ssh端口转发

#可访问new2
[root@guangzhou ~]# telnet 106.55.171.5322
Trying 106.55.171.53...
Connected to 106.55.171.53.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4
#可访问balance
[root@guangzhou ~]# telnet 124.156.143.16822
Trying 124.156.143.168...
Connected to 124.156.143.168.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

#可访问new2
[root@Balance ~]# telnet 106.55.241.9922
Trying 106.55.241.99...
Connected to 106.55.241.99.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

[root@new2 ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="106.55.241.99" drop'
success
[root@new2 ~]# firewall-cmd --reload
success 

# -L guangzhou-Server-Ip:new2-Server-Ip:new2-Server-Port balance-Server-User@balance-Server-Ip
[root@guangzhou ~]# ssh -L 9001:106.55.171.53:22 root@124.156.143.168
root@124.156.143.168's password:
Last failed login: Thu Oct  819:29:00 CST 2020 from 61.135.223.109 on ssh:notty
There were 8 failed login attempts since the last successful login.
Last login: Thu Oct  819:26:382020 from 106.55.241.99
[root@Balance ~]#

[root@guangzhou ~]# ssh -p 9001 root@127.0.0.1
The authenticity of host '[127.0.0.1]:9001 ([127.0.0.1]:9001)' can't be established.
ECDSA key fingerprint is SHA256:huOuuKbfM9TN6+rpCMjB2Hk0HI4GSF1WCj7gIVyu48I.
ECDSA key fingerprint is MD5:0f:55:88:04:62:82:fc:8b:6a:f5:9e:5c:56:e1:0b:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:9001' (ECDSA) to the list of known hosts.
root@127.0.0.1's password:
Last failed login: Thu Oct  819:29:28 CST 2020 from 213.154.70.102 on ssh:notty
There were 832 failed login attempts since the last successful login.
Last login: Thu Oct  818:41:462020 from 106.55.241.99
[root@new2 ~]#

#balance服务器上开启端口转发服务
# -R guangzhou-Server-Port:new2-Server-Ip:new2-Server-Port -fN guangzhou-Server-Ip
[root@Balance ~]# ssh -R 9100:106.55.171.53:22  -fN 106.55.241.99
root@106.55.241.99's password:
[root@Balance ~]#

#guangzhou服务器上查看balance端口转发开启的9100端口
[root@guangzhou ~]# ss -ntl
State      Recv-Q Send-Q                    Local Address:Port                                   Peer Address:Port
LISTEN     0128                                   *:27017                                             *:*
LISTEN     0511                                   *:6379                                              *:*
LISTEN     0128                                   *:9100                                              *:*
LISTEN     0128                                   *:111                                               *:*
LISTEN     0128                                   *:4369                                              *:*
LISTEN     0128                                   *:22                                                *:*
LISTEN     080                                   :::3306                                             :::*
LISTEN     0511                                  :::6379                                             :::*
LISTEN     0128                                  :::111                                              :::*
LISTEN     0128                                  :::4369                                             :::*
#连接9100端口，确认可以连接上new2服务器
[root@guangzhou ~]# ssh -p 9100 root@127.0.0.1
The authenticity of host '[127.0.0.1]:9100 ([127.0.0.1]:9100)' can't be established.
ECDSA key fingerprint is SHA256:huOuuKbfM9TN6+rpCMjB2Hk0HI4GSF1WCj7gIVyu48I.
ECDSA key fingerprint is MD5:0f:55:88:04:62:82:fc:8b:6a:f5:9e:5c:56:e1:0b:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:9100' (ECDSA) to the list of known hosts.
root@127.0.0.1's password:
Last failed login: Fri Oct  911:28:02 CST 2020 from 61.7.235.211 on ssh:notty
There were 3 failed login attempts since the last successful login.
Last login: Fri Oct  911:26:162020 from 117.136.79.20
[root@new2 ~]#

#guangzhou服务器上关掉所有ssh连接
[root@guangzhou ~]# killallssh
[root@guangzhou ~]# ssh -D 9200 -fN 124.156.143.168
root@124.156.143.168's password:
[root@guangzhou ~]# curl --socks5 127.0.0.1:9200 http://106.55.171.53
hello~