
- “-M 4010”意思是使用内网主机 A 的 4010 端口监视 SSH 连接状态,连接出问题了会自动重连
- “ -N”意思是不执行远程命令
- “-R”意思是将远程主机(公网主机 B)的某个端口转发到本地指定机器的指定端口
代码解释:
“22001:localhost:4000”意思是将内网主机 A 的 4000 号端口转发至公网主机 B 的 22001 号端口上
“username@xxx.xxx.xxx.xxx”意思是公网主机 B 的用户名和 IP
“-p xxxx”意思是公网主机 B 的 SSH 端口,如果是默认的 22 号端口,则可以不输入.
查看端口情况
lsof -i:4010
AutoSSH during boot with systemd
If you want a permanent SSH tunnel already created during boot time, you will (nowadays) have to create a systemd service and enable it. There is however an important thing to note about systemd and AutoSSH: -f (background usage) already implies AUTOSSH_GATETIME=0, however -f is not supported by systemd.
http://www.freedesktop.org/software/systemd/man/systemd.service.html
[…] running programs in the background using “&”, and other elements of shell syntax are not supported.
So in the case of systemd we need to make use of AUTOSSH_GATETIME. Let’s look at a very basic service:
$ vim /etc/systemd/system/autossh-ssh-tunnel.service
$ sudo nano /etc/systemd/system/autossh-ssh-tunnel.service
[Unit]
Description=AutoSSH service for remote tunnel
After=network.target
[Service]
Environment="AUTOSSH_GATETIME=0"
User=root
ExecStart=/usr/bin/autossh -M 4010 -NR 10022:localhost:22 root@39.106.68.XXX
[Install]
WantedBy=multi-user.targetTell systemd that we have added some stuff:
systemctl daemon-reloadStart the service
systemctl start autossh-ssh-tunnel.serviceEnable during boot time
systemctl enable autossh-ssh-tunnel.service
