SSH端口转发

SSH端口转发

ssh真的是很好用啊,传文件,本地/远程/动态端口转发,远程,X转发等等。X转发当时搞过一次,服务器没有安装X环境,无图形界面,要安装Oracle,当时搞了半天,用静默安装的形式安装好了一台。后来发现可以用SSH X转发,图形界面在我的机器上,实际安装程序在服务器上,好好玩啊。

嗯嗯,总结下在实际工作中使用最多的就是端口转发了。

本地端口转发

本地端口转发的命令是:

1
ssh -L [bind_address:]port:host:hostport gate-way-server

ssh文档中对本地端口转发的说明:

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax:
[bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ‘’localhost’’ indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.

我的理解就是:本地开一个端口(port),访问这个端口的效果和gate-way-server访问host:hostport的效果一样。这样我体会到的最大的用处就是可以访问受限制(gate-way-server)的内网端口。

比如我在外面出差,想访问公司内部server-A3389端口,server-B3306端口,server-C1521端口。但是这些端口肯定是不会对外开放的,我访问server-outer服务器对外暴露的22端口。于是我通过下面的命令就可以解决我的需求。

1
ssh -L 3389:server-A:3389 -L 3306:server-B:3306 -L 1521:server-C:1521 -L 2222:localhost:22 server-outer -fNnC

这样,我就可以直接访问本地的3389, 3306, 1521, 2222端口来达到访问server-A:3389, server-B:3306, server-C:1521, server-outer:22端口的目的了。可能表述的不是太清楚,网上有几张图说明得很直白。

Local port forwarding

远程端口转发

1
ssh -R [bind_address:]port:host:hostport remote-server

Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax:
[bind_address/]host/port/hostport.

By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server’s GatewayPorts option is enabled (see sshd_config(5)).

If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the client at run time.

大概意思就是在remote-server上面绑定一个port,访问这个port的效果,就和本机现在访问host:hostport效果一样。

这种情况我也有使用,比如某处有两台电脑,pc-1能访问外网,pc-2不能访问外网,但pc-1pc-2能互通。这时我在公司想访问pc-1pc-23389端口,这个时候我就可以在pc-1机器上执行:

1
ssh -R 13389:localhost:3389 -R 23389:pc-2:3389 remote-server

其中remote-server为公司的一台电脑,互联网可以访问。这样我直接访问remote-server1338923389端口就可以直接连接到pc-1:3389pc-2:3389端口了,十分好用啊。

哈哈,是不是相当于一个简单的内网穿透功能了。

Remote port forwarding

动态端口转发

1
ssh -D port remote-server

Specifies a local ‘’dynamic’’ application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.

IPv6 addresses can be specified with an alternative syntax:
[bind_address/]port or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ‘’localhost’’ indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.

通过本地的port访问互联网,相当于通过remote-server来访问互联网。

嗯嗯,以前用来当梯子用,后来墙升级,很不稳定,后来好像大家都没用它来当梯子了。当然墙应该不是破解了ssh,应该是只流量识别吧。

Dynmaic port forwarding

参考文章

SSH 安全性和配置入门

实战 SSH 端口转发

What’s ssh port forwarding and what’s the difference between ssh local and remote port forwarding [duplicate]