我通常透過 ssh 登入網絡,然後再次透過 ssh 登入另一台電腦到我的最終目標電腦。例如,一台家庭伺服器,還有一次是我家裡的一台電腦。看起來像這樣:
user0@inital:> ssh -P port_number user1@server
user1@server:> ssh -P port_number user2@final
user2@final:>
一旦開啟,user2@final我想將(scp)複製回user0@inital.
例如,我可以進行本機連接埠轉發,並透過伺服器將本機複製到遠端電腦。在user0@initial
user0@initial:> ssh -L4321:final:22 -p 443 user1@server
這會將本機連接埠4321形式user0@initialvia轉送到上的user1@server連接埠。然後透過運行22user2@finaluser0@initial
scp -P 4321 some_file [email protected]:~/
我可以複製到user2@finalover user1@server。
問題是如何反轉事情並從 複製user2@final回到user0@initial。
感謝您的協助。
答案1
假設你想在final的命令提示字元下執行scp指令:
# have the local client tell the remote server's sshd to listen on
# port 8765 (randomly chosen) and forward any connection it receives
# to the client which will connect to port 22 locally.
user0@initial:> ssh -R127.0.0.1:8765:127.0.0.1:22 -p 443 user1@intermediate
# On this machine have the client tell this remote server's (final's)
# to listen on port 9876 (randomly chosen) and forward any connection
# that it receives back to this client which will connect it to poirt
# 8765 locally.
user1@intermediate:> ssh -R127.0.0.1:9876:127.0.0.1:8765 user2@final
# Now that you are on the final server (final) you run scp, telling
# it to connect to localhost on port 9876.
#
# So scp will connec to local (final's) port 9876, which is listened
# to by the local sshd based on our second command above. That sshd
# will forward the connection to the ssh client that connected to it
# (on intermediate).
#
# The ssh client on intermediate will connect to localhost:8765 as
# instructed which is a conenction to the sshd on intermediate that
# is listening on that port because it was instructed to do so by the
# ssh client on initial when it connected.
#
# The sshd on intermediate will forward the conenction back to the
# client on initial which will, as instructed, connect to localhost:22
# on initial.
#
# All this monkey motion means that now scp on final is "directly"
# connected to port 22 (sshd) on initial and can initiate a login
# and file transfer. to the ssh client that connected to it (on
# intermediate).
user2@final:> scp -P 9876 file_from_final 127.0.0.1:back_at_the_house
請注意,我將連接埠全部設定在 127.0.0.1 上,這可以保護它們免受網路上其他人的利用(但不能被「伺服器」或「最終」上的其他人利用)。
答案2
是的。您將需要查看 ssh_config 關鍵字代理命令
指定用於連接到伺服器的命令。命令字串延伸到行尾,並使用使用者的 shell 'exec' 指令執行以避免 shell 進程延遲。
在命令字串中,任何出現的“%h”都將替換為要連接的主機名,“%p”將替換為端口,“%r”將替換為遠端用戶名。該命令基本上可以是任何內容,並且應該從其標準輸入讀取並寫入其標準輸出。它最終應該連接在某些機器上運行的 sshd(8) 伺服器,或在某處執行 sshd -i 。主機金鑰管理將使用正在連線的主機的主機名稱(預設為使用者鍵入的名稱)來完成。將命令設為“none”會完全停用此選項。請注意,CheckHostIP 不可用於透過代理命令進行連線。
該指令與 nc(1) 及其代理支援結合使用非常有用。例如,以下指令將透過 192.0.2.0 處的 HTTP 代理進行連線:
ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p