SSH port forwarding - socks server
4704 단어 forward
ssh -D 7070 -N -C -o PubkeyAuthentication=no
From: http://www.debian-administration.org/article/SSH_dynamic_port_forwarding_with_SOCKS
이전 글 은 지정 한 server 에 만 연결 할 수 있 는 지정 한 포트 를 제약 했다.사실 ssh 의 - D 옵션 은 ssh 를 socks server 로 연기 할 수 있 습 니 다. 그러면 proxy 로 사용 할 수 있 습 니 다.
SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.
However, forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port on
localhost
rather than the standard port on the remote machine, and it requires a separate port forward for each machine you want to access. Dynamic port forwarding via SOCKS provides a more convenient alternative. The examples in this article assume that you reside behind a restrictive firewall which does not allow outgoing SMTP connections except to a designated mail server. You want to connect to a different mail server,
mail.example.net
, on port 25. You have an SSH account on a machine shell.example.org
, which does not reside within the restrictive firewall and can thus access port 25 on mail.example.net
. With standard SSH port forwarding, you could enter the command:
ssh -L 2525:mail.example.net:25 shell.example.org
This will forward port 2525 on your machine to port 25 on
mail.example.net
, by way of shell.example.org
. You will then need to configure your mailer to send mail to localhost
, port 2525, and use the authentication information for your mail account on mail.example.net
. For example, in Thunderbird^WIcedove, you could add an additional outgoing mail server via Edit->Preferences, "Outgoing Mail Server (SMTP)", "Add...", and either set it as the default or explicitly set your mail account to use that server. You can then send your mail, which will potentially (if you use secure authentication with mail.example.net
) give you a security warning about localhost
presenting a certificate for mail.example.net
, and then prompt you for your account password. After you have finished sending all the mails you want to send, you can then change your outgoing mail server back to the previous setting, and exit SSH. To avoid all this hassle, SSH also supports dynamic port forwarding via SOCKS. SOCKS defines a standard mechanism for a client to connect to a server by way of a proxy. SSH can serve as the proxy, allowing you to connect to
shell.example.org
and make connections from there to an arbitrary server such as mail.example.net
. Simply run: ssh -D 1080 shell.example.org
to make the connection to
shell.example.org
and start a SOCKS proxy on localhost
port 1080. In order to make use of the SOCKS proxy, you can either use applications which can speak SOCKS natively, or you can use a socksifierprogram like tsocks. tsocks provides a library used with
LD_PRELOAD
, which replaces the standard sockets functions like socket
, connect
, and sendto
with functions that make use of a designated SOCKS proxy. The tsocks script runs a program with this library loaded. The library will read /etc/tsocks.conf
to find out what SOCKS proxy to use. To configure tsocks to work with an SSH SOCKS proxy on localhost, edit the default /etc/tsocks.conf
, change the server variable to 127.0.0.1, and comment out the path example. Now that you have tsocks configured, you can run the following whenever you want to send mail via
mail.example.net
: ssh -D 1080 shell.example.org
tsocks thunderbird
This will open the SSH-tunnelled SOCKS proxy to
shell.example.org
and run thunderbird. You can then send mail normally, without changing the outgoing server configuration, and without seeing any authentication mismatch warnings.이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
BIND(二)-dns관리,acl,forward,자역수권,view1、rndc rndc(remote name domain controller)는 BIND 설치 패키지에서 제공하는 도메인 이름 서비스 실행을 제어하는 도구로, 다른 컴퓨터에서 실행되며 네트워크를 통해 DNS 서버와 연...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.