文件导入

http over ssh

很多时候,出于对安全的考虑,我们只能通过SSH 22端口访问服务器,或者有加密传输数据的需求,我们需要通过SSH tunnel来传输数据
接下来的内容,介绍了怎样通过SSH tunnel来实现HTTP服务的访问。

具体情况:
webserver是我们要访问的服务器,user是用户名

如果我们的本地机是linux/unix,通常用命令行搞定,在本地机的shell里输入下面命令,并登录
[code]
ssh -L 8000:localhost:80 user@webserver
[/code]
然后使用本机的浏览器访问 http://localhost:8000,就可以访问webserver的http服务
这条命令建立了一个ssh tunnel,看下man
[plain]
-L [bind_address:]port:host:hostport

Specifies that the specified port on the local (client)
host is to be forwarded to the specified host and port
on the remote side. This works by allocating a socket to
listen to the port on the local side, optionally bound
to the specified bind_address. Then, whenever a connec-
tion is made to this port, the connection is forwarded
over the secure channel and a connection is made to host
port hostport from the remote machine. Port forwardings
can also be specified in the configuration file. Only a
user with enough privileges can forward privileged
ports. IPv6 addresses can be specified with an alterna-
tive syntax: [bind_address/]port/host/hostport or by
enclosing the address in square brackets.

By default, the local port is bound in accordance with
the GatewayPorts setting. However, an explicit
bind_address can be used to bind the connection to a
specific address. The bind_address of localhost
indicates that the listening port be bound for local use
only, while an empty address or * indicates that the
port should be available from all interfaces.
[/plain]
这条命令建立了,本地的8000端口,到,locahost(相对webserver的localhost,也就是webserver)80端口的绑定。
当访问localhost:8000端口时,数据会通过ssh加密,传输到webserver,然后webserver会把ssh接收到的数据,传输给自身的80端口

当然,如果要以webserver为跳板,访问webserver2的80端口也是可行的,只需
[code]
ssh -L 8000:webserver2:80 user@webserver
[/code]
这种情况,多用于,webserver可以通过ssh访问,而webserver2和webserver在同一网络,但是webserver2我们不能直接访问,则用webserver作为跳板就可以通过http://localhost:8000来访问webserver2的服务。

windows下多用putty和secureCRT来搞定
参考 http://oldsite.precedence.co.uk/nc/putty.html

在登录webserver之前,配置tunnel,不要忘记点击add,然后open,登录,ssh tunnel就建立起来了

secureCRT版本

评论