本文介绍了一种通过多个中间主机建立SSH隧道的方法,解决了因路由问题导致无法直接连接到目标服务器的情况。通过逐级建立隧道并转发端口,最终实现从客户端到服务器的直接连接。
原贴:http://cb.vu/unixtoolbox.xhtml#ssh
Suppose we want to forward the ssh port from a client to a server over two hops. Once the tunnel is build, it is possible to connect to the server directly from the client (and also add an other port forward).
Dig a multi-hop ssh tunnel
Suppose you can not reach a server directly with ssh, but only via multiple intermediate hosts (for example because of routing issues). Sometimes it is still necessary to get a direct client - server connection, for example to copy files with scp, or forward other ports like smb or vnc. One way to do this is to chain tunnels together to forward a port to the server along the hops. This "carrier" port only reaches its final destination on the last connection to the server.Suppose we want to forward the ssh port from a client to a server over two hops. Once the tunnel is build, it is possible to connect to the server directly from the client (and also add an other port forward).
Create tunnel in one shell
client -> host1 -> host2 -> server and dig tunnel 5678client># ssh -L5678:localhost:5678 host1 # 5678 is an arbitrary port for the tunnel host_1># ssh -L5678:localhost:5678 host2 # chain 5678 from host1 to host2 host_2># ssh -L5678:localhost:22 server # end the tunnel on port 22 on the server
扫一扫
669
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
