ssh的相关实验
2017-07-24 21:50
302 查看
author:JevonWei
版权声明:原创作品
iptables -A INPUT -s 192.168.198.134 -j REJECT
主机A上建立SSH的端口转发到主机B的数据隧道
主机A
ssh -L 5896:192.168.198.136:23 -Nf 192.168.198.128 \ -L 指定在本机操作,5896端口为主机A打开的端口,-N不开启远程shell窗口,-f后台执行,指定192.168.198.136:23指定需要连接的主机C的IP及端口号,192.168.198.131指定SSH实现端口转发的主机B,然后键入主机B的口令
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040520&di=1e7ebb288ba9d8e31df25704c1ad1d89&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8b82b9014a90f603f0e4d1d93312b31bb151eddc.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040397&di=768d2a71e5f3ee668ca3849cf16030cc&imgtype=jpg&src=http%3A%2F%2Ff.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Ff9198618367adab4c7d059dd81d4b31c8701e428.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040764&di=291ef6a1c9f722855fa6dd2d62d223cc&imgtype=jpg&src=http%3A%2F%2Fg.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fd62a6059252dd42ae6554e35093b5bb5c8eab8d4.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501047323&di=09bc2ef7bbb5f9faf6f2880faed15048&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fa5c27d1ed21b0ef4094715c0d7c451da80cb3e84.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050608&di=bf400f01f5c136557c03747499108956&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fae51f3deb48f8c54278326b130292df5e1fe7fd8.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050516&di=7683319f6390a84bef945661984952ed&imgtype=jpg&src=http%3A%2F%2Ff.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Ff2deb48f8c5494ee459fef8727f5e0fe98257eeb.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050608&di=bf400f01f5c136557c03747499108956&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fae51f3deb48f8c54278326b130292df5e1fe7fd8.jpg)
主机C因为防火墙等因素阻止主机A的连接,但C允许主机B连接
iptables -A INPUT -s 192.168.198.134 -j REJECT
主机A开启动态端口转发
ssh -D 5896 192.168.198.128 \ 主机A开启一个5896的端口连接主机B 192.168.198.128
ss -ntl | grep 5896 \ 检测5896端口是否打开
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053255&di=81327f90667a654f4e250e19719abb67&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F314e251f95cad1c81ce03db9753e6709c83d51d1.jpg)
使用主机A的浏览器配置端口代理
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053500&di=df5097b5fd1593ef5d17d76ba59f3c2a&imgtype=jpg&src=http%3A%2F%2Fb.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F728da9773912b31bb9a20eb78c18367adbb4e166.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053657&di=309d6eb17ac351e143b8f8ab9a8a59bb&imgtype=jpg&src=http%3A%2F%2Fe.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Feaf81a4c510fd9f99b8498f72f2dd42a2934a499.jpg)
SOCKS Host 输入的为本机的IP和开放的动态端口号5896
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053763&di=e0385758f02829535ca08fca4f466b7e&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8b82b9014a90f603717c50d93312b31bb151ed64.jpg)
主机A使用crul字符浏览器访问主机C的web服务
curl 192.168.198.136
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501054816&di=29246ae76805453ac3f73c8cee12fc46&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F738b4710b912c8fc792ec652f6039245d788214b.jpg)
主机B
ss -nt 查看网络连接,主机A192.168.198.134已成为ssh的客户端
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053993&di=71b1bd2103c2d5b41300893edbec98ed&imgtype=jpg&src=http%3A%2F%2Fe.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F0e2442a7d933c89535e251e5db1373f083020094.jpg)
主机C查看/var/log/httpd/access_log日志文件可知主机A是通过主机B连接到web服务的
cat /var/log/httpd/access_log
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501054696&di=3098d46cf17100ab21909a0f7c501e57&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8cb1cb13495409234ed052e19858d109b2de49f7.jpg)
版权声明:原创作品
跨主机ssh连接
主机A想连接主机C,但是主机C防火墙等原因禁止主机A连接,而主机A可以连接主机B,主机B也可连接主机C,即主机A就可通过主机B做跳板从而达到连接主机c的目的主机A:192.168.198.100 主机B:192.168.198.130 主机C:192.168.198.200 ssh -t 192.168.198.130 ssh 192.168.198.200 主机A通过连接主机B从而获得一个伪终端进而ssh连接主机C
SSH端口转发(telnet协议)
主机A想通过telnet不安全的协议连接到C主机,但是主机C的防火墙阻挡连接,故可通过主机B的ssh端口转发将不安全协议封装到ssh安全协议中,然后主机B再将ssh封装的主机A的不安全协议进行解密然后在传输给主机C主机A 192.168.198.134 主机B 192.168.198.128 主机C 192.168.198.136
在主机A上开放隧道端口
主机C因为防火墙等因素阻止主机A的连接,但C允许主机B连接iptables -A INPUT -s 192.168.198.134 -j REJECT
主机A上建立SSH的端口转发到主机B的数据隧道
主机A
ssh -L 5896:192.168.198.136:23 -Nf 192.168.198.128 \ -L 指定在本机操作,5896端口为主机A打开的端口,-N不开启远程shell窗口,-f后台执行,指定192.168.198.136:23指定需要连接的主机C的IP及端口号,192.168.198.131指定SSH实现端口转发的主机B,然后键入主机B的口令
