baicai

白菜

一个勤奋的代码搬运工!
HomeArchives白菜

SSH uses ProxyCommand to remotely connect to other servers through a proxy server.

#ProxyCommand#ssh#linux147
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article discusses the use of ProxyCommand in SSH to establish tunneling communication between the client and server. It explains that ProxyCommand specifies a command (Proxy) that the SSH client uses to communicate with the SSH server through standard input and output. The article also provides an example configuration file for connecting to remote servers using ProxyCommand. It concludes by mentioning the -W option in SSH, which allows forwarding standard input and output to a host on a specific port.

The OpenSSH client has an option called ProxyCommand, which is used for tunneling communication between the SSH client and server. The concept of tunneling, also known as proxying, is a common concept in network communication technology, which involves establishing one channel on top of another.

SSH sessions are based on a TCP connection, and if we intercept the exits (or entrances) of the two ports of the connection, we can use another channel for transmission. SSH still considers that it is using a TCP connection with the other end.

ProxyCommand specifies a command (referred to as the Proxy), and the SSH client will communicate normally with the SSH server through the process started by this command using standard input and output. The Proxy is connected to the SSH server (usually a Server Proxy), which then connects to the server.

Environment description

    The IP address of the remote server is 0.0.0.1, with the code X;
    The IP address of another remote server is 0.0.0.2, with the code Y;
    The current IP address of the local machine is 0.0.0.3, with the code A, and it can use an SSH client with a key or password to connect to X and Y;

Here, access is done using keys only, and there is no access between machine A and Y.

The configuration file information for ~/.ssh/config on the local machine is as follows, connecting to Y through X;

Host X
        HostName 0.0.0.1
        User root
        Port 22
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/id_rsa_1
Host Y
        HostName 0.0.0.2
        User root
        Port 22
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/id_rsa_2
Host test
    HostName 0.0.0.2
    User root
    Port 22
    IdentityFile ~/.ssh/id_rsa_2
    ProxyCommand ssh X -W %h:%p

Test connecting to the Y server through X on the local machine

ssh test

Note:

-W host:port
             Requests that standard input and output on the client be forwarded to host on port over the secure channel.  Implies -N, -T, ExitOnForwardFailure and
             ClearAllForwardings, though these can be overridden in the configuration file or using -o command line options.

-W: This parameter is only supported in OpenSSH 5.4 and later versions, refer to the official Release information;
Before using -W, the nc option is usually used, which allows you to forward TCP/UDP packets to a specified (alternate) location and is basically the same as ssh -W.

Reference:
openssh

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.