This is the first day of my participation in the First Challenge 2022.
SSH port Forwarding Indicates the three modes of port forwarding
Local Port Forwarding Local Port Forwarding
The connection is forwarded from the client host to the SSH server host, and then to the target host port.
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
Copy the codeParameter Description:
- [LOCAL_IP:]LOCAL_PORT – Indicates the local IP address and port number. LOCAL_IP is localhost by default.
- DESTINATION:DESTINATION_PORT – IP address and port number of the DESTINATION machine.
- [user@]SERVER_IP – Remote SSH address and login USER.
Case study:
Use local address 127.0.0.1:3336 to connect to the remote database db001.host:3306 and 127.0.0.1:3337 to db002.host:3306:
ssh -L 3336:db001.host:3306 3337:db002.host:3306 [email protected]
Copy the codeCheck SSH Server configuration: AllowTcpForwarding=yes
Remote Port Forwarding Remote Port Forwarding
Remote port forwarding is the opposite of local port forwarding. It allows you to forward a port on a remote (SSH server) machine to a port on a local (SSH client) machine, and then to a port on the target machine.
Remote port forwarding is mainly used to provide external personnel with access to internal services.
ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
Copy the codeParameter Description:
- [REMOTE:]REMOTE_PORT – IP address and port number of the REMOTE server. REMOTE provides all addresses by default.
- DESTINATION:DESTINATION_PORT – IP address and port number of the DESTINATION machine.
- [user@]SERVER_IP – Remote SSH address and login USER.
Case study:
SSH -r 8080:127.0.0.1:3000-n -f [email protected]Copy the codeThe above command will cause the SSH server to listen on port 8080 and transfer all traffic from this port to port 3000 on the local computer. To access the application, type the_ssh_server_IP :8080 in your browser.
Check SSH Server configuration: GatewayPorts=yes
Dynamic Port Forwarding Dynamic Port Forwarding
Dynamic port forwarding allows you to create a socket on the local (SSH client) machine that acts as a SOCKS proxy server. When the client connects to this port, the connection is forwarded to the remote (SSH server) machine, which is then forwarded to the dynamic port on the target machine.
ssh -D [LOCAL_IP:]LOCAL_PORT [USER@]SSH_SERVER
Copy the codeParameter Description:
- [LOCAL_IP:]LOCAL_PORT – Indicates the local IP address and port number. LOCAL_IP The default is localhost.
- [user@]SERVER_IP – Remote SSH address and login USER.
Case study:
ssh -D 8080 -N -f -C -q [email protected]
Copy the code- -d 8080 starts a SOCKS service and listens on the local 9090 port
- -f Runs in the background
- -c Compresses request data
- -q Uses silent mode
- -n Indicates that remote commands are not executed
SOCKS proxy usage scenario
The cURL agent
The curl -x socks5: / / 127.0.0.1:8080 https://google.comCopy the codeTerminal agent
exportHttp_proxy =socks5://127.0.0.1:8080 \ https_proxy=socks5://127.0.0.1:8080 \ all_proxy=socks5://127.0.0.1:8080Copy the codeGit agent
Git config --global http.proxy socks5://127.0.0.1:8080 git config --global http.proxy socks5://127.0.0.1:8080 git config --global http.proxy socks5://127.0.0.1:8080Copy the codeSSH agent
Edit the ~ /. SSH/config:
Host github.com HostName github.com User git IdentityFile ~/. SSH /id_rsa ProxyCommand nc -v -x 127.0.0.1:8080% h %pCopy the code