ssh 远程端口转发:连接被拒绝

bux*_*bux 6 port-forwarding

尝试建立远程 ssh 端口转发:

在我的远程主机上,/etc/ssh/sshd_config

客户端指定的网关端口

在我的本地计算机上:

ssh -g -R 1234:0.0.0.0:8000 me@my-remote-host
Run Code Online (Sandbox Code Playgroud)

通过调试,我们可以阅读:

debug1: Authentication succeeded (publickey).
Authenticated to s1.bux.fr ([178.32.223.76]:22).
debug1: Remote connections from LOCALHOST:1234 forwarded to local address 0.0.0.0:8000
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: remote forward success for: listen 1234, connect 0.0.0.0:8000
debug1: All remote forwarding requests processed
Run Code Online (Sandbox Code Playgroud)

在远程主机上,我们可以联系 1234 端口(WSGIServer/0.2 CPython/3.4.3是本地机器的 8000 端口):

# http :1234
HTTP/1.0 302 Found
Content-Type: text/html; charset=utf-8
Date: Wed, 19 Oct 2016 13:26:00 GMT
Location: /accounts/login/
Server: WSGIServer/0.2 CPython/3.4.3
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Run Code Online (Sandbox Code Playgroud)

我们可以查看打开的端口:

# netstat -tupln | grep 1234
tcp        0      0 127.0.0.1:1234          0.0.0.0:*               LISTEN      14460/1         
tcp6       0      0 ::1:1234                :::*                    LISTEN      14460/1
Run Code Online (Sandbox Code Playgroud)

但是,从世界上的另一台机器,我无法联系my-remote-host:1324

# http my-remote-host:1234

http: error: ConnectionError: HTTPConnectionPool(host='my-remote-host', port=1234): Max retries exceeded with url: / (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0xb6b2fbec>: Failed to establish a new connection: [Errno 111] Connection refused',)) while doing GET request to URL: http://my-remote-host:1234/
Run Code Online (Sandbox Code Playgroud)

我的远程主机上没有防火墙:

# iptables -L
[sudo] password for bux: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-sshd  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-sshd (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere
Run Code Online (Sandbox Code Playgroud)

如何找到它阻塞的地方?

小智 10

tcp   0   0 127.0.0.1:1234    0.0.0.0:*               LISTEN   14460/1         
Run Code Online (Sandbox Code Playgroud)

在 netstat 的输出中可以很好地看到问题。您的远程机器正在侦听 127.0.0.1:1234,该地址仅可用于该机器的本地连接。

要使 ssh -g(网关选项)工作,您必须指定通配符地址或可从外部客户端访问的某些接口地址,例如:

ssh -g -R 0.0.0.0:1234:0.0.0.0:8000 me@my-remote-host
Run Code Online (Sandbox Code Playgroud)


bux*_*bux 5

找到的解决方案是https://superuser.com/questions/588591/how-to-make-ssh-tunnel-open-to-public

我们必须像这样设置绑定地址:

ssh -R 0.0.0.0:1234:0.0.0.0:8000 me@my-remote-host
Run Code Online (Sandbox Code Playgroud)