前言
例如我们有服务器A 是跳板机,我们需要登录目标机是B,我们本地是不能直接访问到B,需要A ssh 然后再到B,B上的数据库和redis 这些只能B访问,那么怎么通过本地直接放到到B上的redis 和 mysql?
通过ssh 代理配置访问,然后本地就可以通过 127.0.0.1 加 local_mysql_port=53306,local_redis_port=56379,local_ssh_port=52222,就可以访问当目标的数据了
ssh
#!/bin/bash
# gitxuzan
local_socks_port=10338
local_mysql_port=53306
local_redis_port=56379
local_ssh_port=52222
local_mq_port=55672
ssh_key_for_proxy="/Users/admin/.ssh/id_rsa"
ssh_key_for_final="/Users/admin/.ssh/quwan_pro"
proxy_host="[email protected]"
final_host="[email protected]"
mysql_remote="pc-uf6970466g63k.rwlb.rds.aliyuncs.com:3306"
redis_remote="r-uf6b8phpbo3vpr.redis.rds.aliyuncs.com:6379"
rabbitmq_remote="amqp-cn-x0r3mw005.cn-shanghai.amqp-17.vpc.mq.amqp.aliyuncs.com:5672"
ssh_remote="127.0.0.1:22"
# Function to kill process on a given port
kill_process_on_port() {
port=$1
echo "Checking if port $port is occupied and trying to free it..."
lsof -ti tcp:${port} | xargs -r kill
}
# Function to check if SOCKS proxy is ready
check_socks_proxy() {
for ((attempts=0; attempts<max_attempts; attempts++)); do
if nc -z localhost $1; then
echo "SOCKS proxy on port $1 is ready."
return 0
else
echo "Waiting for SOCKS proxy on port $1 to be ready..."
sleep 2
fi
done
echo "Error: SOCKS proxy on port $1 did not start successfully."
return 1
}
# Freeing up ports
for port in $local_socks_port $local_mysql_port $local_redis_port $local_mq_port $local_ssh_port; do
kill_process_on_port $port
done
sleep 1 # Ensure the processes have been killed
# Start SOCKS proxy
ssh -v -D $local_socks_port -C -N -i $ssh_key_for_proxy -o ConnectTimeout=10 -o ServerAliveInterval=60 $proxy_host &
# Check if SOCKS proxy is ready
max_attempts=5
if check_socks_proxy $local_socks_port; then
# Setup port forwarding through SOCKS proxy
ssh -o ProxyCommand="nc -x localhost:$local_socks_port %h %p" -i $ssh_key_for_final \
-L $local_mysql_port:$mysql_remote \
-L $local_redis_port:$redis_remote \
-L $local_ssh_port:$ssh_remote \
-L $local_mq_port:$rabbitmq_remote $final_host -N &
sleep 1
else
echo "Error: SOCKS proxy did not start successfully."
fi配置详细解释
sh
-v: Verbose 模式,让 SSH 在执行过程中提供更多的调试信息。这对于诊断连接问题非常有用。
-D $local_socks_port: 指定本地机器上的 SOCKS 代理端口。$local_socks_port 应该替换为你希望本地监听的端口号,这样 SSH 客户端就会创建一个 SOCKS 代理服务器,监听指定的本地端口。
-C: 启用压缩。SSH 会尝试压缩传输的数据,这在带宽有限的情况下可以提高性能。
-N: 表示不执行远程命令,通常与 -D 或其他用于端口转发的选项一起使用,用于建立隧道。
-i $ssh_key_for_proxy: 指定用于认证的私钥文件路径。$ssh_key_for_proxy 应该替换为私钥文件的实际路径。这允许用户不通过密码而是使用密钥对进行身份验证。
-o ConnectTimeout=10: 设置连接超时时间为 10 秒。如果 SSH 客户端在 10 秒内无法建立连接,它会中断尝试。
-o ServerAliveInterval=60: 每隔 60 秒发送一个空包到服务器以保持连接活跃。这有助于防止由于长时间无活动而导致的连接超时断开。ssh config 配置
sh
# 正式跳板机 (a) 的配置
Host bastion_quwan
HostName 39.16.49.172
User root
IdentityFile /Users/admin/.ssh/id_rsa
# 正式服务器
Host quwan_pro
HostName 12.19.223.26
User root
#ProxyCommand ssh -q -W %h:%p bastion_quwan
ProxyJump bastion_quwan
IdentityFile /Users/admin/.ssh/quwan_proscp 复制代理
sh
all:gotool
GOOS=linux GOARCH=amd64 go build -x -v -ldflags "-s -w" -o quwan_ws ./main.go && \
ssh [email protected] "rm -f /data/quwan/quwan_ws" && \
scp /Users/admin/go/src/goBoss/web_test_driver/zinx_all/quwan/quwan_ws [email protected]:/data/quwan
pro:
# scp -o ProxyJump=bastion_quwan -i /Users/admin/.ssh/quwan_pro /Users/admin/go/src/goBoss/web_test_driver/zinx_all/quwan/README.md [email protected]:/data/quwan 等价下面
GOOS=linux GOARCH=amd64 go build -x -v -ldflags "-s -w" -o quwan_ws ./main.go && \
ssh quwan_pro "mv /data/quwan/quwan_ws /data/quwan/quwan_ws_bak" && \
scp /Users/admin/go/src/goBoss/web_test_driver/zinx_all/quwan/quwan_ws quwan_pro:/data/quwan