一、搭建SSH方向代理
准备:
局域网主机(虚拟主机): 192.168.6.233 CentOS 6.7
阿里云服务器:120.25.68.60 CentOS 6.7
1. 阿里云服务器120.25.68.60上需要修改sshd_config配置文件:
[[email protected] ~]# vi /etc/ssh/sshd_config
GatewayPorts yes
[[email protected] ~]# service sshd reload
Reloading sshd: [ OK ]
2. 通过局域网虚拟机192.168.6.233 连接到120.25.68.60开启反向端口代理,输入阿里云服务器密码.
[email protected]:~ # ssh -CqTfnN -R 0.0.0.0::192.168.6.233: [email protected]
[email protected]'s password:
3.在阿里云服务器120.25.68.60上可以看到这个监听.
[[email protected] ~]# netstat -anp | grep
tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
tcp ::: :::* LISTEN /sshd
4.现在到其他客户机上连接阿里云服务器120.25.68.60的7233端口,输入局域网虚拟主机192.168.6.233的主机密码.
[[email protected] ~]# ssh -p [email protected]
[email protected]'s password:
Last login: Thu Mar :: from 192.168.6.233 [root@phpdragon_233 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr ::::8B:4D
inet addr:192.168.6.233 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr: fe80:::56ff:fe34:8b4d/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (429.7 MiB) TX bytes: (261.0 MiB) lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::/ Scope:Host
UP LOOPBACK RUNNING MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (41.6 MiB) TX bytes: (41.6 MiB)
到这里反向代理的测试完成,功能OK.
二、反向代理无人值守化
1.设置局域网主机192.168.6.233免密码登录到阿里云120.25.68.60. 参见 http://www.cnblogs.com/phpdragon/p/4521116.html
ssh-keygen -t rsa -P ''
scp ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub_233
ssh -l root 120.25.68.60 cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys
2.阿里云服务器编写ssh代理关闭脚本 kill_ssh_agent.sh
#!/bin/sh if [ -n "$1" ] && [ "$1" -gt "" ];then
PID=$(netstat -anp | grep $ | awk '/sshd/ && !/awk/{print $7}')
PID=${PID%%/*} if [ -n "${PID}" ];then
kill -9 $PID && exit 0
fi
fi exit 1
3.客户端编写代理链接守护脚本 ssh_agent_deamon.sh
#########################################################################
# File Name: ssh_agent_deamon.sh
# Author: phpdragon
# mail: [email protected]
# Created Time: Thu Mar :: PM CST
#########################################################################
#!/bin/bash
ROMOTE_USERNAME=root
ROMOTE_SERVER_IP="120.25.68.60"
ROMOTE_PORT=
###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]*:\([0-9.]\{7,15\}\) .*/\1/p'|grep -v 127.0.0.1 ]
LOCALHOST_IP=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
LOCALHOST_PORT= while true ;
do
PID=$(ssh -l root ${ROMOTE_SERVER_IP} netstat -anp | grep ${ROMOTE_PORT} | awk '/sshd/ && !/awk/{print $7}')
PID=${PID%%/*}
if [ -n "$PID" ] && [ "$PID" -gt "0" ];then
sleep 30s
else
/usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT}
/usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP}
fi
done exit 0
4.设置ssh连接为长连接
vi /etc/ssh/sshd_config #每1分钟发送一个心跳信号给客户端
ClientAliveInterval
#最大超时次数,客户端不响应则关闭连接
ClientAliveCountMax
5.设置为随机启动
vi /etc/rc.local /bin/sh /data/ssh_agent_deamon.sh &
到此设置完毕。
PS:
http://blog.163.com/digoal@126/blog/static/163877040201451464251856
http://www.cnblogs.com/wangkangluo1/archive/2011/06/29/2093727.html
http://www.cnblogs.com/peida/archive/2013/03/08/2949194.html
http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316661.html