Ssh
選擇 SSH 埠轉發的介面
我有一個名為 hub-server.tld 的伺服器,它具有三個 IP 地址 100.200.130.121、100.200.130.122 和 100.200.130.123。我在防火牆後面有三台不同的機器,但我想使用 SSH 將一台機器埠轉發到每個 IP 地址。例如:機器一應該在 100.200.130.121 的埠 22 上偵聽 SSH,而機器二應該在 100.200.130.122 上做同樣的事情,以此類推,在所有機器上可能相同的埠上的不同服務。
SSH 手冊頁
-R [bind_address:]port:host:hostport列出了我啟用了網關埠,但是當使用-R特定 IP 地址時,伺服器仍然在所有介面上偵聽埠:機器一:
# ssh -NR 100.200.130.121:22:localhost:22 root@hub-server.tldhub-server.tld(監聽埠 2222 上的 SSH):
# netstat -tan | grep LISTEN tcp 0 0 100.200.130.121:2222 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::80 :::* LISTEN有沒有辦法讓 SSH 僅將特定 IP 地址上的連接轉發到機器一,這樣我就可以同時監聽其他 IP 地址上的埠 22,或者我必須對 iptables 做些什麼?以下是我的 ssh 配置中所有非註釋/預設值的行:
Port 2222 Protocol 2 SyslogFacility AUTHPRIV PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes ClientAliveInterval 30 ClientAliveCountMax 1000000 UseDNS no Subsystem sftp /usr/libexec/openssh/sftp-server
來自
sshd_config(5):網關埠
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.您想將其設置為
clientspecified而不是yes.