【Hacker News搬运】SSH隧道和端口转发的可视化指南
-
Title: Visual guide to SSH tunneling and port forwarding
SSH隧道和端口转发的可视化指南
Text:
Url: https://ittavern.com/visual-guide-to-ssh-tunneling-and-port-forwarding/
很抱歉,作为一个AI,我无法直接访问或解析外部网页内容,包括您提供的链接。不过,我可以根据您提供的标题和一般知识来解释SSH隧道和端口转发的概念,并将其翻译成中文。 SSH隧道(SSH Tunneling)和端口转发(Port Forwarding)是SSH协议中常用的功能,用于在两个网络之间的计算机间创建安全的通信通道。以下是对这些概念的解释,以及它们的中文翻译: 1. **SSH隧道(SSH Tunneling)**: - **英文**:SSH Tunneling - **中文**:SSH隧道 - 解释:SSH隧道是一种通过SSH协议创建的安全虚拟网络,它允许您将网络流量从一个网络节点安全地传输到另一个网络节点。通常用于在不安全的网络上(如互联网)安全地访问远程服务器。 2. **端口转发(Port Forwarding)**: - **英文**:Port Forwarding - **中文**:端口转发 - 解释:端口转发是一种网络配置,它允许您将网络流量从一台计算机上的一个端口转发到另一台计算机上的另一个端口。在SSH隧道中,端口转发可以用于将远程服务器的端口映射到本地计算机,或者将本地的端口映射到远程服务器。 如果您需要具体了解某个网页上的内容,您需要直接访问该网页。如果您有关于SSH隧道和端口转发的问题,我可以帮助您解答。Post by: todsacerdoti
Comments:
lamnguyenx: It's 2024! Please avoid writing SSH commands like that.<p>Instead, configure your ~/.ssh/config with LocalForward, RemoteForward, and ProxyJump. This can save you a significant amount of time, especially when using ssh, scp, or rsync to transfer data from a remote server that requires multiple intermediate SSH connections.<p>e.g:<p><pre><code> Host jump-host-1
HostName jump1.example.com
User your_username
IdentityFile ~/.ssh/id_rsaHost jump-host-2 HostName jump2.example.com User your_username IdentityFile ~/.ssh/id_rsa ProxyJump jump-host-1 Host jump-host-3 HostName jump3.example.com User your_username IdentityFile ~/.ssh/id_rsa ProxyJump jump-host-2 Host target-server HostName target.example.com User your_username IdentityFile ~/.ssh/id_rsa ProxyJump jump-host-3 LocalForward 0.0.0.0:8080 0.0.0.0:80 RemoteForward 0.0.0.0:9022 0.0.0.0:22 # after this: # - you can ssh/scp/rsync to your target-server via an alias # - forward traffic FROM port 80 on your target-server to port 8080 on your local machine # - forward ssh requests TO port 9022 on your target-server to port 22 on your local machine # - remember, for LocalForward & RemoteForward : # + left is target-server # + right is your local # + use 0.0.0.0 instead of localhost or 127.0.0.1</code></pre>lamnguyenx: 它;2024年!请避免编写这样的SSH命令<p> 相反,请配置您的~#x2F;。ssh;使用LocalForward、RemoteForward和ProxyJump进行配置。这可以为您节省大量时间,特别是在使用ssh、scp或rsync从需要多个中间ssh连接的远程服务器传输数据时<p> 例如:<p><pre><code>主持人跳-1主机名jump1.example.com使用您的用户名身份文件~#x2F;。ssh;id_rsa主持人跳2主机名jump2.example.com使用您的用户名身份文件~#x2F;。ssh;id_rsaProxyJump跳转-1主持人跳3主机名jump3.example.com使用您的用户名身份文件~#x2F;。ssh;id_rsaProxyJump跳二主机目标服务器主机名target.example.com使用您的用户名身份文件~#x2F;。ssh;id_rsaProxyJump跳台-3本地转发0.0.0.0:8080 0.0.0.0:80远程转发0.0.0:9022 0.0.0:22#在此之后:#-您可以ssh;scp;通过别名与目标服务器同步#-将流量从目标服务器上的端口80转发到本地计算机上的端口8080#-将ssh请求转发到目标服务器上的端口9022到本地计算机上的端口22#-记住,对于LocalForward&;远程转发:#+左侧为目标服务器#+右边是你的本地#+使用0.0.0.0代替localhost或127.0.0.1</code></pre>
_dan: SSH tunnelling is an utter necessity in the ridiculous corporate environment I work in. Incredible amounts of bureaucracy and sometimes weeks of waiting to get access to stuff, get ports opened, get some exception in their firewalls and vpn so someone can access a thing they need to do their job.<p>This guide mentions -D but doesn't really articulate quite how powerful it is if you don't know what it does.<p>ssh -D 8888 someserver, set your browser's SOCKS proxy to localhost:8888 (firefox still lets you set this without altering system defaults). Now all your browser's traffic is routed via someserver.<p>I find that to be <i>incredibly</i> useful.
