Ubuntu configures openssh to support intranet penetration

Time:2021-11-30

SSH is a very powerful tool. We can use it to implement proxy, FQ, intranet penetration and many other things. In this article, I will talk about how to use SSH for intranet penetration.

First of all, reading this article may require some basic knowledge. These are some articles I recommend
Most basic:
http://www.ruanyifeng.com/blo…
http://www.ruanyifeng.com/blo…
promote:
https://www.ibm.com/developer…
Chinese man documents (you can have a brief look):
http://www.cnblogs.com/nuke/a…

After solving these, we can start^_^

configure server

You need to configure gatewayports on the server to make it work normally (if you do not configure this item, you will find that it can only be accessed on the server after running the command later)

Edit sudo VI / etc / SSH / sshd_ config
Add gatewayports yes on the last line

Restart service sudo service sshd restart

Use SSH command locally
ssh -R 8000:192.168.1.190:8001 [email protected] -i .ssh/yourkey.pem -gCfN

Among them, 8000 represents the open port on the server (wonld. Com), 192.168.1.190:8001 represents 8000, where the data packet should be transmitted. In a word, all accesses (with the – g parameter) wonld.com: 8000 will be transmitted through this SSH tunnel to port 8001 on the 192.168.1.190 machine in a LAN with your computer. [email protected] Represents your server. The last four parameters are: – G allow all addresses to access this port (gatewayports need to be configured in the previous steps), – C for compressed data, – F for execution in the background, – n for not executing remote commands for forwarding port, – I followed by a file address, indicating that this is public and private key authentication (recommended, more secure)

Finally, what is the use of this thing?

When you develop, you want to be seen by your partners, but you hate the trouble of deployment; Or there is a powerful computer at home that can be used to build a minecraft server, but there is no public network address. You can use this method. An intranet penetration to solve all problems. Moreover, SSH is more general (compared with the intranet penetration service provided by some service providers).

Just maozi. The auditor wants to pass. Please pass.