在 SSH 本地转发中:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by
allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to
this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port
forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets.
Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However,
an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listen?
ing port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.
在“空地址或*指示端口应可从所有接口使用”中,“所有接口”是什么意思?当本地主机可以有多个网络接口并且端口port可以与本地主机上的所有网络接口一起使用时,是否意味着本地主机上的所有网络接口?
在“bind_address oflocalhost表示绑定监听端口仅供本地使用”中,“仅供本地使用”是指本地主机上的特定网络接口吗?
可以bind_address指一个网络接口不是本地主机的主机上?
Tha*_*Guy 12
通常,地址绑定是服务(例如,SSH)和 IP 地址之间的关联。
一台主机可能有多个 IP 地址(例如,127.0.0.1、192.168.1.2)。地址绑定允许您在部分或所有这些地址上运行服务。
假设您的主机配置了两个网络接口,一个连接到受信任的网络(例如,192.168.1.0/24),另一个连接到不受信任的网络(例如,192.168.2.0/24)。假设您希望您的主机仅接受来自受信任网络的 SSH 连接。在这种情况下,您只需将 SSH 服务绑定到可信网络上的主机地址(例如,192.168.1.2)。
使用localhostasbind_address将只允许在本地计算机上运行的 SSH 客户端连接到 SSH 服务。