1,创建反向链接
chunli@linux:~$ ssh -f -N -R 8888:localhost:22 root@121.43.189.176 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/chunli/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 121.43.189.176 [121.43.189.176] port 22. debug1: Connection established. debug1: identity file /home/chunli/.ssh/id_rsa type 1 debug1: identity file /home/chunli/.ssh/id_rsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_dsa type -1 debug1: identity file /home/chunli/.ssh/id_dsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ed25519 type -1 debug1: identity file /home/chunli/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 5e:16:c0:02:12:67:fe:c9:1c:93:05:1c:3b:ff:b7:bf The authenticity of host ‘121.43.189.176 (121.43.189.176)‘ can‘t be established. RSA key fingerprint is 5e:16:c0:02:12:67:fe:c9:1c:93:05:1c:3b:ff:b7:bf. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘121.43.189.176‘ (RSA) to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/chunli/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /home/chunli/.ssh/id_dsa debug1: Trying private key: /home/chunli/.ssh/id_ecdsa debug1: Trying private key: /home/chunli/.ssh/id_ed25519 debug1: Next authentication method: password root@121.43.189.176‘s password: debug1: Authentication succeeded (password). Authenticated to 121.43.189.176 ([121.43.189.176]:22). debug1: Remote connections from LOCALHOST:8888 forwarded to local address localhost:22 debug1: Requesting no-more-sessions@openssh.com debug1: forking to background debug1: Entering interactive session. chunli@linux:~$ debug1: remote forward success for: listen 8888, connect localhost:22 debug1: All remote forwarding requests processed
测试:
2,登录到公网服务器
chunli@linux:~$ ssh root@121.43.189.176 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/chunli/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 121.43.189.176 [121.43.189.176] port 22. debug1: Connection established. debug1: identity file /home/chunli/.ssh/id_rsa type 1 debug1: identity file /home/chunli/.ssh/id_rsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_dsa type -1 debug1: identity file /home/chunli/.ssh/id_dsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ed25519 type -1 debug1: identity file /home/chunli/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 5e:16:c0:02:12:67:fe:c9:1c:93:05:1c:3b:ff:b7:bf debug1: Host ‘121.43.189.176‘ is known and matches the RSA host key. debug1: Found key in /home/chunli/.ssh/known_hosts:10 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/chunli/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /home/chunli/.ssh/id_dsa debug1: Trying private key: /home/chunli/.ssh/id_ecdsa debug1: Trying private key: /home/chunli/.ssh/id_ed25519 debug1: Next authentication method: password root@121.43.189.176‘s password: debug1: Authentication succeeded (password). Authenticated to 121.43.189.176 ([121.43.189.176]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = zh_CN.UTF-8 Welcome to Alibaba Cloud Elastic Compute Service !
3,查看网卡的监听状态
[root@iZbp10njitrxtelt56friaZ ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1417/sshd tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 1703/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1519/master
4,从公网发起反向连接
[root@iZbp10njitrxtelt56friaZ ~]# ssh chunli@127.0.0.1 -p 8888 debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768 debug1: client_request_forwarded_tcpip: listen localhost port 8888, originator 127.0.0.1 port 48070 debug1: connect_next: host localhost ([127.0.0.1]:22) in progress, fd=4 debug1: channel 0: new [127.0.0.1] debug1: confirm forwarded-tcpip debug1: channel 0: connected to localhost port 22 The authenticity of host ‘[127.0.0.1]:8888 ([127.0.0.1]:8888)‘ can‘t be established. RSA key fingerprint is b9:c0:dd:56:77:59:89:c3:f3:a4:c8:3b:50:ee:a4:65. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘[127.0.0.1]:8888‘ (RSA) to the list of known hosts. chunli@127.0.0.1‘s password: Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64) * Documentation: https://help.ubuntu.com/ *** 需要重启系统 *** Last login: Fri Mar 3 15:31:34 2017 from 172.16.20.215 HI, Welecome to Ubuntu!
本文出自 “魂斗罗” 博客,请务必保留此出处http://990487026.blog.51cto.com/10133282/1903086
原文:http://990487026.blog.51cto.com/10133282/1903086