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040520&di=1e7ebb288ba9d8e31df25704c1ad1d89&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8b82b9014a90f603f0e4d1d93312b31bb151eddc.jpg)
主机A ss -nt \\ 查看主机B上已显示主机A的连接
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040397&di=768d2a71e5f3ee668ca3849cf16030cc&imgtype=jpg&src=http%3A%2F%2Ff.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Ff9198618367adab4c7d059dd81d4b31c8701e428.jpg)
主机A ss -ntl \\ 查看主机A的5896端口是否打开
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501040764&di=291ef6a1c9f722855fa6dd2d62d223cc&imgtype=jpg&src=http%3A%2F%2Fg.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fd62a6059252dd42ae6554e35093b5bb5c8eab8d4.jpg)
主机A telnet 127.0.0.1 5896 主机A连接开放的5896端口,即可通过主机B连通主机C
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501047323&di=09bc2ef7bbb5f9faf6f2880faed15048&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fa5c27d1ed21b0ef4094715c0d7c451da80cb3e84.jpg)
主机C ss -nl \\ 检测主机C的网络连接,即主机B连接建立的连接
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050608&di=bf400f01f5c136557c03747499108956&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fae51f3deb48f8c54278326b130292df5e1fe7fd8.jpg)
在主机B上开放隧道端口,A主机访问主机C
主机B: ssh -R 5896:192.168.198.136:23 -Nf 192.168.198.134 主机A: ss -ntl | grep 5896 \\ 检测5895端口是否打开 telnet 127.0.0.1 5896
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050516&di=7683319f6390a84bef945661984952ed&imgtype=jpg&src=http%3A%2F%2Ff.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Ff2deb48f8c5494ee459fef8727f5e0fe98257eeb.jpg)
主机C ss -nt \\ 检测到的其实是主机B 192.168.198.128的主机的连接
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501050608&di=bf400f01f5c136557c03747499108956&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Fae51f3deb48f8c54278326b130292df5e1fe7fd8.jpg)
SSH端口动态转发(实现web访问)
主机A通过主机B的1080端口访问主机C主机A 192.168.198.134 主机B 192.168.198.128 主机C 192.168.198.136
主机C因为防火墙等因素阻止主机A的连接,但C允许主机B连接
iptables -A INPUT -s 192.168.198.134 -j REJECT
主机A开启动态端口转发
ssh -D 5896 192.168.198.128 \ 主机A开启一个5896的端口连接主机B 192.168.198.128
ss -ntl | grep 5896 \ 检测5896端口是否打开
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053255&di=81327f90667a654f4e250e19719abb67&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F314e251f95cad1c81ce03db9753e6709c83d51d1.jpg)
使用主机A的浏览器配置端口代理
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053500&di=df5097b5fd1593ef5d17d76ba59f3c2a&imgtype=jpg&src=http%3A%2F%2Fb.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F728da9773912b31bb9a20eb78c18367adbb4e166.jpg)
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053657&di=309d6eb17ac351e143b8f8ab9a8a59bb&imgtype=jpg&src=http%3A%2F%2Fe.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2Feaf81a4c510fd9f99b8498f72f2dd42a2934a499.jpg)
SOCKS Host 输入的为本机的IP和开放的动态端口号5896
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053763&di=e0385758f02829535ca08fca4f466b7e&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8b82b9014a90f603717c50d93312b31bb151ed64.jpg)
主机A使用crul字符浏览器访问主机C的web服务
curl 192.168.198.136
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501054816&di=29246ae76805453ac3f73c8cee12fc46&imgtype=jpg&src=http%3A%2F%2Fc.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F738b4710b912c8fc792ec652f6039245d788214b.jpg)
主机B
ss -nt 查看网络连接,主机A192.168.198.134已成为ssh的客户端
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501053993&di=71b1bd2103c2d5b41300893edbec98ed&imgtype=jpg&src=http%3A%2F%2Fe.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F0e2442a7d933c89535e251e5db1373f083020094.jpg)
主机C查看/var/log/httpd/access_log日志文件可知主机A是通过主机B连接到web服务的
cat /var/log/httpd/access_log
![](https://timgsa.baidu.com/timg?image&quality=80&size=b10000_10000&sec=1501054696&di=3098d46cf17100ab21909a0f7c501e57&imgtype=jpg&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fimage%2Fpic%2Fitem%2F8cb1cb13495409234ed052e19858d109b2de49f7.jpg)
SSH的相关内容
http://www.cnblogs.com/JevonWei/p/7231348.html相关文章推荐
- ssh,sgid.sticky的相关实验
- Arduino 编程相关 中断实验
- ssh相关问题整理
- Git配置SSH,并Push到GitHub上的相关流程
- ssh整合思想 Spring与Hibernate的整合ssh整合相关JAR包下载 .MySQLDialect添加了第57区的方言解决没有异常,hibernate.dialect核心配置文件就是无法自动update创建表
- Python实验:百度搜索关键字自动打开相关URL
- dllmain测试与相关实验
- 腾讯云相关问题(通过yum装的软件的卸载,mac下通过终端登陆linux服务器及遇到的问题,自动ssh免密码登陆)
- 实验三 约瑟夫环和集合的相关运算的设计和实现
- 网络客户端、ftp、lftp、ssh相关知识
- SSH传输文件相关命令
- 偷师--先留着。。ssh,nginx,防火墙相关命令
- 外部表(二)相关实验
- 计组实验相关
- 数据结构实验2-2:单链表及其相关操作
- CISCO最基本的实验-路由密码设置与SSH登录设置
- linux_ssh登录相关
- SSH相关 权限打通
- SSH_JSP相关技术详解学习(1)
- ssh相关用法