当前位置：网站首页>A tunnel to all ports of the server

A tunnel to all ports of the server

2022-07-03 07:58:00 【Safety brother】

Application scenarios

Usually for safety , The server needs to be accessed through the springboard , The ports exposed by the server to the external network are also strictly limited . In this case, if you want to be local
Accessing the service or system on the server will be painful .
There is a simple solution , It's between the local and the springboard SSH Tunnel .SSH Tunnel provides a network agent service ,
Through this agent service, you can directly access the local area network where the springboard machine is located , Any port on the server , Services can be accessed directly .

The method introduced in this paper is more convenient than general port mapping , You don't need to configure one for each port SSH Tunnel , Include Windows、Mac、Linux How to operate on .

SSH Tunnel building

Mac & Linux edition

It's simple , Just one command is needed to create SSH Tunnel .

ssh [email protected] -ND 127.0.0.1:1080

In fact, it is in the conventional SSH Command plus -D Parameters , Enable dynamic port forwarding , send SSH Become SOCKS server, Provide network services in the background .

and -N The parameter is let ssh Do not return to the command line terminal , Because we don't need to send orders , Just forwarding .

1080 Is the bound local port , That is to say SOCKS server The port that provides the service , You can change it to another port number .

127.0.0.1 It means that only your local machine can access this service , Get rid of IP Leave only the port number , There is no such limitation .

PS:SSH The tunnel is equivalent to making a hole in the firewall of the server , There may be potential safety hazards , Therefore, it is recommended to add the restriction of local access only .

Windows edition

Use here Windows In common use XShell Explain .

1. Configure general SSH Connect

Configure username , password , The host address ( It's usually a springboard machine ) etc. .

2. Add Tunnel

3. other

SSH Tunnel use

Let the browser access intranet services

Here are Chrome browser +SwitchyOmega Plug in method .

SwitchyOmega It's a Chrome plug-in unit , Download the installation address ：
Chrome The app store
perhaps Download from the official website

After installed , Find the plug-in icon （ A circle ）, click the icon -> Options , Open the configuration page .
Click... On the sidebar “ New profile （New Profile）”, Add a proxy server （Proxy Profile）,
The configuration is as follows . Note that the port should be filled in the front SSH Port number of tunnel service .

If there is already a default in the sidebar ’proxy‘ Pattern , You can also modify it directly .

After configuration, click SwitchyOmega The icon , Switch to the new profile , Then all browser requests will be in SSH Tunnels serve as
Agent , By this time, you should have access to any on the server web Yes .

however ！ We don't need to proxy all browser traffic .SwitchyOmega In fact, it can be based on URL The rules of , Automatically choose whether to leave the agent .
Default to an existing profile ’auto switch‘, It is a mode that can automatically select proxy services according to rules .
For example ’auto switch‘ Configure a rule in the pattern , Fill in 10.1.*, And select proxy Pattern . This means that 10.1.
All requests at the beginning use proxy Mode forwarding , Other requests that do not meet the rules , Will hit the last one ’ Default ‘ The rules ,
Conduct ’ Direct access ‘, That is, do not use any proxy services .

And Proxifier In combination with

Any program can access the services and ports on the server , Realize the following operations ：

Using client （ Such as Navicat） Access the database on the service ( If there is no exposure to the public network MySQL);
Let the locally running code access the server intranet service , such as HDFS,Hive,Hbase,ES wait .（ It is very practical for big data development ,
You can interrupt debugging happily Spark application ）