port forwarding e cópia de volta para a máquina local

Navegue suas respostas
3

Eu normalmente estou logando em uma rede via ssh e depois para outro computador novamente via ssh para o meu computador de destino final. Por exemplo, um servidor doméstico e uma vez lá para um dos computadores da minha família. Isso parece algo como: 

user0@inital:> ssh -P port_number user1@server
user1@server:> ssh -P port_number user2@final
user2@final:>

Uma vez em user2@final , gostaria de copiar (scp) de volta para user0@inital .

Por exemplo, eu posso fazer o encaminhamento de porta local e copiar o meu computador local para o remoto através do servidor. Em user0@initial 

 user0@initial:> ssh -L4321:final:22 -p 443 user1@server

Isso encaminha a porta local 4321 form user0@initial via user1@server para a porta 22 on user2@final . Então, em user0@initial executando 

  scp -P 4321 some_file  [email protected]:~/

Eu posso copiar para user2@final over user1@server .

A questão é como reverter as coisas e copiar de user2@final para user0@initial .

Obrigado pela sua ajuda.

    
por Alexander Cska 30.09.2015 / 17:06

2 respostas

1

Supondo que você queira executar o comando scp no prompt de comando do final: 

# have the local client tell the remote server's sshd to listen on
# port 8765 (randomly chosen) and forward any connection it receives
# to the client which will connect to port 22 locally.
user0@initial:> ssh -R127.0.0.1:8765:127.0.0.1:22 -p 443 user1@intermediate

# On this machine have the client tell this remote server's (final's)
# to listen on port 9876 (randomly chosen) and forward any connection
# that it receives back to this client which will connect it to poirt
# 8765 locally.
user1@intermediate:> ssh -R127.0.0.1:9876:127.0.0.1:8765 user2@final

# Now that you are on the final server (final) you run scp, telling
# it to connect to localhost on port 9876.
# 
# So scp will connec to local (final's) port 9876, which is listened
# to by the local sshd based on our second command above.  That sshd
# will forward the connection to the ssh client that connected to it
# (on intermediate).
# 
# The ssh client on intermediate will connect to localhost:8765 as
# instructed which is a conenction to the sshd on intermediate that
# is listening on that port because it was instructed to do so by the
# ssh client on initial when it connected.
# 
# The sshd on intermediate will forward the conenction back to the
# client on initial which will, as instructed, connect to localhost:22
# on initial.
# 
# All this monkey motion means that now scp on final is "directly"
# connected to port 22 (sshd) on initial and can initiate a login
# and file transfer. to the ssh client that connected to it (on
# intermediate).
user2@final:> scp -P 9876 file_from_final 127.0.0.1:back_at_the_house

Note que eu fiz as portas todas em 127.0.0.1, que protege elas da exploração por outros na internet (mas não de outras em "servidor" ou "final".

    
por 01.10.2015 / 07:07
2

Sim. Você vai querer dar uma olhada na palavra-chave ssh_config ProxyCommand

Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed using the user's shell ‘exec’ directive to avoid a lingering shell process.

In the command string, any occurrence of ‘%h’ will be substituted by the host name to connect, ‘%p’ by the port, and ‘%r’ by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. It should eventually connect an sshd(8) server running on some machine, or execute sshd -i somewhere. Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). Setting the command to “none” disables this option entirely. Note that CheckHostIP is not available for connects with a proxy command.

This directive is useful in conjunction with nc(1) and its proxy support. For example, the following directive would connect via an HTTP proxy at 192.0.2.0:

ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
    
por 30.09.2015 / 19:08

Tags

O SFTP sem chaves ainda é melhor que o FTP? Por que o Word encadeia listas numeradas separadas quando salva?