_dan: 在我工作的荒谬的企业环境中,SSH隧道是绝对必要的。令人难以置信的官僚主义,有时还要等待数周才能访问东西,打开端口,在防火墙和vpn中获得一些例外,这样就有人可以访问他们工作所需的东西<p> 本指南提到-D,但没有提到;如果你不清楚它有多强大;我不知道它是干什么的<p> ssh-D 8888 someserver,设置浏览器;s SOCKS代理到localhost:8888(firefox仍然允许您在不更改系统默认值的情况下设置此代理)。现在,您的所有浏览器;s的流量通过某个服务器路由<p> 我发现<I>非常有用。
apitman: > TCP-over-TCP<p>> It lowers the throughput due to more overhead and increases the latency. On connections with packet loss or high latencies (e.x. satellite) it can cause a TCP meltdown.<p>This actually isn't a problem with SSH tunnels unless you're using TAP/TUN, because It unpacks and forwards the TCP streams. But you can still get reduced performance with multiple channels due to head of line blocking.
apitman: >;TCP over TCP<p>>;由于开销增加,它降低了吞吐量,并增加了延迟。在数据包丢失或高延迟的连接上(例如卫星),它可能会导致TCP崩溃<p> 这实际上不是;SSH隧道没有问题,除非您;重新使用TAP;TUN,因为它解包并转发TCP流。但由于线头阻塞,多通道的性能仍然会降低。
theideaofcoffee: The filthiest SSH tunneling hack that I've ever done was at 3AM while in a three-way... datacenter connection. The interesting part of that, while the three facilities, spaced out over a single metro area had upstream transit connectivity to the rest of the net, only two pairs were able to reach the other due to some odd routing policies that weren't able to be resolved in time.<p>That meant that A could connect to B, and only B could connect to C. The data I had to move from facility A to facility C via B in the most ridiculous rsync+ssh tunnel+keys+routing shenanigan mashup I've ever done. It took a few tries to get the incantation exactly right, but it was magical seeing it all move as one.<p>Looking back it is super obvious how I'd do it now, but back then being green, was a huge accomplishment. I still remember the exhilaration when I confirmed everything was synced up.
theideaofcoffee: 我遇到的最肮脏的SSH隧道黑客;我做过的是凌晨3点,在一个三人行。。。数据中心连接。有趣的是,虽然这三个设施分布在一个都市区,与网络的其他部分有上游交通连接,但由于一些奇怪的路线政策,只有两对能够到达另一对;不能及时解决<p> 这意味着A可以连接到B,而只有B可以连接到C。我必须在最荒谬的rsync+ssh隧道+keys+路由恶作剧mashup I中通过B将数据从设施A移动到设施C;我曾经做过。我试了几次才把咒语说对,但看到它像一个整体一样移动,真是太神奇了<p> 回想起来,我很明显;我现在就这么做,但当时绿色环保是一项巨大的成就。我仍然记得当我确认一切都同步时的兴奋。
apitman: SSH tunnels are an excellent tool, but nowadays you often want TLS and reverse proxy functionality built in. I maintain a list of such tools here: <a href="https://github.com/anderspitman/awesome-tunneling">https://github.com/anderspitman/awesome-tunneling</a>
apitman: SSH隧道是一个很好的工具,但现在你经常需要内置TLS和反向代理功能。我在这里维护了一个这样的工具列表:<a href=“https:/;github.com/'anderspitman 真棒隧道”>https:/;github.com;anderspitman;很棒的隧道</a>