This article was first published at www.litreily.top
Sometimes it is necessary to use some resources of personal PC at home in the company. In this case, Teamvieawer can be selected for remote access, but it is a little troublesome and the access rate is slow. In this case, it is a good idea to achieve Intranet penetration through VPS.
The method described in this article is to use autoSSH to implement reverse proxy between VPS and the Intranet, and establish a long connection between the VPS and the Intranet, so that the extranet PC can access the Intranet PC through the reverse proxy of the VPS. The requirements for the entire implementation are as follows:
- With public IP address (
222.222.222.222The VPS - An Intranet PC that is powered on and connected to the Internet
- Any extranet PC connected to a network
VPS configuration
Modify the VPS file /etc/ssh/sshd_config and uncomment the following parameters or change their values
GetewayPorts yes
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
Copy the codeIntranet PC Configuration
To ensure that Intranet PCS can access the VPS without passwords, you need to add the public key of Intranet PCS to the VPS
$ ssh-keygen
#... enter ...$ssh-copy-id -i ~/. SSH /id_rsa.pub -p 27000 [email protected]# 27000 is the port number for accessing the VPS, root is the user name of the VPS, and 222.222.222 is the public IP address of the VPS
Copy the codeAfter the configuration, install autoSSH on the Intranet PC
sudo apt-get install -y autossh
Copy the codeOnce installed, reverse proxy can be implemented with the following instructions:
autossh -p 27000 -M 27400 -NR '*:27401:localhost:27402' [email protected]
Copy the codeParameters:
-p 27000: VPS SSH port. The default value is 22-M 27440: Proxy service listening port of the VPS. Ensure that the port is not occupied by other VPS processes-NR '*:27401:localhost:27402'Port mapping, VPS27401The port is mapped to the Intranet PC27402port[email protected]: User name and IP address of the VPS
There are four ports involved. 27000 is the VPS SSH listening port, 27400 is the VPS proxy service listening port, 27401 and 27402 are a pair of port mapping between VPS and Intranet PCS. The EXtranet PC needs to access the Intranet through port 27401 of VPS.
Configure the autoSSH service
The above instructions can already complete the required functions, but every time you start up, you have to input again, it is very inconvenient, so you can package the instructions as a service, and then set to start up after starting up. In Ubuntu, you can create a new autossh.service file in the lib/systemd/system directory and type the following:
[Unit]
Description=Auto SSH Tunnel
After=network-online.target
[Service]
User=autossh
Type=simple
ExecStart=/usr/bin/autossh -p 27000 -M 27400 -NR '*:27401:localhost:27402' [email protected] -i ~/.ssh/id_rsa
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
StartLimitIntervalSec=5
StartLimitBurst=12
Restart=always
[Install]
WantedBy=multi-user.target
WantedBy=graphical.target
Copy the codeAfter the configuration is complete, run the following commands to start, query, and start automatically.
- Start the service:
sudo systemctl autossh start - View status:
sudo service autossh status - Startup:
sudo systemctl enable autossh.service
Remote Access to the Intranet
Finally, how to access the Intranet through the extranet is similar to accessing the VPS itself, just change the connection port.
Sudo SSH [email protected] -p 27401Copy the codeExtension instructions
This article introduces the implementation of reverse proxy through VPS, if there is no VPS can not use, at this time can learn FRP or Ngrok, use a public server to achieve proxy.
reference
- Use autoSSH to set up a reverse SSH tunnel for personal computers
- SSH Reverse connection and Autossh