zoukankan      html  css  js  c++  java
  • SSH port forwarding socks server 转载

    利用SSH port forwarding来做代理,运行这样的命令:

    ssh -D 7070 -N -C -o PubkeyAuthentication=no <username>@<hostname>

    From: http://www.debian-administration.org/article/SSH_dynamic_port_forwarding_with_SOCKS

    之前的一篇文章,约束了只能连接到指定的server的指定端口。其实ssh的-D选项可以让ssh扮演一个socks server,这样就可以当成一个proxy来用了。

    SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.

    However, forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port on localhost rather than the standard port on the remote machine, and it requires a separate port forward for each machine you want to access. Dynamic port forwarding via SOCKS provides a more convenient alternative.

    The examples in this article assume that you reside behind a restrictive firewall which does not allow outgoing SMTP connections except to a designated mail server. You want to connect to a different mail server, mail.example.net, on port 25. You have an SSH account on a machine shell.example.org, which does not reside within the restrictive firewall and can thus access port 25 onmail.example.net.

    With standard SSH port forwarding, you could enter the command:

    ssh -L 2525:mail.example.net:25 shell.example.org

    This will forward port 2525 on your machine to port 25 on mail.example.net, by way of shell.example.org. You will then need to configure your mailer to send mail to localhost, port 2525, and use the authentication information for your mail account on mail.example.net. For example, in Thunderbird^WIcedove, you could add an additional outgoing mail server via Edit->Preferences, "Outgoing Mail Server (SMTP)", "Add...", and either set it as the default or explicitly set your mail account to use that server. You can then send your mail, which will potentially (if you use secure authentication with mail.example.net) give you a security warning about localhost presenting a certificate for mail.example.net, and then prompt you for your account password. After you have finished sending all the mails you want to send, you can then change your outgoing mail server back to the previous setting, and exit SSH.

    To avoid all this hassle, SSH also supports dynamic port forwarding via SOCKS. SOCKS defines a standard mechanism for a client to connect to a server by way of a proxy. SSH can serve as the proxy, allowing you to connect to shell.example.org and make connections from there to an arbitrary server such as mail.example.net. Simply run:

    ssh -D 1080 shell.example.org

    to make the connection to shell.example.org and start a SOCKS proxy on localhost port 1080.

    In order to make use of the SOCKS proxy, you can either use applications which can speak SOCKS natively, or you can use a socksifierprogram like tsockstsocks provides a library used with LD_PRELOAD, which replaces the standard sockets functions like socketconnect, and sendto with functions that make use of a designated SOCKS proxy. The tsocks script runs a program with this library loaded. The library will read /etc/tsocks.conf to find out what SOCKS proxy to use. To configure tsocks to work with an SSH SOCKS proxy on localhost, edit the default /etc/tsocks.conf, change the server variable to 127.0.0.1, and comment out the path example.

    Now that you have tsocks configured, you can run the following whenever you want to send mail via mail.example.net:

    ssh -D 1080 shell.example.org
    tsocks thunderbird

    This will open the SSH-tunnelled SOCKS proxy to shell.example.org and run thunderbird. You can then send mail normally, without changing the outgoing server configuration, and without seeing any authentication mismatch warnings.

  • 相关阅读:
    uva 1510
    ADN中国团队參加微软的Kinect全国大赛获得三等奖
    在 window7 window8下公布webService注意问题
    html5调用手机摄像头,实现拍照上传功能
    4、深入理解Bean
    恶补jquery(四)jquery中事件--冒泡
    html5css3杂记
    Core Data 和 sqlite3的性能对比【图】3gs,iPhone4,4s,5的性能测试。
    boost 的函数式编程库 Phoenix入门学习
    information_schema模式表介绍 processlist
  • 原文地址:https://www.cnblogs.com/super119/p/2790899.html
Copyright © 2011-2022 走看看