From 4fd3b27fe01e12d94e26abd1d6d0645d96691c25 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 22 May 2024 15:01:42 +0700 Subject: [PATCH] =?UTF-8?q?1.=20=E6=B7=BB=E5=8A=A0=20ssh=20=E5=B8=B8?= =?UTF-8?q?=E7=94=A8=E5=91=BD=E4=BB=A4=202.=20=E6=B7=BB=E5=8A=A0=20?= =?UTF-8?q?=E5=BC=80=E5=8F=91=E6=9C=BA=E9=9A=A7=E9=81=93=E6=96=B9=E6=A1=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ssh常用命令.md | 52 ++++++++++++++++++++++++++++++++++++++++++ 开发机隧道方案.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 ssh常用命令.md create mode 100644 开发机隧道方案.md diff --git a/ssh常用命令.md b/ssh常用命令.md new file mode 100644 index 0000000..9d6fff2 --- /dev/null +++ b/ssh常用命令.md @@ -0,0 +1,52 @@ +# 杂项 + + + +## 当有如下网络拓扑结构时 +- A: 本地机器 +- B: 开放了SSH连接的机器 +- C: 无外网连接, 与B处于同一内网的机器(或者为B本身, 用于B未开启其他端口的入站权限情况) + +### ssh 配置文件样例 +文件路径: ~/.ssh/config +``` +Host A + HostName x.x.x.x + User ubuntu + Port 22 + IdentityFile ~/.ssh/{A_key_file} + +Host B + HostName pc.example.com + User ubuntu + Port 2222 + IdentityFile ~/.ssh/{B_key_file} + +Host C + HostName y.y.y.y + User root + Port 22 + IdentityFile ~/.ssh/{C_key_file} +``` + +### SSH 端口转发 + +```bash +ssh -N -L {A端口号}:{C}:{C端口号} +``` +此命令可将对A端口号的访问, 转发至C端口号的访问 + +用例1: ssh -N -L 3306:localhost:3306 B + + 此命令将本地的3306转发到B机器的3306端口, 这样即使B未打开3306端口的入站权限,也可以在本地访问到B机器的3306端口 + + +用例2: ssh -N -L 3306:C:3306 B + + 此命令将本地的3306转发到C机器的3306端口, 这样即使C没有连接外网,也可以依然再本地访问到C机器的3306端口 + +### SSH 跳板连接 +```bash +ssh -J B C +``` +此命令可通过B建立到C的ssh连接 \ No newline at end of file diff --git a/开发机隧道方案.md b/开发机隧道方案.md new file mode 100644 index 0000000..acbfd51 --- /dev/null +++ b/开发机隧道方案.md @@ -0,0 +1,58 @@ +# MISC + +## 网络拓扑图 +- A: 用户 +- B: 中间服务器 +- C: 开发服务器 + +连接: **A->B<-C** + +说明: 用户A连接B,开发服务器C连接B,B在内部将A转发到C. + +结论: 因为从外部无法观测到A至C的连接, 所以此方案可用于隐藏用户A连接C的记录 + +## 基于vscode server的隧道方案 +其中B为微软提供 + +### 部署vscode server +```bash +# 开启linger 用户退出以后, 服务也不会停止 +sudo loginctl enable-linger $USER +wget https://vscode.download.prss.microsoft.com/dbazure/download/stable/dc96b837cf6bb4af9cd736aa3af08cf8279f7685/vscode_cli_alpine_x64_cli.tar.gz +tar -xzf vscode_cli_alpine_x64_cli.tar.gz + +./code tunnel service install +# 执行命令后, 需要选择用什么账号登录, 此次选择用Microsoft Account +## 输出如下 +# ? How would you like to log in to Visual Studio Code? › +# ❯ Microsoft Account +# GitHub Account +## 选择以后, 输出如下 +# ✔ How would you like to log in to Visual Studio Code? · Microsoft Account +# To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code I96RAVZDD to authenticate. +## 在浏览中打开上面的链接, 输入code. 然后登录微软账号, 就可以把此隧道, 绑定到微软账号. +## 看到如下输出, 部署就成功了 +# * +# * Visual Studio Code Server +# * +# * By using the software, you agree to +# * the Visual Studio Code Server License Terms (https://aka.ms/vscode-server-license) and +# * the Microsoft Privacy Statement (https://privacy.microsoft.com/en-US/privacystatement). +# * +# [2024-05-21 10:21:24] info Successfully registered service... +# [2024-05-21 10:21:24] info Successfully enabled unit files... +# [2024-05-21 10:21:24] info Tunnel service successfully started +# [2024-05-21 10:21:24] info Tip: run `sudo loginctl enable-linger $USER` to ensure the service stays running after you disconnect. +# Service successfully installed! You can use `code tunnel service log` to monitor it, and `code tunnel service uninstall` to remove it. +``` + +### 连接 vscode server +1. 先安装vscode, [官方网站](https://code.visualstudio.com/) +2. 安装[remote - tunnel](https://marketplace.visualstudio.com/items?itemName=ms-vscode.remote-server) 插件 + +3. 安装完插件后, 左侧栏会出现相应的`远程资源管理器` -> `远程(隧道/SSH)` -> `Tunnels` -> `登陆到向Microsoft注册的隧道 ➡️`(点击箭头) -> 接下来跳转到网页登录账号即可 +4. 登录完后, 就可以在Tunnels下,看到对应的隧道 +4. 接下来,就与S5H, WSL等非本地开发流程一样了 + +## 基于amazon session manager的隧道方案 +其中B为亚马逊提供