一、搭建SSH方向代理
準備:
局域網主機(虛擬主機): 192.168.6.233 CentOS 6.7
阿里雲服務器:120.25.68.60 CentOS 6.7
- 阿里雲服務器120.25.68.60上需要修改sshd_config配置文件:
[[email protected] ~]# vi /etc/ssh/sshd_config
GatewayPorts yes
[[email protected] ~]# service sshd reload
Reloading sshd: [ OK ]
- 通過局域網虛擬機192.168.6.233 連接到120.25.68.60開啓反向端口代理,輸入阿里雲服務器密碼.
[email protected]:~ # ssh -CqTfnN -R 0.0.0.0:7233:192.168.6.233:22 [email protected]
[email protected]'s password:
3.在阿里雲服務器120.25.68.60上可以看到這個監聽.
[[email protected] ~]# netstat -anp | grep 7233
tcp 0 0 0.0.0.0:7233 0.0.0.0: LISTEN 2392/sshd
tcp 0 0 :::7233 ::: LISTEN 2392/sshd
4.現在到其他客戶機上連接阿里雲服務器120.25.68.60的7233端口,輸入局域網虛擬主機192.168.6.233的主機密碼.
複製代碼
[[email protected] ~]# ssh -p 7233 [email protected]
[email protected]'s password:
Last login: Thu Mar 24 11:01:15 2016 from 192.168.6.233
[root@phpdragon_233 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:34:8B:4D
inet addr:192.168.6.233 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe34:8b4d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1321125 errors:0 dropped:0 overruns:0 frame:0
TX packets:1232406 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:450626290 (429.7 MiB) TX bytes:273698355 (261.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:524375 errors:0 dropped:0 overruns:0 frame:0
TX packets:524375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43705227 (41.6 MiB) TX bytes:43705227 (41.6 MiB)
複製代碼
到這裏反向代理的測試完成,功能OK.
二、反向代理無人值守化
1.設置局域網主機192.168.6.233免密碼登錄到阿里雲120.25.68.60. 參見 http://www.cnblogs.com/phpdragon/p/4521116.html
ssh-keygen -t rsa -P ''
scp ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub_233
ssh -l root 120.25.68.60 cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys
2.阿里雲服務器編寫ssh代理關閉腳本 kill_ssh_agent.sh
複製代碼
#!/bin/sh
if [ -n "$1" ] && [ "$1" -gt "0" ];then
PID=$(netstat -anp | grep $1 | awk '/sshd/ && !/awk/{print $7}')
PID=${PID%%/*}
if [ -n "${PID}" ];then
kill -9 $PID && exit 0
fifi
exit 1
複製代碼
3.客戶端編寫代理鏈接守護腳本 ssh_agent_deamon.sh
複製代碼
#########################################################################
#######File Name: ssh_agent_deamon.sh
#######Author: phpdragon
#####mail: [email protected]
#####Created Time: Thu 24 Mar 2016 01:55:49 PM CST
#########################################################################
#!/bin/bash
ROMOTE_USERNAME=root
ROMOTE_SERVER_IP="120.25.68.60"
ROMOTE_PORT=7233
###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]:([0-9.]{7,15}) ./\1/p'|grep -v 127.0.0.1 ]
LOCALHOST_IP=/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"
LOCALHOST_PORT=22
while true ;
do
PID=$(ssh -l root ${ROMOTE_SERVER_IP} netstat -anp | grep ${ROMOTE_PORT} | awk '/sshd/ && !/awk/{print $7}')
PID=${PID%%/*}
if [ -n "$PID" ] && [ "$PID" -gt "0" ];then
sleep 30s
else
/usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT}
/usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP}
fi
done
exit 0
複製代碼
4.設置ssh連接爲長連接
vi /etc/ssh/sshd_config
#每1分鐘發送一個心跳信號給客戶端
ClientAliveInterval 60
#最大超時次數,客戶端不響應則關閉連接
ClientAliveCountMax 3
5.設置爲隨機啓動
vi /etc/rc.local
/bin/sh /data/ssh_agent_deamon.sh &
到此設置完畢。
PS:
http://blog.163.com/digoal@126/blog/static/163877040201451464251856
http://www.cnblogs.com/wangkangluo1/archive/2011/06/29/2093727.html
http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html